No, the 16 billion credentials leak is not a new data breach
News broke today of a “mother of all breaches,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials. Instead, these stolen credentials were likely circulating for some time, if not for years. It was then collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet.
New Linux udisks flaw lets attackers get root on major Linux distros
Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the “allow_active” user. The other security bug (CVE-2025-6019) was discovered in libblockdev, and it enables an “allow_active” user to gain root permissions via the udisks daemon (a storage management service that runs by default on most Linux distributions).
Attack on Oxford City Council exposes 21 years of election worker data
Oxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised. It said “some historic data on legacy systems” was accessed by unauthorized attackers, namely the personal information of people who worked on council-administered elections between 2001 and 2022. The majority of those affected are thought to be either current or former council officers, and the authority assured the public that the incident was limited in scope. According to a statement posted to the council’s website on Thursday, “there is no evidence to suggest that any of the accessed information has been shared with third parties.
Cyberattacks act as a “strategic equalizer” as Iran’s conventional military capabilities lag behind those of Israel, and actors working on behalf of Tehran or aligned with the Islamic Republic could take attacks beyond the borders of physical combat to target entities in Western nations that are seen as aligning with Israel, said a new report from Trustwave SpiderLabs. The cyberwar landscape in the fresh conflict between Iran and Israel is characterized as a hybrid threat ecosystem: “a few state-linked actors embedded within a dense jungle of ideological, opportunistic and proxy-driven cyber collectives,” researchers described.
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. “Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks,” Cloudflare’s Omer Yoachimik said. “The 7.3 Tbps attack delivered 37.4 terabytes in 45 seconds.” Earlier this January, the web infrastructure and security company said it had mitigated a 5.6 Tbps DDoS attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack originated from a Mirai-variant botnet in October 2024.
