Label maker Avery says ransomware investigation also found credit-card scraper
The world’s largest supplier of labels said a ransomware attack in December prompted an investigation that led to the discovery of a data breach impacting the information of about 67,000 customers. In breach notification letters, Avery Products said a ransomware attack was discovered on December 9 and prompted an in-depth investigation led by forensic experts. They found that “an unauthorized actor inserted malicious software that was used to ‘scrape’ credit card information used on our website” between July 18, 2024, and January 5, 2025, the company said in letters provided to regulators in Maine.
Sri Lanka goes bananas after monkey unplugs nation
Sri Lanka’s electricity grid was brought down nationwide on Sunday after monkey business struck a power station south of the capital of Colombo. “A monkey came into contact with our grid transformer, causing an imbalance in the power system,” energy minister Kumara Jayakody told media. The simian saboteur left the population of 22,000,000 sweltering in temperatures above 30°C (86°F) while engineers attempted to restore power to critical facilities like hospitals and water purification plants. Social media users were swift to poke fun at the South Asian island nation’s fragile grid. “One monkey = total chaos. Time to rethink infrastructure?” one said, while Jamila Husain, editor-in-chief of local newspaper the Daily Mirror, wrote: “Sri Lanka’s national grid is so outdated that even a monkey can cause an island-wide blackout.”
Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Apple on Monday released an urgent patch for its flagship iOS and iPadOS platforms alongside a warning that a critical security flaw was actively exploited in the wild. The security defect, tracked as CVE-2025-24200, allows attackers with physical access to a locked iPhone or iPad to disable USB Restricted Mode – a key protection mechanism – to access unpatched iPhones. In a barebones advisory, Cupertino’s security response team confirmed the defect led to “an extremely sophisticated attack against specific targeted individuals.” The issue has been fixed in iOS 18.3.1 and iPadOS 18.3.1.
Cyberattack on Lee Enterprises Causes Disruptions at Dozens of Newspapers
Dozens of local newspapers owned by American media company Lee Enterprises have experienced disruptions as a result of a cyberattack. According to its website, the company owns roughly 350 weekly and specialty publications across 25 states. Featured publications include St. Louis Post-Dispatch, The Buffalo News, Omaha World-Herald, Richmond Times-Dispatch, and the Lincoln Journal Star. Lee told the SEC last week that it suffered a technology outage on February 3 due to a “cyber incident”. The incident impacted some business applications and resulted in operational disruptions. The cyberattack resulted in various types of disruptions at Lee-owned publications, including to printed newspapers, subscription accounts, and internal services.
OPM skirted agency norms in assessing the privacy of its new email system
Just over a week into the new Trump administration, the government’s HR agency used a new government-wide email system to contact the federal workforce en masse to offer them a legally dubious delayed-resignation package. Anonymous feds have already sued, alleging that the Office of Personnel Management violated the law by not publishing a privacy impact assessment before deploying the new system, leaving sensitive data about federal employees potentially vulnerable. Although OPM argued in its own legal filing that this assessment wasn’t necessary, the agency simultaneously released one for the government-wide email system last week. But the document looks different than typical PIAs issued by the agency, potentially raising further questions.
