Latest News
Showing 40 of 1000 articles
November 29, 2025
Matrix.org to retire Slack bridge by January citing maintenance burden
The Matrix.org Foundation has announced it will shut down its Slack bridge on January 13, 2026, citing the high cost and complexity of maintaining interoperability with a closed, proprietary platform. The move marks the end of a years-long effort to allow free, seamless communication between Matrix and Slack users. Originally developed and maintained by Element, … The post Matrix.org to retire Slack bridge by January citing maintenance burden appeared first on CyberInsider.
French Football Federation Discloses Data Breach After Attackers Compromise Administrative Software
The French Football Federation confirmed this week that attackers used stolen credentials to breach centralized administrative software managing club memberships nationwide, exposing personal information belonging to licensed players registered through clubs across the country. The FFF detected the unauthorized access and immediately disabled the compromised account while resetting all user passwords across the system, though threat actors had already exfiltrated member databases before detection. The breach exposed names, gender, dates and places of birth, nationality, postal addresses, email addresses, telephone numbers, and license numbers. The federation claimed the intrusion and exfiltration remained limited to these data categories, with no financial information or passwords compromised in the incident. According to the federation, which has over two million members, many of whom are minors, the breached data includes personally identifiable information that could be leveraged for phishing attacks. The FFF reported a record number of over 2.3 million football license holders in the country for the 2023-2024 season, according to the latest publicly available figures. Second Attack in Two Years This marks the third time in two years that the French Football Federation has suffered a cyberattack, with a March 2024 incident potentially exposing 1.5 million member records according to prosecutors. The pattern demonstrates persistent targeting of French sports organizations. Cybersecurity researchers verified 18 months ago that a sample of FFF player details had been published on a well-known data leak forum, suggesting previous successful intrusions may have gone undetected. The federation filed a criminal complaint and notified France's National Cybersecurity Agency ANSSI and data protection authority CNIL as required under European regulations. The FFF will directly contact individuals whose email addresses appear in the compromised database. Phishing Campaign Warnings Federation officials warned members to exercise extreme vigilance regarding suspicious communications appearing to originate from the FFF or local clubs. Threat actors commonly leverage stolen personally identifiable information to craft convincing phishing messages requesting that recipients open attachments, provide account credentials, passwords, or banking information. Security experts note that smaller clubs and societies sometimes consider themselves insufficiently interesting for criminals to target, but this incident demonstrates how deeply everyday life depends on centralized platforms vulnerable to credential compromise. The federation stressed upon its commitment to protecting entrusted data while acknowledging that numerous organizations face increasing numbers and evolving forms of cyberattacks. "The FFF is committed to protecting all the data entrusted to it and continually strengthens and adapts its security measures in order to face, like many other organizations, the growing variety and new forms of cyber-attacks," the statement said. The reliance on a single centralized administrative platform across all French football clubs created a high-value target where credential compromise granted attackers access to member records from thousands of clubs simultaneously. Also read: Chicago Fire FC Data Breach: Exposed Fan Info? Here’s What’s at Risk!
November 28, 2025
Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison
A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia.
Microsoft: Windows updates make password login option invisible
Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional.
Public GitLab repositories exposed more than 17,000 secrets
After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains.
Android malware Albiriox targets 400 banks and crypto wallets worldwide
A new Android malware dubbed Albiriox has surfaced as a potent and rapidly evolving Malware-as-a-Service (MaaS) threat, enabling remote control of infected devices for financial fraud. Discovered by Cleafy's Threat Intelligence team, Albiriox has already demonstrated extensive on-device fraud (ODF) capabilities, with over 400 hardcoded targets in the global financial and cryptocurrency sectors. Cleafy researchers … The post Android malware Albiriox targets 400 banks and crypto wallets worldwide appeared first on CyberInsider.
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "The
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the
French Football Federation discloses data breach after cyberattack
The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs.
French Soccer Federation Hit by Cyberattack, Member Data Stolen
The French soccer federation has been hit by a cyber-attack that resulted in the theft of data relating to members, it said on Thursday. The FFF said the software used by clubs for their administrative management, particularly for handling their registered members, had been targeted by “a cyber-malicious act and a data theft.” It did […] The post French Soccer Federation Hit by Cyberattack, Member Data Stolen appeared first on SecurityWeek.
French Regulator Fines Vanity Fair Publisher €750,000 for Persistent Cookie Consent Violations
France's data protection authority discovered that when visitors clicked the button to reject cookies on Vanity Fair (vanityfair[.]fr), the website continued placing tracking technologies on their devices and reading existing cookies without consent, a violation that now costs publisher Les Publications Condé Nast €750,000 in fines six years after privacy advocate NOYB first filed complaints against the media company. The November 20 sanction by CNIL's restricted committee marks the latest enforcement action in France's aggressive campaign to enforce cookie consent requirements under the ePrivacy Directive. NOYB, the European privacy advocacy organization led by Max Schrems, filed the original public complaint in December 2019 concerning cookies placed on user devices by the Vanity Fair France website. After multiple investigations and discussions with CNIL, Condé Nast received a formal compliance order in September 2021, with proceedings closed in July 2022 based on assurances of corrective action. Repeated Violations Despite Compliance Order CNIL conducted follow-up online investigations in July and November 2023, then again in February 2025, discovering that the publisher had failed to implement compliant cookie practices despite the earlier compliance order. The restricted committee found Les Publications Condé Nast violated obligations under Article 82 of France's Data Protection Act across multiple dimensions. Investigators discovered cookies requiring consent were placed on visitors' devices as soon as they arrived on vanityfair.fr, even before users interacted with the information banner to express a choice. This automatic placement violated fundamental consent requirements mandating that tracking technologies only be deployed after users provide explicit permission. The website lacked clarity in information provided to users about cookie purposes. Some cookies appeared categorized as "strictly necessary" and therefore exempt from consent obligations, but useful information about their actual purposes remained unavailable to visitors. This misclassification potentially allowed the publisher to deploy tracking technologies under false pretenses. Most significantly, consent refusal and withdrawal mechanisms proved completely ineffective. When users clicked the "Refuse All" button in the banner or attempted to withdraw previously granted consent, new cookies subject to consent requirements were nevertheless placed on their devices while existing cookies continued being read. Escalating French Enforcement Actions The fine amount takes into account that Condé Nast had already been issued a formal notice in 2021 but failed to correct its practices, along with the number of people affected and various breaches of rules protecting users regarding cookies. The CNIL fine represents another in a series of NOYB-related enforcement actions, with the French authority previously fining Criteo €40 million in 2023 and Google €325 million earlier in 2025. Spain's AEPD issued a €100,000 fine against Euskaltel in related NOYB litigation. Also read: Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps According to reports, Condé Nast acknowledged violations in its defense but cited technical errors, blamed the Internet Advertising Bureau's Transparency and Consent Framework for misleading information, and stated the cookies in question fall under the functionality category. The company claimed good faith and cooperative efforts while arguing against public disclosure of the sanction. The Cookie Consent Conundrum French enforcement demonstrates the ePrivacy Directive's teeth in protecting user privacy. CNIL maintains material jurisdiction to investigate and sanction cookie operations affecting French users, with the GDPR's one-stop-shop mechanism not applying since cookie enforcement falls under separate ePrivacy rules transposed into French law. The authority has intensified actions against dark patterns in consent mechanisms, particularly practices making cookie acceptance easier than refusal. Previous CNIL decisions against Google and Facebook established that websites offering immediate "Accept All" buttons must provide equivalent simple mechanisms for refusing cookies, with multiple clicks to refuse constituting non-compliance. The six-year timeline from initial complaint to final sanction illustrates both the persistence required in privacy enforcement and the extended timeframes companies exploit while maintaining non-compliant practices generating advertising revenue through unauthorized user tracking.
7-year Chrome and Edge extension campaign infected 4.3 million users
A seven-year-long surveillance and monetization operation by a threat actor dubbed “ShadyPanda” has compromised over 4.3 million users via malicious browser extensions on Chrome and Edge. An investigation by Koi Security reveals that ShadyPanda orchestrated a multi-phase campaign beginning as early as 2018. The threat actor used a patient, trust-building strategy to distribute seemingly benign … The post 7-year Chrome and Edge extension campaign infected 4.3 million users appeared first on CyberInsider.
Cyberattacks Against the US Intensify as Russian Groups Target Engineering Firm
A new round of cyberattacks against the US has raised concerns about hidden attempts to access urban infrastructure systems, according to an update from the Center for Countering Disinformation. Investigators found that the attackers relied on SocGholish and RomCom, two tools widely used in cybercrime. While these tools are not new, their deployment in this case suggests a deliberate effort to imitate criminal activity and make attribution significantly harder. Security analysts say this approach has become more common in cyberattacks against the US, where Russian special services attempt to blur the line between criminal campaigns and state-backed operations. By doing so, they complicate forensic analysis and slow the response of US intelligence agencies, buying themselves more time inside targeted networks. Cyberattacks Against the US Engineering Firm The breached engineering company works closely with contractors that operate water supply networks, transportation systems, and emergency response services. During the intrusion, hackers reportedly accessed information about internal workflows and critical access points linked to these sectors. This type of information is valuable for anyone looking to understand how US infrastructure is managed, maintained, and defended. Even without causing immediate disruption, gaining insight into these processes can help adversaries identify weak spots or plan future interference. The breach also shows how third-party contractors continue to be an attractive entry point for attackers studying the broader ecosystem of American infrastructure. Use of SocGholish–RomCom Chain Raises Attribution Concerns The use of the SocGholish–RomCom chain is notable because it is frequently associated with financially motivated cybercrime. In this case, however, analysts say its deployment looks more like a cover than a coincidence. By leaning on familiar criminal tools, Russian-linked groups can: Disguise the true nature of the operation Blend in with regular cybercrime traffic Delay the time it takes to trace the activity Force investigators to sift through layers of misleading indicators This tactic has effectively created a “fog” around cyberattacks against the US, making it harder to quickly determine whether an incident is routine criminal activity or something more coordinated. Possible Motives Targeting an engineering firm suggests the attackers were not simply looking for data to sell. Analysts believe the motive was reconnaissance, specifically, understanding how infrastructure systems are structured and how contractors manage their access privileges. Such information could be used in the future to exploit vulnerabilities or carry out sabotage. Experts also point out that even an incomplete attack offers useful insights into how American cybersecurity teams respond, how fast they contain threats, and what defensive tools they rely on. The report also comes as international partners continue stepping up their own cybersecurity efforts. The Netherlands recently committed €10 million to join the UK’s cyber program supporting Ukraine, citing growing digital threats. Canada, meanwhile, expanded its sanctions to include more than 100 vessels from Russia’s “shadow fleet” and several organizations connected to the country’s cyber infrastructure. The move is part of a wider effort to limit the networks and resources that support Russian cyber operations.
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report
November 27, 2025
Poland Arrests Russian Suspected of Hacking E-Commerce Databases Across Europe
Polish authorities arrested a 23-year-old Russian citizen on November 16, after investigators linked him to unauthorized intrusions into e-commerce platforms, gaining access to databases containing personal data and transaction histories of customers across Poland and potentially other European Union member states. The suspect, who illegally crossed Poland's border in 2022 before obtaining refugee status in 2023, now faces three months of pre-trial detention as prosecutors examine connections to broader cybercrime operations targeting European infrastructure. Officers from the Central Bureau for Combating Cybercrime detained the Russian national after gathering evidence confirming he operated without required authorization from online shop operators, breaching security protections to access IT systems and databases before interfering with their structure. Expanding Investigation Into European Cyberattacks Polish Interior Minister Marcin Kierwinski announced the arrest Thursday, stating that investigators established the suspect may have connections to additional cybercriminal activities targeting companies operating across Poland and EU member states. Prosecutors are currently verifying the scope of potential damages inflicted on victims of these cyberattacks. According to Polish news outlets, the man was detained in Wroclaw where he had been living, with investigators saying he infiltrated a major e-commerce platform's database, gaining unauthorized access to almost one million customer records including personal data and transaction histories. The District Court in Krakow approved prosecutors' request for three-month detention, with officials indicating additional arrests are likely as the investigation widens. Authorities are analyzing whether stolen data was used, sold, or transferred to groups outside Poland, including potential connections to organized cybercrime or state-backed networks. Pattern of Russian Hybrid Warfare The arrest occurs amid heightened tensions as Poland reports intensifying cyberattacks and sabotage attempts that officials believe link to Russian intelligence services. Poland has arrested 55 people over suspected sabotage and espionage over the past three years, with all charged under Article 130 of the penal code pertaining to espionage and sabotage. The case represents part of a broader pattern of hostile cyber operations. Poland and other European nations have intensified surveillance of potential Russian cyberattacks and sabotage efforts since Moscow's full-scale invasion of Ukraine in 2022, monitoring suspected arson attacks and strikes on critical infrastructure across the region. Polish cybersecurity officials previously warned the country remains a constant target of pro-Russian hackers responding to Warsaw's support for Ukraine. Strategic, energy, and military enterprises face particular risk, with attacks intensifying through DDoS operations, ransomware, phishing campaigns, and website impersonation designed to collect personal data and spread disinformation. The Central Bureau for Combating Cybercrime emphasized that the investigation remains active and developmental, with prosecutors continuing to gather evidence about the full extent of the suspect's activities and potential co-conspirators. Also read: DDoS-for-Hire Empire Dismantled as Poland Arrests Four, U.S. Seizes Nine Domains
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the
Malicious LLMs empower inexperienced hackers with advanced tools
Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement.
Massive GitLab scan finds 17,000+ valid secrets in public repositories
Security engineer Luke Marshall scanned over 5.6 million public GitLab repositories using TruffleHog and uncovered 17,430 verified live secrets, including API keys, cloud credentials, and access tokens. The research is the second part of Marshall's investigation into secret exposure across major Git platforms. His earlier Bitbucket study scanned 2.6 million repositories and uncovered 6,212 valid … The post Massive GitLab scan finds 17,000+ valid secrets in public repositories appeared first on CyberInsider.
Asahi Data Breach Impacts 2 Million Individuals
Hackers stole the personal information of customers and employees before deploying ransomware and crippling Asahi’s operations in Japan. The post Asahi Data Breach Impacts 2 Million Individuals appeared first on SecurityWeek.
FCC fines Comcast $1.5 million for data breach exposing client PII
The US Federal Communications Commission (FCC) has reached a $1.5 million settlement with Comcast Cable Communications following a data breach at a third-party vendor that exposed sensitive data of over 237,000 Comcast subscribers. The breach stemmed from a February 2024 security incident at debt collector Financial Business and Consumer Solutions, Inc. (FBCS), a former Comcast … The post FCC fines Comcast $1.5 million for data breach exposing client PII appeared first on CyberInsider.
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra
GreyNoise launches free scanner to check if you're part of a botnet
GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks.
Asahi says Qilin ransomware attack exposed data of 1.5 million people
Asahi Group Holdings has confirmed that a ransomware attack, which disrupted its operations in late September, led to the exposure of personal data affecting over 1.5 million individuals. The announcement, released earlier today following the conclusion of a formal investigation, sheds new light on the scale and specifics of the breach attributed to the Qilin … The post Asahi says Qilin ransomware attack exposed data of 1.5 million people appeared first on CyberInsider.
OpenAI User Data Exposed in Mixpanel Hack
Multiple Mixpanel customers were impacted by a recent cyberattack targeting the product analytics company. The post OpenAI User Data Exposed in Mixpanel Hack appeared first on SecurityWeek.
OpenAI discloses API user data breach via third-party Mixpanel
A security incident at Mixpanel, a third-party analytics provider used by OpenAI, led to the exposure of user metadata from OpenAI's API platform. While no sensitive data or systems were compromised, the breach affected identifiable information from some API users. OpenAI uses Mixpanel for frontend web analytics on its API platform (platform.openai.com). The service provides … The post OpenAI discloses API user data breach via third-party Mixpanel appeared first on CyberInsider.
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel.
OpenAI Confirms Mixpanel Breach Impacting API User Data
OpenAI has confirmed a security incident involving Mixpanel, a third-party analytics provider used for its API product frontend. The company clarified that the OpenAI Mixpanel security incident stemmed solely from a breach within Mixpanel’s systems and did not involve OpenAI’s infrastructure. According to the initial investigation, an attacker gained unauthorized access to a portion of Mixpanel’s environment and exported a dataset that included limited identifiable information of some OpenAI API users. OpenAI stated that users of ChatGPT and other consumer-facing products were not impacted. OpenAI Mixpanel Security Incident: What Happened The OpenAI Mixpanel security incident originated on November 9, 2025, when Mixpanel detected an intrusion into a section of its systems. The attacker successfully exported a dataset containing identifiable customer information and analytics data. Mixpanel notified OpenAI on the same day and shared the affected dataset for review on November 25. OpenAI emphasized that despite the breach, no OpenAI systems were compromised, and sensitive information such as chat content, API requests, prompts, outputs, API keys, passwords, payment details, government IDs, or authentication tokens were not exposed. The exposed dataset was strictly limited to analytics data collected through Mixpanel’s tracking setup on platform.openai.com, the frontend interface for OpenAI’s API product. Information Potentially Exposed in the Mixpanel Data Breach OpenAI confirmed that the type of information potentially included in the dataset comprised: Names provided on API accounts Email addresses associated with API accounts Coarse location data (city, state, country) based on browser metadata Operating system and browser information Referring websites Organization or User IDs linked to API accounts OpenAI noted that the affected information does not include chat content, prompts, responses, or API usage data. Additionally, ChatGPT accounts, passwords, API keys, financial details, and government IDs were not involved in the incident. OpenAI’s Response and Security Measures In response to the Mixpanel security incident, OpenAI immediately removed Mixpanel from all production services and began reviewing the affected datasets. The company is actively notifying impacted organizations, admins, and users through direct communication. OpenAI stated that it has not found any indication of impact beyond Mixpanel’s systems but continues to closely monitor for signs of misuse. To reinforce user trust and strengthen data protection, OpenAI has: Terminated its use of Mixpanel Begun conducting enhanced security reviews across all third-party vendors Increased security requirements for partners and service providers Initiated a broader review of its vendor ecosystem OpenAI reiterated that trust, security, and privacy remain central to its mission and that transparency is a priority when addressing incidents involving user data. Phishing and Social Engineering Risks for Impacted Users While the exposed information does not include highly sensitive data, OpenAI warned that the affected details, such as names, email addresses, and user IDs, could be leveraged in phishing or social engineering attacks. The company urged users to remain cautious and watch for suspicious messages, especially those containing links or attachments. Users are encouraged to: Verify messages claiming to be from OpenAI Be wary of unsolicited communication Enable multi-factor authentication (MFA) on their accounts Avoid sharing passwords, API keys, or verification codes OpenAI stressed that the company never requests sensitive credentials through email, text, or chat. OpenAI confirmed it will provide further updates if new information emerges from ongoing investigations. Impacted users can reach out at mixpanelincident@openai.com for support or clarification.
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we
Asahi Group Cyberattack: Data of 2 Million Customers and Employees Potentially Exposed
Japanese beverage giant Asahi Group Holdings has confirmed new findings in its ongoing investigation into the Asahi Group cyberattack, revealing that personal information linked to around 2 million customers, employees, and external contacts may have been exposed. The update follows a detailed forensic review of the system disruption that struck its domestic servers on September 29. President and Group CEO Atsushi Katsuki addressed the media in Tokyo, offering an apology while outlining the company’s path toward full recovery. Katsuki said Asahi expects to resume automated orders and shipments by December, with full logistics normalization anticipated by February. Asahi Group Cyberattack Investigation Reveals Scale of Data Exposure According to the company, the Asahi Group cyberattack involved ransomware, which encrypted files across multiple servers and some company-issued PCs. Asahi confirmed that while systems in Japan were affected, no impact has been identified on overseas operations. A hacker group known as Qilin has claimed responsibility on the dark web, stating it had stolen internal documents and employee data. Asahi, however, reported no evidence that personal data has been published online. Katsuki also clarified that no ransom payment was made. The attack previously forced Asahi to delay its January–September financial results, initially scheduled for November 12. Timeline and Technical Findings Asahi’s latest report outlines the internal timeline and technical assessment: At 7:00 a.m. JST on September 29, systems began malfunctioning, and encrypted files were soon discovered. By 11:00 a.m. JST, the company disconnected its network and isolated the data center to contain the attack. Investigators later revealed the attacker gained entry via network equipment at a Group site, deploying ransomware simultaneously across multiple servers. Forensic reviews confirmed potential exposure of data stored on both servers and employee PCs. The impact remains limited to Japan-managed systems. As part of regulatory requirements, Asahi submitted its final report to the Personal Information Protection Commission on November 26. Details of Potentially Exposed Personal Information As of November 27, the company has identified the following potentially affected groups and data types: Customer Service Center contacts from Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods Name, gender, address, phone number, email address — 1,525,000 individuals External contacts receiving congratulatory or condolence telegrams Name, address, phone number — 114,000 individuals Employees and retirees Name, date of birth, gender, address, phone number, email address, other details — 107,000 individuals Family members of employees/retirees Name, date of birth, gender — 168,000 individuals Asahi confirmed that no credit card information was included in the exposed data sets. The company has set up a dedicated helpline (0120-235-923) for concerned individuals. System Restoration and Strengthened Cybersecurity Measures Following the Asahi Group cyberattack, the company spent two months containing the incident, restoring essential systems, and reinforcing security defences. These measures include: A full forensic investigation by external cybersecurity experts Integrity verification of affected systems and devices Gradual restoration of systems confirmed to be secure Preventive actions now underway include: Redesigned network communication routes and stricter connection controls Limiting internet-facing connections to secure zones Upgraded security monitoring for improved threat detection Revised backup strategies and refreshed business continuity plans Enhanced security governance through employee training and external audits In his public statement, Katsuki said, “We apologize for any difficulties caused to our stakeholders by the recent system disruption. We are making every effort to restore systems quickly while strengthening information security across the Group.” He added that product shipments are being restored in phases as recovery progresses. With investigation findings now submitted to regulators and system restoration underway, the company aims to prevent any recurrence while reassuring customers and partners affected by the Asahi Group cyberattack.
November 26, 2025
New ShadowV2 botnet malware used AWS outage as a test opportunity
A new Mirai-based botnet malware named 'ShadowV2' has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities.
Popular Forge library gets fix for signature verification bypass flaw
A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid.
Comcast to pay $1.5M fine for vendor breach affecting 270K customers
Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "
U.S. CodeRED Emergency Alert System Down After Ransomware Attack
Crisis24’s OnSolve CodeRED emergency alert system has been disrupted by a cyberattack, leaving local governments throughout the U.S. searching for alternatives or waiting for a new system to come online. The INC ransomware group has claimed responsibility for the attack. Some personal data of users may have been exposed in the attack, including names, addresses, email addresses, phone numbers, and passwords, and users have been urged to change passwords for other accounts if the same password is used. Crisis24 is launching a new secure CodeRED System that was already in development, and local governments had varying reactions to the crisis. New CodeRED Emergency Alert System Expected Soon Several U.S. local governments issued statements after the attack, updating residents on the CodeRED system’s status and their plans. The City of University Park, Texas, said Crisis24 is launching a new CodeRED System, which was already in the works. “Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening,” the city said in its statement. “The provider decommissioned the OnSolve CodeRED platform and is the process of moving all customers to its new CodeRED platform.” Craven County Emergency Services in North Carolina said the new CodeRED platform “will be available before November 28.” In the meantime, Craven County said announcements and alerts will continue to be released through local media, the Craven County website, or on Craven County’s social media accounts. The Douglas County Sheriff's Office in Colorado said on Nov. 24 that it took “immediate action to terminate our contract with CodeRED for cause. Our top priority is the privacy and protection of our citizens, which led to the decision to end our agreement with CodeRED.” The Sheriff’s Office said it “is actively searching for a replacement for the CodeRED platform.” The office said it still has the ability to issue “IPAWS” alerts to citizens when necessary, and “will continue to implement various contingency plans, including outreach through social media and door-to-door notifications, to ensure our community stays informed during emergency situations.” INC Ransom Claims Responsibility for CodeRED Attack The INC Ransom group claimed responsibility for the CodeRED emergency alert system attack on its dark web data leak site. The threat actors say they obtained initial access on Nov. 1, followed by network encryption on Nov. 10. The group claims to have exfiltrated approximately 1.15 TB before deploying encryption. To substantiate their claims, INC Ransom has published several data samples, including csv files with client-related data, threat intelligence company Cyble reported in a note to clients. Additionally, the group released two screenshots allegedly showing negotiation attempts, where the company purportedly offered as much as USD $150,000, an amount the attackers claim they refused.
Multiple London councils' IT systems disrupted by cyberattack
The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue.
Digital Fraud at Industrial Scale: 2025 Wasn't Great
Advanced fraud attacks surged 180% in 2025 as cyber scammers used generative AI to churn out flawless IDs, deepfakes, and autonomous bots at levels never before seen.
Thanksgiving holiday weekend kicks off heightened threat environment for security teams
As workers take family time and consumers race for Black Friday discounts, hackers gain an advantage to penetrate vulnerable corporate perimeters.
Malicious AI tools can generate ransomware payloads on-the-fly
The rapid evolution of malicious AI tools has entered a new and dangerous phase with the emergence of WormGPT 4 and KawaiiGPT, two uncensored large language models (LLMs) purpose-built for cybercrime. According to a new report from Palo Alto Networks’ Unit 42, these tools can generate phishing lures, ransomware payloads, data exfiltration scripts, and lateral … The post Malicious AI tools can generate ransomware payloads on-the-fly appeared first on CyberInsider.
Gainsight CEO promises transparency as it responds to compromise of Salesforce integration
The company has been in regular contact with customers, and says only a handful have seen data directly impacted.
Bug in jury systems used by several US states exposed sensitive personal data
An easy-to-exploit vulnerability in a jury system made by Tyler Technologies exposed the personally identifiable data of jurors, including names, home addresses, emails, and phone numbers.