Latest Internet & Cybersecurity News
University of Phoenix Data Breach Affects 3.5 Million
Attackers exploited a zero-day in Oracle E-Business Suite (CVE-2025-61882), stealing names, SSNs, DOBs, and bank details from students, staff, and suppliers between August 13-22, 2025. Linked to Cl0p ransomware, it's part of a campaign hitting over 100 organizations including Harvard. No data released publicly yet.
TransUnion Third-Party Breach Exposes 4 Million Customers
Hackers breached a third-party application, exposing millions of US customers' data at the credit reporting agency. Details on compromised information remain limited but highlight supply chain risks. This adds to 2025's record breaches.
MongoDB 'Heartbleed' Vulnerability Actively Exploited
High-severity MongoDB Server flaw (CVE-2025-14847), dubbed 'MongoBleed,' emerged over Christmas with PoCs and is now under active exploit per CISA. Poses major risks as a frequent attack vector for malicious actors. Patch immediately.
FortiOS CVE-2020-12812 Still Exploited for 2FA Bypass
Five-year-old improper authentication flaw in FortiGate SSL VPN allows attackers to bypass 2FA via username case mismatch with LDAP. Fortinet warns of ongoing wild exploitation under specific configs. Update systems urgently.
French La Poste DDoS Attack Disrupts Services
Central systems at France's national postal service knocked offline by DDoS on December 24, blocking deliveries and payments. Highlights vulnerabilities in critical infrastructure. Recovery ongoing.
Malicious NPM Package 'lotusbail' Steals WhatsApp Data
Fake WhatsApp Web API package with 56,000 downloads intercepts messages, contacts, and credentials via WebSocket to attacker servers. Exemplifies rising software supply chain threats. Remove and scan dependencies.
Korean Air Data Breach via Subsidiary KC&D
Hackers stole data of 30,000 employees in breach at former subsidiary; investigation took over a year. Part of aviation sector's 2025 vulnerabilities. Impacts ongoing.
Two Americans Plead Guilty in ALPHV BlackCat Ransomware
US defendants admitted targeting victims with BlackCat ransomware on December 30, 2025. Part of DOJ actions against cybercrime. Signals law enforcement progress.
Global Banking Network Breach Hits 20 Million Customers
March 2025 attack via third-party software exploited by Eastern European hackers stole account data from over 100 banks. Led to identity theft and regulatory scrutiny. Lessons on vendor security.
Russian Lynx Group Breaches UK MoD Contractor
October 2025: Stole 4TB sensitive data from Dodd Group. Underscores nation-state threats to defense supply chains. Data potentially leaked.
Cybercrime Surge Across Africa 2023-2025
GI-TOC report shows sharp growth in cybercrime outpacing security measures continent-wide. Includes BEC, ransomware networks dismantled in Senegal, Ghana, Benin, Cameroon. Continued vigilance needed.
AI Deepfake Nudes Prompt Global Regulations
Rising non-consensual AI nudes lead to US bills like Take It Down Act, EU AI Act fines, and lawsuits in San Francisco. Poses business and ethical risks. Enforcement challenges persist.