05 Dec 2025
By Mary

InfoSec News Nuggets 12/05/2025

Marquis Data Breach Impacts Over 780,000 People Hackers accessed the network of fintech provider Marquis and stole files containing personal and financial data on more than 780,000 individuals, including names, addresses, Social Security numbers, taxpayer IDs, and bank or card details. The intrusion was detected in August 2025, and recent regulator filings show Marquis is now notifying affected individuals and multiple state attorneys general as the scope of the breach has been confirmed.   Freedom…
Read More
04 Dec 2025
By Mary

InfoSec News Nuggets 12/04/2025

Fintech firm Marquis notifies affected business after ransomware breach Texas based fintech firm Marquis is notifying U.S. banks and credit unions after a ransomware attack in August allowed an intruder to exploit a SonicWall firewall vulnerability and access internal files. Regulatory filings say the exposed data may include names, contact details, dates of birth, Social Security and taxpayer IDs, and limited financial account information belonging to customers of Marquis’ clients. The company is now sending…
Read More
03 Dec 2025
By Mary

InfoSec News Nuggets 12/03/2025

Personal Information of 33.7 Million Stolen From Coupang South Korea’s Coupang disclosed a five‑month data breach in which attackers accessed names, addresses, email addresses, phone numbers, and order history for about 33.7 million customers. The breach began in late June and was only detected in mid‑November, illustrating how prolonged unauthorized access can go unnoticed before large‑scale exposure is revealed. The company has blocked the access, notified authorities, and is working through the fallout of a…
Read More
02 Dec 2025
By Mary

InfoSec News Nuggets 12/02/2025

London councils cyber incident: Data breach warning as recovery expected to take weeks Three inner London councils, including Westminster and Kensington and Chelsea, are recovering from a significant cyber incident that has now been confirmed to involve a data breach. Authorities are warning residents to stay vigilant after evidence that data was copied, and they expect disruption to services and full recovery efforts to take weeks.   Iberia Airlines in Spain Hit by Major Cyberattack…
Read More
01 Dec 2025
By Mary

InfoSec News Nuggets 12/01/2025

South Korean government declares emergency over Coupang cyber attack The South Korean government convened an emergency ministerial meeting after e-commerce giant Coupang disclosed a major cyber incident and large scale data theft affecting its customer base. Authorities have launched a broad investigation into what personal data was exposed and how the intrusion occurred, reflecting concern about the impact on a platform used by a significant share of the country’s population.   The weekend is prime…
Read More
26 Nov 2025
By Mary

InfoSec News Nuggets 11/26/2025

Threat Actors Exploit Blender Files to Deploy StealC V2 Infostealer Researchers have tracked a long running campaign in which attackers hide StealC V2 infostealer inside weaponized Blender project files shared on popular 3D asset marketplaces. When victims open these .blend files with auto run Python scripts enabled, embedded code silently launches a multistage infection chain that targets 3D artists and game developers who routinely import community models.   New ClickFix wave infects users with hidden…
Read More
25 Nov 2025
By Mary

InfoSec News Nuggets 11/25/2025

Nationwide Emergency Alert System Crippled by Ransomware INC Ransom attacked OnSolve's CodeRED emergency notification platform, forcing the company to permanently retire the legacy system and cutting off alerting capabilities for hundreds of US municipalities. The incident also involved exposure of personal data for a large number of residents whose information was stored in the service. It shows how a single service provider can become a critical weak point for public safety communications.   Shai-Hulud worm…
Read More
24 Nov 2025
By Mary

InfoSec News Nuggets 11/24/2025

Another major airline hacked, customer data exposed Iberia is notifying customers after a supplier breach exposed names, email addresses, and loyalty card IDs, while a separate threat actor claims to be selling 77 GB of Iberia internal data, including technical aircraft and maintenance files. This is a live example of third party compromise plus possible deeper internal intrusion, so DFIR teams should watch for Iberia related phishing, loyalty account abuse, and any overlap with their…
Read More
21 Nov 2025
By Mary

InfoSec News Nuggets 11/21/2025

Salesforce alerts users to potential data exposure via Gainsight OAuth apps Salesforce reported “unusual activity” involving Gainsight published OAuth applications, warning that attackers may have used those integrations to access some customers’ Salesforce data even though the core Salesforce platform was not directly compromised. All tokens for the affected apps were revoked and the apps pulled from the AppExchange while the investigation continues. This incident underscores the risk posed by third party SaaS integrations and…
Read More
20 Nov 2025
By Mary

InfoSec News Nuggets 11/20/2025

CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks CISA has added CVE-2025-13223, a zero day vulnerability in Google Chrome’s V8 engine, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. The flaw allows attackers to execute arbitrary code through crafted web content and has prompted an accelerated patch deadline for U.S. federal agencies. Google has released updates for Chrome, and other Chromium based browsers are also expected to ship fixes.   Critical…
Read More
19 Nov 2025
By Mary

InfoSec News Nuggets 11/19/2025

DoorDash Confirms Data Breach After Hackers Access Users’ Personal Data Food delivery platform DoorDash has publicly acknowledged a cybersecurity incident that compromised the personal information of an undisclosed number of users. The breach stemmed from a social engineering attack targeting a company employee and represents a growing threat vector that enterprises continue to struggle with despite years of security awareness training. According to DoorDash’s official statement, the incident began with a social engineering scam targeting…
Read More
18 Nov 2025
By Mary

InfoSec News Nuggets 11/18/2025

Rogue Hosting Company Shut Down as Authorities Confiscate Thousands of Servers Used in Cyberattacks Dutch police and the East Netherlands Cybercrime Team have dismantled a “bulletproof” hosting provider whose infrastructure was allegedly tailored to support criminal activity, including ransomware, phishing, botnet command and control, financial fraud, and distribution of child sexual abuse material. Investigators link the company to more than 80 cases since 2022 and say roughly 250 physical servers hosting thousands of virtual machines…
Read More
17 Nov 2025
By Mary

InfoSec News Nuggets 11/17/2025

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may have travel reservations with spam emails. The campaign is said to have begun in earnest around February 2025. Of the 4,344…
Read More
14 Nov 2025
By Mary

InfoSec News Nuggets 11/14/2025

Google Sues to Disrupt Chinese SMS Phishing Triad Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. In a lawsuit filed in the Southern District of New York on November 12, Google sued to unmask and disrupt 25 “John Doe” defendants allegedly…
Read More
13 Nov 2025
By Mary

InfoSec News Nuggets 11/13/2025

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials. The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort. Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.…
Read More
12 Nov 2025
By Mary

InfoSec News Nuggets 11/12/2025

A jailed hacking kingpin reveals all about the gang that left a trail of destruction After years of reading about "Tank" and months of planning a visit to him in a Colorado prison, I hear the door click open before I see him walk into the room. I stand up ready to give this former cyber-crime kingpin a professional hello. But, like a cheeky cartoon character, he pokes his head around a pillar with a…
Read More
11 Nov 2025
By Mary

InfoSec News Nuggets 11/11/2025

Allianz UK joins growing list of Clop’s Oracle E-Business Suite victims Allianz UK confirms it was one of the many companies that fell victim to the Clop gang's Oracle E-Business Suite (EBS) attack after crims reported that they had attacked a subsidiary. The criminal crew behind the wave of zero-day data raids claimed to have attacked Allianz-owned British insurer Liverpool Victoria (LV) on Tuesday, but a spokesperson for its parent company waved away these allegations.…
Read More
07 Nov 2025
By Mary

InfoSec News Nuggets 11/07/2025

11 ways to delete or hide yourself from the internet - and protect your privacy  Keeping a tight lid on the online data connected to you, your life, and your habits is becoming increasingly important -- and difficult. A PC, mobile device, or even a smartwatch with an internet connection allows us to stay connected with friends and family, work, stay entertained, monitor our health and habits, and handle our finances. But benefits aside, how…
Read More
06 Nov 2025
By Mary

InfoSec News Nuggets 11/06/2025

The Louvre’s video security password was reportedly ‘Louvre’ If you’ve been watching the non-technology news for the last couple of weeks… well first of all, I’m sorry. But you might have noticed that one of the most brazen robberies in recent memory happened at the legendary Louvre museum in Paris, where thieves made off with centuries-old crown jewels that have yet to be recovered. According to a security investigation, the password for video surveillance system was “Louvre,”…
Read More
05 Nov 2025
By Mary

InfoSec News Nuggets 11/05/2025

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March 2024, some of the issues were addressed by Microsoft in August 2024…
Read More
04 Nov 2025
By Mary

InfoSec News Nuggets 11/04/2025

Hackers use RMM tools to breach freighters and steal cargo shipments Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. Researchers tracked the activity to June, but they found evidence of these types of campaigns delivering NetSupport and ScreenConnect since January. According to email security firm Proofpoint, these attacks is becoming more popular, with nearly…
Read More
03 Nov 2025
By Mary

InfoSec News Nuggets 11/03/2025

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody  A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle “MrICQ.”…
Read More
30 Oct 2025
By Mary

InfoSec News Nuggets 10/30/2025

US company with access to biggest telecom firms uncovers breach by nation-state hackers Hackers working for an unnamed nation-state breached networks at Ribbon Communications (RBBN.O), opens new tab, a key U.S. telecommunications services company, and remained within the firm’s systems for nearly a year without being detected, a company spokesperson confirmed in a statement on Wednesday. Ribbon Communications, a Texas-based company that provides technology to facilitate voice and data communications between separate tech platforms and environments,…
Read More
29 Oct 2025
By Mary

InfoSec News Nuggets 10/29/2025

Ransomware profits drop as victims stop paying hackers  The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. With some exceptions, the decline in payment resolution rates continues the trend that Coveware has observed for the past six years. In the first quarter of 2024, the payment percentage was 28%. Although it increased over the next period, it continued to drop, reaching an all-time low…
Read More
28 Oct 2025
By Mary

InfoSec News Nuggets 10/28/2025

Cities reverse course on automated license plate reader cameras amid privacy concerns Cambridge, Massachusetts officials turned off 16 automated license plate reader cameras (ALPR) last week after the city council voted to pause their use following reports of the cameras’ manufacturer sharing data with immigration authorities. Cambridge is one of several cities where the Flock Safety cameras — which are now present in thousands of cities across the country — have recently been taken offline.  On October…
Read More
27 Oct 2025
By Mary

InfoSec News Nuggets 10/27/2025

Ex-CISA head thinks AI might fix code so fast we won't need security teams Ex-CISA head Jen Easterly claims AI could spell the end of the cybersecurity industry, as the sloppy software and vulnerabilities that criminals rely on will be tracked down faster than ever. Speaking at AuditBoard's user conference in San Diego, Easterly said the threat landscape has never stopped evolving. The proliferation of data, platforms, and devices meant "we've expanded the attack surface…
Read More
24 Oct 2025
By Mary

InfoSec News Nuggets 10/24/2025

Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign  We investigated a campaign waged by financially motivated threat actors operating out of Morocco. We refer to this campaign as Jingle Thief, due to the attackers’ modus operandi of conducting gift card fraud during festive seasons. Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards. Their operations primarily target global enterprises in the retail and consumer services sectors.…
Read More
22 Oct 2025
By Mary

InfoSec News Nuggets 10/22/2025

Hackers exploit 34 zero-days on first day of Pwn2Own Ireland On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards. The highlight of the day was Bongeun Koo and Evangelos Daravigkas of Team DDOS chaining eight zero-day flaws to hack the QNAP Qhora-322 Ethernet wireless router via the WAN interface and gain access to a QNAP TS-453E NAS device. For this successful attempt, they won $100,000 and are now…
Read More
21 Oct 2025
By Mary

InfoSec News Nuggets 10/21/2025

Prisoner hacks prison IT system, goes wild! A convict at a Romanian prison has hacked the country's prisoner management platform in a security breach that has rocked Romania's penitentiary agency. The incident took place in August and continued through October. From various reports in Romanian media and a statement released by the national penitentiary police union, the incident appears to have originated in the city of Dej, in Romania's Transilvania region, at a prison hospital complex, where prisoners are sent to treat illnesses…
Read More
20 Oct 2025
By Mary

InfoSec News Nuggets 10/20/2025

European Authorities Shutter Cybercrime Service Fueling Thousands of Online Scams  Seven suspects are now in custody after a cross-border crackdown dismantled a cybercrime service that powered more than 3,000 online scams across Europe, authorities said. Investigators seized servers, domains, and cryptocurrency wallets worth tens of thousands of euros, cutting off infrastructure that enabled fraud on a massive scale. The operation codenamed “SIMCARTEL”, conducted by authorities from Austria, Estonia, and Latvia, uncovered a criminal network that provided…
Read More
17 Oct 2025
By Mary

InfoSec News Nuggets 10/17/2025

Senate Investigates Cisco Over Zero-Day Firewall Vulnerabilities  U.S. Senator Bill Cassidy, Chairman of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers from Cisco Systems regarding recent zero-day vulnerabilities in its widely used networking equipment. The October 10, 2025, letter to CEO Chuck Robbins highlights the potential risks to national security and the economy, following a swift emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA).    A small number of samples…
Read More
16 Oct 2025
By Mary

InfoSec News Nuggets 10/16/2025

F5 says hackers stole undisclosed BIG-IP flaws, source code  U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform. F5 is a Fortune 500 tech giant specializing in cybersecurity,…
Read More
15 Oct 2025
By Mary

InfoSec News Nuggets 10/15/2025

New Pixnapping Attack Steals Signal Messages and 2FA Codes from Android Devices A new Android attack dubbed Pixnapping allows malicious apps to covertly capture sensitive data rendered on users' screens, including Signal messages, one-time 2FA codes, emails, location history, and financial information, without requiring a single permission. The attack affects nearly all modern Android phones and leverages a combination of legitimate system APIs and a GPU hardware side channel to reconstruct displayed pixels with surprising…
Read More
14 Oct 2025
By Mary

InfoSec News Nuggets 10/14/2025

JPMorgan to Invest up to $10 Billion in US Companies with Crucial Ties to National Security The investment plan revealed Monday will focus on four areas: supply chain and advanced manufacturing in critical minerals, pharmaceutical precursors and robotics; defense and aerospace; energy independence, with investments in battery storage and grid resilience; and strategic technologies, including artificial intelligence, cybersecurity and quantum computing. The investment is part of the bank’s Security and Resiliency Initiative, a $1.5 trillion, 10-year…
Read More
13 Oct 2025
By Mary

InfoSec News Nuggets 10/13/2025

Insurers balk at paying out huge settlements for claims against AI firms OpenAI and Anthropic are considering using investor funds to settle potential claims from multibillion-dollar lawsuits, as insurers balk at providing comprehensive coverage for the risks associated with artificial intelligence. The two US-based AI start-ups have traditional business insurance coverage in place, but insurance professionals said AI model providers will struggle to secure protection for the full scale of damages they may need to…
Read More
10 Oct 2025
By Mary

InfoSec News Nuggets 10/10/2025

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn  Widely known time-related software bugs that could cause significant disruptions when triggered in more than a decade are actually exploitable by hackers today, researchers warn. One of the bugs, known as ‘The Year 2038 problem’ and Y2K38, could cause computers to malfunction on January 19, 2038. The issue affects systems that use a 32-bit integer to store time as the number of seconds…
Read More
08 Oct 2025
By Mary

InfoSec News Nuggets 10/08/2025

Foreign threat actors adopting ChatGPT to bolster “old playbook” of attacks, OpenAI finds  But, in what may be considered good news for security teams, the AI start-up also says most threat actors appear to be playing it safe and sticking with "tried and true" methods previously used to carry out their attacks. “We continue to see threat actors bolt AI onto old playbooks to move faster, not gain novel offensive capability from our models,” the company…
Read More
07 Oct 2025
By Mary

InfoSec News Nuggets 10/07/2025

Thieves steal IDs and payment info after data leaks from Discord support vendor  Discord has confirmed customers' data was stolen – but says the culprit wasn't its own servers, just a compromised support vendor. The chat platform revealed late last week that an unnamed customer service vendor had been compromised, exposing support tickets and personal details submitted by users who had contacted Discord's help or Trust & Safety teams. The company stressed that its own systems were…
Read More
06 Oct 2025
By Mary

InfoSec News Nuggets 10/06/2025

Oracle says hackers are trying to extort its customers Oracle said on Thursday that customers of its E-Business Suite of products "have received extortion emails," confirming a warning first issued on Wednesday, opens new tab by Alphabet's Google. In a blog post, opens new tab, the California-based tech company said its investigation found that hackers had made potential use of previously identified software vulnerabilities and urged customers to upgrade their products. Oracle did not immediately respond when asked…
Read More
02 Oct 2025
By Mary

InfoSec News Nuggets 10/02/2025

UK Government Issues New Order to Access iCloud User Data The report reveals that, in early September, the UK Home Office demanded that Apple creates a way for officials to access encrypted ‌iCloud‌ backups. Unlike its previous order, the latest request focuses on the ‌iCloud‌ data of British citizens specifically. The demand is designed to aid law enforcement with investigations into terrorism and child sexual abuse. The Home Office's previous request from January sought access…
Read More
01 Oct 2025
By Mary

InfoSec News Nuggets 10/01/2025

Canadian Airline WestJet Says Hackers Stole Customer Data  Canadian airline WestJet this week confirmed that customer personal information was stolen in a June 2025 cyberattack. The incident, disclosed on June 13, involved unauthorized access to several internal systems and impacted the availability of WestJet’s application and website. The airline’s operations were not affected by the attack, and WestJet restored access to its application and website roughly two days after the incident. In July, WestJet said the incident had been…
Read More
30 Sep 2025
By Mary

InfoSec News Nuggets 9/30/2025

California Governor Newsom signs landmark AI safety bill SB 53 California Gov. Gavin Newsom has signed SB 53, a first-in-the-nation bill that sets new transparency requirements on large AI companies. SB 53, which passed the state legislature two weeks ago, requires large AI labs – including OpenAI, Anthropic, Meta, and Google DeepMind – to be transparent about safety protocols. It also ensures whistleblower protections for employees at those companies.    Moldova’s pro-EU party wins election…
Read More
29 Sep 2025
By Mary

InfoSec News Nuggets 9/29/2025

BitSight warns of surge in ICS/OT Internet exposure, raising critical infrastructure cybersecurity concerns After years of steady improvement, exposure of ICS (industrial control systems) and OT (operational technology) to the public Internet is once again on the rise, according to new research from BitSight. The firm found that global ICS/OT exposure rose 12 percent in 2024, with more than 180,000 devices visible each month, and the total is expected to approach 200,000 in 2025. Average…
Read More
26 Sep 2025
By Mary

InfoSec News Nuggets 9/26/2025

Microsoft cuts cloud services to Israeli military unit over Palestinian surveillance Microsoft has cut off the Israel Ministry of Defense’s access to some of its tech and services after an internal investigation found the organization appeared to be using its tech to store surveillance data on phone calls made by Palestinians. The tech giant announced on Thursday that it made the decision to “cease and disable” certain subscriptions from the Israeli military. This affects subscriptions…
Read More
25 Sep 2025
By Mary

InfoSec News Nuggets 9/25/2025

Google Warns That China-Linked Malware Will Haunt Networks for Years Companies may uncover traces of a Chinese-linked hacking campaign lurking in their networks for at least the next two years, Google warns. On Wednesday, Google’s Threat Intelligence Group reported that it is tracking a backdoor malware known as BRICKSTORM, which has been used by hackers to maintain access to organizations and companies in the U.S. for an average of 393 days. Google’s cybersecurity consulting arm, Mandiant, has…
Read More
24 Sep 2025
By Mary

InfoSec News Nuggets 9/24/2025

Is Big Tech Doing Enough to Fight Scams? The EU Isn't So Sure  As online scammers continue to harass consumers, the European Union is investigating whether major companies, including Apple, Google, and Microsoft, are doing enough to stop the threat. The European Commission today announced it had sent letters to the "Apple App store, Booking.com, Bing, Google Play, and Google Search on how these platforms and search engines identify and manage risks related to financial scams." The goal…
Read More
23 Sep 2025
By Mary

InfoSec News Nuggets 9/23/2025

Why attackers are moving beyond email-based phishing attacks Attackers are increasingly sending phishing links over non-email delivery channels like social media, instant messaging apps, and malicious search engine ads. In this article, we’ll explore why phishing attacks are moving away from exclusively email-based delivery, and what this means for security teams. Because of the changes to working practices, employees are more accessible than ever to external attackers. Once upon a time, email was the primary communication…
Read More
22 Sep 2025
By Mary

InfoSec News Nuggets 9/22/2025

VC giant Insight Partners warns thousands after ransomware breach New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. The company disclosed the cybersecurity incident in February, when it said that a threat actor gained access to its network following a "sophisticated social engineering attack." Two months later, Insight Partners confirmed that the attackers had also stolen sensitive data during the…
Read More
19 Sep 2025
By Mary

InfoSec News Nuggets 9/19/2025

How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks  A threat actor who gained initial access through a SonicWall VPN device was able to escalate their attack by finding Huntress recovery codes saved in a plaintext file on a user’s desktop. This allowed the attacker to log into the client’s security portal, where they attempted to remediate incident reports and uninstall security agents to cover their tracks. This incident is…
Read More
18 Sep 2025
By Mary

InfoSec News Nuggets 9/18/2025

Google will upgrade its revenge porn defenses with help from a UK nonprofit Google is partnering with a UK nonprofit to fight non-consensual intimate imagery (NCII). (You may know it better as revenge porn.) Over the coming months, the company will begin using StopNCII's hashes. These user-uploaded digital fingerprints can block individuals' unwanted intimate content from appearing in search results. StopNCII has a pretty neat system to combat revenge porn. Say you have some images you most definitely don't want…
Read More