Scattered Spider redux. Qantas Airways confirms significant cyberattack against third-party customer service platform.
Posted inCybersecurity News

Scattered Spider redux. Qantas Airways confirms significant cyberattack against third-party customer service platform.

Qantas Airways has confirmed a significant cyberattack affecting a third-party customer service platform used by one of its contact centers, resulting in the exposure of personal data for up to six million customers. The compromised data includes names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. Importantly, no credit card, financial, or passport information was stored on the affected system, and frequent flyer account credentials (passwords, PINs, logins) were not accessed.
Iranian hackers claim to possess about 100 gigabytes of emails from Trump’s circle.
Posted inCybersecurity News

Iranian hackers claim to possess about 100 gigabytes of emails from Trump’s circle.

Pro-Iran hackers have recently threatened to release a large trove of emails allegedly stolen from individuals closely associated with former President Donald Trump. U.S. federal officials have characterized this as a “calculated smear campaign” and dismissed the threat as “digital propaganda” designed to undermine Trump and other government officials. However, previously leaked documents by the group were authenticated and included communications about campaign strategy and legal matters involving Stormy Daniels
Kelly Benefits says data breach impacts 550,000 people.
Posted inCybersecurity News

Kelly Benefits says data breach impacts 550,000 people.

A major data breach at Kelly & Associates Insurance Group (dba Kelly Benefits) has impacted over 550,000 individuals after hackers accessed and stole sensitive files from the company’s IT systems in December 2024. The breach, which initially appeared to affect around 32,000 people, was later found to compromise the data of 553,660 individuals as the investigation progressed and more affected parties were identified.
Verizon and T-Mobile deny breached databased of more than 100 million customers for sale on Dark Web belongs to them.
Posted inCybersecurity News

Verizon and T-Mobile deny breached databased of more than 100 million customers for sale on Dark Web belongs to them.

Verizon and T-Mobile are both denying recent data breaches after a cybercriminal claimed to be selling the personal records of over 100 million users from the two companies online. The seller, known as G_mic on a cybercrime forum, is offering what they say are 61 million Verizon customer records and 55 million T-Mobile customer records for sale, with the data marked as being from 2025.
Cybercriminals are using Vercel’s v0 AI tool to generate remarkably convincing fake login pages at scale.
Posted inCybersecurity News

Cybercriminals are using Vercel’s v0 AI tool to generate remarkably convincing fake login pages at scale.

Cybercriminals have recently weaponized Vercel’s v0 AI tool to rapidly generate convincing fake login pages at scale, marking a significant evolution in phishing tactics. Vercel’s v0 is a generative AI platform designed to help developers create landing pages and full-stack applications using simple natural language prompts. However, threat actors have exploited this capability to create realistic phishing sites that closely mimic legitimate login pages for brands such as Okta, Microsoft 365, and cryptocurrency services.
Yet another health care provider (St. Joseph) breached on Oracle Health platform.
Posted inCybersecurity News

Yet another health care provider (St. Joseph) breached on Oracle Health platform.

St. Joseph, Missouri-based Mosaic Life Care has confirmed it was affected by a data breach originating at its electronic health record (EHR) vendor, Oracle Health (formerly Cerner). The breach was discovered after Mosaic Life Care was contacted by an unknown third party earlier in 2025, who claimed to possess patient information. Mosaic Life Care verified these claims on April 29, 2025, and by May 2, 2025, determined that the source of the compromised data was Oracle Health.
Newly discovered FileFix attach variant exploits how browsers handle saved HTML pages to execute malicious JavaScript.
Posted inCybersecurity News

Newly discovered FileFix attach variant exploits how browsers handle saved HTML pages to execute malicious JavaScript.

A newly discovered FileFix attack variant exploits how browsers handle saved HTML pages to execute malicious JScript while evading Windows’ Mark of the Web (MoTW) security alerts. This technique, detailed by security researcher mr.d0x, bypasses critical security warnings by manipulating file-saving behaviors.
Researchers say the lack of a permission model in IDEs like Visual Studio Code lets attackers bypass verification and install rogue extensions.
Posted inCybersecurity News

Researchers say the lack of a permission model in IDEs like Visual Studio Code lets attackers bypass verification and install rogue extensions.

A newly discovered security flaw in integrated development environments (IDEs) like Visual Studio Code allows malicious extensions to bypass verified status checks, enabling attackers to execute arbitrary code on developers’ machines. This vulnerability stems from weaknesses in the extension verification process, where attackers can create rogue extensions that appear verified while containing harmful functionality.
Doppelgängers? Proofpoint researchers identify significant overlaps between threat actors TA829 and UNK_GreenSec.
Posted inCybersecurity News

Doppelgängers? Proofpoint researchers identify significant overlaps between threat actors TA829 and UNK_GreenSec.

Cybersecurity researchers have identified significant tactical overlaps between the threat actors behind the RomCom RAT (tracked as TA829) and a newly observed cluster distributing the TransferLoader malware (tracked as UNK_GreenSec). These groups share infrastructure, delivery methods, and phishing tactics, blurring the lines between cybercrime and state-aligned espionage.
US levies sanctions on Russian bulletproof hosting service, Aeza Group, for its role in hosting ransomware, malware, and infostealers.
Posted inCybersecurity News

US levies sanctions on Russian bulletproof hosting service, Aeza Group, for its role in hosting ransomware, malware, and infostealers.

The U.S. Department of the Treasury has imposed sanctions on Aeza Group, a Russia-based bulletproof hosting provider, for allegedly supporting a wide range of cybercriminal activities, including ransomware attacks, infostealer operations, darknet drug markets, and Russian disinformation campaigns.