Bleeping Computer reports: The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. For the past year, the threat actors have been targeting Salesforce customers in data theft attacks using social engineering and malicious OAuth applications to breach Salesforce instances and download data. The stolen data […]
The Record reports: Shares in a British automaker supplier plummeted 55% Wednesday as it warned that a cyberattack on Jaguar Land Rover (JLR) was impacting its business, adding to concerns that the incident is sending a “shockwave” through the country’s industrial sector, according to a senior politician. Shares in Autins, a company providing specialist insulation components for Jaguar […]
The Korea Herald reports that 2.97 million users, almost one third of the payment card’s 9.6 million customers, had their payment card data breached in an attack on Lotte Card’s online payments server: The stolen information comprises that which was generated and collected during online transactions processed through the compromised server between July 22 and […]
The Register reports that coming soon, entities in China will have only one hour from discovery to report a serious cyber incident — or even only 30 minutes if it is very serious: From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of […]
Autocar reports: JLR car production will not restart until 24 September at the earliest, the company has confirmed. The Jaguar and Land Rover maker was targeted by hackers on 1 September and is still in the process of rebuilding its computer systems. The group that hit Marks & Spencer earlier this year has claimed responsibility. This has led to […]
Chosun Biz reports an update to a previously disclosed breach affecting Tiffany Korea: Tiffany & Co., the luxury jewelry brand of LVMH (Louis Vuitton Moët Hennessy), announced that it became aware of a leak of key personal information, including customers’ names, postal and email addresses, and phone numbers. Through a notice on the 15th, Tiffany […]
Public Technology reports: The UK’s data-protection watchdog has warned of a growing trend of cyberattacks on schools being perpetrated by pupils. The Information Commissioner’s Office recently analysed the details of 215 data breaches that took place across the education sector between January 2022 and August 2024 and were classified as “insider attacks”. Almost three in […]
More high-end retailers have reportedly fallen prey to Salesforce attacks. As first reported by DataBreaches.net, Gucci customer data was stolen last year. The data included more than 43 million records with customers’ names, age range, month and date of birth, email addresses, mobile phone numbers, addresses, total sales prices, and some additional information. The records […]
The FBI has issued an alert, FLASH-20250912-001. Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting […]
Self-Replicating Worm Hits 180+ Software Packages
KrebsOnSecurity.com reports: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. […]