Cyber Security Headlines

Asahi reveals the fallout from a ransomware attack affecting 1.5 million customers, raising privacy concerns. California's new law mandates web browsers to offer opt-out tools, potentially reshaping national data privacy practices. Microsoft prepares to enhance Teams performance, streamlining call handling with a new handler. Additionally, a data breach at the French Soccer Federation exposes members' personal information. Finally, leaders discuss the implications of data centers on local elections and energy costs.

Microsoft plans to block unauthorized scripts for Entra ID sign-ins in 2026. New legislation aims to crack down on AI-assisted scams with tougher penalties. ASUS has patched a critical vulnerability in AiCloud with a set of firmware fixes. In other news, OpenAI cut ties with Mixpanel following a data breach, while three London councils experienced a shared IT outage. Dartmouth faced a significant data theft affecting 35,000 people, and Microsoft dealt with an Exchange Online outage impacting Outlook access.

A massive AWS outage allowed the Shadow V2 botnet to spread across 28 countries, showcasing its IoT-focused malware tactics. Meanwhile, attackers are leveraging large language models to rewrite code, helping malware evade detection. In a heated House hearing, Anthropic's CEO faced scrutiny for potential espionage linked to their AI, Claude. Additionally, serious vulnerabilities in package management systems were exposed, highlighting the ongoing cyber threat landscape.

CISA issues a warning about state-backed actors hijacking messaging apps with spoofed versions. New findings reveal SteelC V2 malware spreading through weaponized Blender files. A Russian entrepreneur faces treason charges after criticizing a state-backed messaging app. Meanwhile, account takeover fraud has resulted in a staggering $262 million in losses. Attackers are also exploiting vulnerabilities in legacy devices from SonicWall, showcasing the ever-evolving landscape of cyber threats.

CISA has ordered federal agencies to patch a critical zero-day vulnerability in Oracle's OIM following alarming exploitation activities. Delta Dental suffers a breach, affecting the personal and health data of 146,000 customers. In Ukraine, cyberattacks have severely impacted postal services, leaving systems offline. Amazon's AI agents are on the hunt for software vulnerabilities, while the Shadowray 2.0 malware exploits cloud clusters for cryptomining. Additionally, actionable security advice is emphasized against outdated myths, showcasing the evolving landscape of cybersecurity.

In this engaging discussion, Keith Townsend, a seasoned CTO advisor, and Howard Holton, CEO of GigaOm, tackle a range of pressing topics. They critique the FCC's decision to scrap Salt Typhoon security rules, emphasizing the need for regulatory protections. The duo also explores the issue of overconfidence in security teams, citing a report that highlights the gap between perception and preparedness. Lastly, they delve into the risks of AI, with insurers looking to exclude AI liabilities, raising questions about accountability in tech mishaps.

An insider at CrowdStrike leaked internal information but didn’t compromise customer data. Iberia faced a breach due to a supplier, exposing names and emails, though payment info remained safe. Insurers are pushing to exclude liabilities for AI risks, citing the unpredictable nature of AI systems. Salesforce issued a warning about unusual activity tied to third-party apps. In other news, a Nordex manager was sentenced for using wind turbines to mine cryptocurrency. Ransomware also hit law enforcement agencies, disrupting essential services.

A new Android Trojan called Sturnus is causing chaos by capturing encrypted chat content and hijacking devices. Canadian regulators are pointing fingers at schools for their lackluster security that led to a PowerSchool hack. Meanwhile, cybersecurity takes a front seat as a new bipartisan bill aims to enhance data protection at the SEC. Plus, urgent directives are issued to patch critical vulnerabilities, while guidance on evasion attacks emerges from Germany's BSI. Stay informed and secure!

A major outage at Cloudflare was traced back to a database permissions change, impacting services like X and Canva. A California man pleaded guilty to laundering millions from a significant crypto heist. Researchers revealed a critical flaw in WhatsApp that exposed data of over 3.5 billion users. Meanwhile, Amazon reported cyber-enabled reconnaissance linked to Iran before missile attacks. A crackdown uncovered €47 million in piracy crypto and targeted Russian hosting providers supporting ransomware. Plus, a new ransomware player, Shiny Spider, emerges with a unique negotiation tactic.

The FCC plans to scrap telecom security mandates from the Salt Typhoon initiative, favoring a voluntary approach. A group has launched DDoS attacks on Danish party websites just before elections, highlighting a rise in cyber nuisance. MI5 warns of Chinese spies using LinkedIn to target UK officials. New findings reveal malicious NPM packages redirecting users to crypto scams, and a sneaky 2FA phishing kit employs BitBee pop-ups to evade detection. Emergency patches have been released for two serious Chrome vulnerabilities.