November 30, 2025

Dark Light

Search

Big Tech Data Leak News

0

22

Three million Google Chrome users hacked

Over three million Google Chrome users have been issued a warning concerning 16 browser extensions that have been compromised by hackers. This alarming news comes hard on the heels of reports earlier this month that cybercriminals are also leveraging search engine giant Google’s new Gemini 2.0 (artificial intelligence) AI assistant.

The list of Google’s hacked browser extensions includes: Emojis, Video Effects for YouTube, Audio Enhancer, Blipshot, Color Changer for YouTube, Themes for Chrome, and YouTube Picture in Pictures. Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader have also been compromised.

cybercrime Healthcare News

0

25

Healthcare cyber-attacks now “a national security threat”

Search engine giant’s Google Threat Intelligence Group reports that cybercriminal and state-backed cyber-attacks on the healthcare sector in countries such as the US and UK have escalated to a level where they are actually costing lives.

“Healthcare’s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks means that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it,” says Google.

Healthcare News ransomware

0

20

‘Dark Unicorns’ target US healthcare

Ransomware attacks on the healthcare sector have risen by a third in 2024 with the US the prime target. Cybersecurity company Black Kite reports 374 incidents in the past year, a 32.16 percent rise in the number of attacks on the industry over 2023. Healthcare is now among the top targets for ransomware, surpassed only by manufacturing and professional services.

The rapid rise in ransomware attacks on the healthcare sector is the result of increasing ruthlessness on the part of ransomware gangs. Until relatively recently, some sectors, such as healthcare and education, were considered off-limits. According to Black Kite, if an affiliated criminal gang attacked a healthcare organization, the core ransomware group would frequently step in, apologizing to the victim organization -sometimes even decrypting the ransomed data for free.

Big Tech Data Leak News

0

18

Bucket shop bargains for cybercriminals

Researchers have revealed current vulnerabilities in Amazon’s data storage services, the knock-on effect of which could potentially result in the biggest supply-chain attack in the internet’s history.

In November 2024, watchTowr Labs decided to show how a significant Internet-wide supply-chain attack could be caused by abandoned infrastructure left unattended and forgotten on the internet. The researchers chose to focus on an Amazon business data storage service, known as ‘S3 buckets’.

Arrest cybercrime News

0

15

Cybercrime forums span national boundaries

The bust of the illegal Cracked and Nulled crime forums evidences the global nature of cybercrime and the impossibility of seeing it as a threat that has no regard for national boundaries.

Although at least 17 million US citizens were victims of the crime forums. law enforcement agencies in the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece were all involved in the bust, according to the US Department of Justice.

Healthcare News ransomware

0

18

‘Hellcat’ is new breed of cybercriminal

A ransomware gang, Hellcat, that emerged in 2024 is being seen as representative of a new type of threat actor using off-the-shelf malware and innovative extortion techniques.

According to cybersecurity company Cato Networks: “Hellcat’s emergence in 2024 marks a troubling shift in the landscape of cybercrime. By leveraging a ransomware-as-a-service (RaaS) model and utilizing double extortion tactics, Hellcat has not only increased the accessibility of ransomware but also heightened the psychological impact on its victims.”

Cybersecurity Executives Expert Opinions Featured SMB

0

23

SMEs in urgent need of cybersecurity overhaul

In an exclusive interview with Cyber Intelligence, Brian Buiwe, Technology Specialist at Sage, explains how SMEs and other smaller organizations urgently need to re-address their approach to cybersecurity.

There is a huge knowledge gap among C-suite executives of small-to-medium-sized enterprises (SMEs), as well as among other professionals such as senior doctors and lawyers, where cybersecurity is concerned. Many do not yet grasp the urgent need for cybersecurity. The mainstream media has actually done a very poor job of keeping them informed of the growing threat facing all sectors.

Banking Threats Finance News

0

18

Ransomware gangs target law and accountancy firms

In what is bad news for law and accounting firms, the professional and technical services sector has now overtaken the manufacturing sector as the prime target for ransomware attacks of Q3 2024.

According to cybersecurity company Nuspire: “These firms handle highly sensitive client data, such as financial records, legal documents, and business strategies, making them prime targets for ransomware operators.”

Nuspire predicts that, with ransom demands averaging around $2.5 million a hit for law firms, ransomware operators will continue to target this sector as long as the potential rewards outweigh the effort. The situation is particularly dire for smaller practices, which may lack the resources to protect against today’s increasingly ruthless and sophisticated cyber-attacks.

Analysis Healthcare Latest News

0

16

US Healthcare companies on high cyber-alert

While the assassination of health insurance CEO Brian Thompson on the streets of central New York last week has been grabbing headlines this month, life-endangering cyber-attacks on the US healthcare industry are escalating at an alarming rate. Once again, the pressing need for both IT and physical security could not be more clear.

According to John Riggi, national advisor for healthcare security and risk at the American Hospital Association, healthcare security must now be seen as far more than just an IT issue. This year has seen what amounts to a sea change in the way healthcare executives must view not only their own personal security but also the impact of cyber-attacks not only on their bottom line but also on the lives and well-being of patients.

Analysis Data Leak Vulnerability

0

18

The data currency time bomb

Corporations are not only amassing huge amounts of personal data on their customers as never before but also trading that data, frequently without the customer’s knowledge. As yet, the general public is largely unaware of the uses to which their personal information is being put or whose hands it ends up in. At the same time, companies holding the data must tread an increasingly complex regulatory minefield.

According to Chris Diebler, Security VP at cybersecurity company DataGrail: “Companies are all terrified of not having enough data as data is the new currency. However, companies need to think seriously about reducing these vast mountains of data. The value of data must be balanced against the cost and security risk of maintaining it.”

Companies that fail to secure personal data effectively or trade customer data with third parties face considerable potential brand damage when the details are obtained by bad actors and they suffer identity theft or financial fraud as a consequence.

cybercrime News Russia

0

24

Women break glass ceiling of Russian cybercrime

Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals.

The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a “Confidential Human Source (CHS)” in order to comply with her request for anonymity.

“I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.

Cyber Espionage News Vulnerability

0

16

US water supply threatened by cyber-attacks

The USA’s drinking water is under threat. According to the US Environmental Protection Agency (EPA), 97 drinking water systems serving around 27 million users have critical or high-risk cybersecurity.

Although the EPA’s latest report focuses on the potential financial costs of cyber-attacks, there is also strong evidence that such attacks could also result in significant loss of life, with thousands or even millions of people being deliberately poisoned by terrorists or a hostile foreign power.

“We estimate that a [California] state-wide water service disruption could potentially cost at least $61 billion in lost revenue per day,” says the EPA report, Cybersecurity Concerns Related to Drinking Water Systems.

Cyber Espionage cybercrime News

0

14

Cybercriminals pose as law enforcement agencies

The US Federal Bureau of Investigation (FBI) has issued an urgent warning to business and law enforcement agencies that cybercriminals are using genuine stolen US and foreign government email addresses to hack into companies.

As of August this year, the FBI has observed an increase in posts on criminal forums relating to fraudulent emergency data requests. In August 2024, a cyber-criminal known to the FBI offered for sale, “High Quality .gov emails for espionage/social engineering/data extortion requests, etc”, that included official US credentials. The cyber-criminals also offered to guide buyers through emergency data requests and to sell real stolen subpoena documents to allow the buyer(s) to pose as law enforcement officers.

Data Leak Human Error News

0

11

Disgruntled ex-Disney employee highlights insider threat

The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel.

More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.

China News Spyware Surveillance

0

20

The Chinese Communist Party is watching you

Research conducted by Which, the consumer watchdog magazine, has confirmed something the smartphone industry has known for years: Chinese electronic products are routinely used to spy on citizens in countries like the US and the UK.

The latest suspects, domestic air fryers, join a long list of products the Chinese are accused of having used to spy on the West, which already ranges from smart watches to automobiles. Which analyzed three air fryers sold in the UK and found that Aigostar, Xiaomi Mi Smart, and Cosori CAF-LI401S knew their customers’ precise locations and demanded permission to listen in on users’ conversations. The Aigostar air fryer even wanted to know the user’s gender and date of birth when setting up an account. Disturbingly, both the Aigostar and Xiaomi air fryers are reported to have sent personal data to servers in China.

Cybersecurity Executives Expert Opinions Healthcare Personal Services

0

14

The root of the problem for dentists

In an exclusive interview with Cyber Intelligence, Tom Terrenez, the chief executive of Medix Dental IT, describes the cyber-threats currently overwhelming many US dental practices. His warnings concerning data can be equally applied to doctors’ surgeries, upmarket beauticians and hairdressers, and other small businesses that provide personal services.

cybercrime Malware News

0

19

US is top target for mobile cybercrime

The US is the top target for cyber-attacks focusing on mobile devices and those connected by the Internet of Things (IoT) plus the operational technology (OT) systems than run facilities such as power plants.

According to cybersecurity firm Zscaler’s ThreatLabz 2024 Mobile, IoT, and OT Threat Report, mobile remains a top threat vector, with 111% growth in spyware and 29% growth in banking malware. Technology (18 percent), education (18 percent) and manufacturing (14 percent) continue to be the sectors most targeted by mobile malware. The education sector saw the most dramatic rise in blocked transactions, with a 136 percent increase on the previous year.

Arrest China Cyber Espionage News

0

22

Chinese phisher steals top US military secrets

This week, the US Department of Justice (DOJ) announced criminal charges against a Chinese national, Song Wu, accused of wire fraud and aggravated identity theft in an effort to obtain National Aeronautics and Space Administration (NASA) computer software and source code.

The DOJ has now revealed that the specialized software allegedly stolen by Song could be used by potentially hostile enemies to attack the US. According to the DOJ, the stolen software could be used for “industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”

cybercrime News Vulnerability

0

22

Sharp rise in blindside cyber-attacks

More than one in five cybersecurity professionals report having had a cyber hit requiring immediate attention despite having threat-based detection and response security measures in place. According to a survey conducted by cybersecurity firm Criticalstart, 2024 Cyber Risk Landscape Peer Report, 2023’s figure of 83 percent represents a 21 percent increase from 2023.

Criticalstart also reports a sharp rise in the cost of data breaches. The average cost of a data breach reached an all-time high of $4.45 million in 2023 – a 15 percent increase over the past three years. Organizations with under 500 employees reported an average breach-impact increase from $2.92 million to $3.31 million—a rise of 13.4%.

Analysis cybercrime Vulnerability

0

27

Exclusive: CrowdStrike crash is only the beginning…

The famous “blue screen of death,” witnessed with horror by 8.5 million Microsoft Windows users worldwide as a result of the ongoing CrowdStrike outage, may soon become a far more familiar sight across a wide range of sectors.

While there is no evidence that the widespread Microsoft Windows outage caused by the CrowdStrike upgrade was anything but accidental, many in the cybersecurity industry are seeing the past week’s experience as a dummy run for a full-fledged cyber-attack aimed at crippling critical infrastructure. As the current media pictures of people sleeping in airports testify, some sectors appear to be faring better than others.

Analysis Data Leak sextortion

0

20

US Data Compromises Double Year-on-Year

It’s official – the US is losing the battle against cybercrime. The first quarter of this year has seen 841 publicly reported data compromises – a 90 percent increase compared to 442 compromises in Q1 2023.

According to the Identity Theft Resource Center (ITRC), the picture may be even grimmer than these bald statistics suggest. Year-on-year, the number of cyberattack-related data breach notices without information about the root cause of the attack leapt from 166 in Q1 2023 to 439 in Q1 2024. This represents a staggering rise of 265 percent in unsolved data breaches.

News One Minute Roundup

0

9

Rise in Tax-Related Phishing Scams Detected – March 22nd

Microsoft’s Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data.

These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.

News One Minute Roundup

0

12

Security Flaws Found in ChatGPT Plugins – March 15th

According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts.

Leveraging security gaps in ChatGPT plugins’ large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.

News One Minute Roundup

0

8

27,000 Private Data Stolen from Stanford Ransomware Attack – March 12th

Stanford University announced that the personal information of 27,000 individuals was stolen as a result of a September 2023 ransomware attack.

The University also disclosed that only one system was breached, namely the “Department of Public Safety” network. The data included biometric data, dates of birth, social security numbers, government IDs, passport numbers, and driver’s license numbers.

News One Minute Roundup

0

10

Skype, Google Meet, and Zoom were used in the New Trojan Campaign – March 7th

Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links.

Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.

News One Minute Roundup

0

14

Third-Party Breach Places AmEx Cardholders at Risk – March 5th

American Express released a notification to its customers, informing them of a third-party data breach, placing ‘some’ customer information at risk.

Despite the breach, American Express ensured that its systems remain secure, is taking measures to address the issue, and will constantly monitor the integrity of its accounts for fraudulent activity.

News One Minute Roundup

0

10

I-Soon Leak Offers Glimpse Into Chinese Hacking Campaigns – February 22nd

The Chinese Police reported on a nation-state sensitive data leak on Chinese company, I-Soon.

The data uncovers in detail, methods used by Chinese authorities to surveil dissidents, and hacking networks across Central and Southeast Asia.

News One Minute Roundup

0

9

26 Billion Stolen Record Database Discovered – January 24th

Security Discovery researchers and the Cybernews team discovered the largest data leak ever recorded, containing 26 billion records predominantly stolen from major social media platforms and government agencies.

Dubbed “The Mother of All Breaches”, the 12 terabytes of compromised records were stolen most notably from Tencent QQ (1.5B), Weibo (504M), MySpace (360M), Twitter (281M), LinkedIn (251M), AdultFriendFinder (220M), among government agency data from the United States, Brazil, Germany, the Philippines, Turkey, among others.

Data Leak Finance News

0

17

FNF hack exposes 1.3m customer details

US real estate financial services fat cat, Fidelity National Financial (FNF), has revealed details of a cybersecurity breach that occurred in November, exposing the details of 1.3 million customers. An updated filing to the US Securities and Exchange Commission (SEC) claims the attack, which occurred on November 19, 2023, was detected early on and successfully contained.

But despite FNF’s best efforts, over a million customers will wonder if the threat actors behind the breach also believe that their attack has been successfully “contained.” The nature of their target suggests otherwise. A Fortune 500 company, FNF is one of the largest companies of its kind in the US, with an annual revenue of over $10 billion, a market capitalization of $13.3 billion, and a staff of over 23,000 people.

News One Minute Roundup

0

9

Ukrainian Hacks Accounts to Mine $2M in Crypto – January 15th

A now arrested Ukrainian-based hacker infiltrated cloud-computing accounts to create over 1M virtual servers to mine $2M worth of cryptocurrencies, Europol announced.

The Europol investigation shed light on the dangers behind cloud computer hijacking campaigns used for large-scale illicit crypto mining.

News One Minute Roundup

0

13

CISA Warns Google Chrome Users of Open Source Vulnerabilities – January 4th

In an announcement addressed to US Federal Agencies, the Cybersecurity and Infrastructure Security Agency (CISA) warned Google Chrome users of a vulnerability (CVE-2023-7101) impacting the web browser’s open-source Perl library.

The Google vulnerability affects an open-source project, Google Chromium WebRTC, which as a result allows threat actors to cause browser crashes and launch other actions.

News One Minute Roundup

0

6

$80M in Crypto Stolen from Orbit Chain Cyberattack – January 3rd

Orbit Chain revealed to its users that as a result of a cyber attack, $84.5M worth of Ethereum and DAI (cryptocurrencies) were illicitly transferred to seven wallet addresses on the 1st of January.

Orbit Chain is now coordinating with the Korean National Police Agency and the Korea Internet & Security Agency (KISA) to find the threat actors behind the cyber attacks, and to further protect its customers’ crypto wallets.

News One Minute Roundup

0

13

62% of Top Ransomware Groups Activated Remote Attacks in 2023 – December 27th

According to Sophos’ latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks.

Sophos’ report entitled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” gathered the data based on Sophos’ detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.

News One Minute Roundup

0

7

November’s Ransomware Leak Victims Reach Record High – December 25th

A record-high 484 ransomware victims were posted on publicly available sites in November 2023, according to a Corvus Insurance report.

The spike in ransomware victims’ information being leaked reflects a 39.08% increase compared to October 2023 and a staggering 110.43% increase compared to November 2022.

News One Minute Roundup

0

6

Fraudulent LinkedIn Profiles Targeting Saudi Workers for Corporate Data Leaks – December 12th

Revealed in a presentation at last month’s Black Hat Middle East and Africa conference, was a corporate information leak tactic targeting Saudi Arabian workers using fraudulent LinkedIn profiles.

The LinkedIn attacks start with fraudulent accounts pretending to be Muslim women in their 20s who say they work in Southeast Asia. Once the connection is made, attempts to harvest sensitive corporate information through long, seemingly legitimate professional conversations ensue.

News One Minute Roundup

0

10

North Korea Continues Crypto Theft Campaign – December 4th

A joint advisory by the Federal Bureau of Investigation (FBI), the Environmental Protection Agency, and the Cybersecurity Infrastructure and Security Agency (CISA) announced the Iranian-based threat actor group “Cyber Av3ngers” compromised over 200 internet-connected devices in the US.

Suspected to be anti-Israeli by motive, the “Cyber Av3ngers” group was behind the Pennsylvania Water Authority hacks, disrupting an industrial control device that was made in Israel.

News One Minute Roundup

0

9

Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th

The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend.

According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as “Cyber Av3ngers”. This nation-state cyberattack is not the first to disrupt critical water infrastructure.

News One Minute Roundup

0

11

The EU’s Proposed Cybersecurity Certification Scheme – November 24th

The European Union’s Cybersecurity Agency (ENISA) is studying the possibility of broadening the proposed cybersecurity labeling rules that may affect big tech operating in Europe.

The proposed EU certification scheme (EUCS) vouches for further cybersecurity measures of cloud services, ensuring companies in the bloc select an EU-based certified cybersecurity vendor for their business.

News One Minute Roundup

0

9

Samsung Customers in the UK Exposed by Data Breach – November 17th

Samsung notified its customers in the UK that a recent data breach potentially exposed customer data, stemming from a third-party business application vulnerability.

Samsung UK further stated that the data affected only covers customers that purchased Samsung items in the UK online store, and ensured customers that the breach does not include passwords or financial data.

1
2