Commentaries and Analyses, Data Breach News, Vulnerabilities
September 17, 2025
445 views 23 secs 0

Self-Replicating Worm Hits 180+ Software Packages

KrebsOnSecurity.com reports: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. […]

Data Breach News
September 16, 2025
449 views 52 secs 0

JLR cyber attack: production won’t restart until 24 Sept at earliest

Autocar reports: JLR car production will not restart until 24 September at the earliest, the company has confirmed. The Jaguar and Land Rover maker was targeted by hackers on 1 September and is still in the process of rebuilding its computer systems. The group that hit Marks & Spencer earlier this year has claimed responsibility.  This has led to […]

Data Breach News
September 15, 2025
433 views 10 secs 0

Tiffany Korea acknowledges customer data leak, begins security overhaul

Chosun Biz reports an update to a previously disclosed breach affecting Tiffany Korea: Tiffany & Co., the luxury jewelry brand of LVMH (Louis Vuitton Moët Hennessy), announced that it became aware of a leak of key personal information, including customers’ names, postal and email addresses, and phone numbers. Through a notice on the 15th, Tiffany […]

Education Sector, Commentaries and Analyses, Data Breach News
September 15, 2025
432 views 21 secs 0

Watchdog warns of ‘insider threat’ of students launching cyberattacks on their schools

Public Technology reports: The UK’s data-protection watchdog has warned of a growing trend of cyberattacks on schools being perpetrated by pupils. The Information Commissioner’s Office recently analysed the details of 215 data breaches that took place across the education sector between January 2022 and August 2024 and were classified as “insider attacks”. Almost three in […]

Data Breach News, News
September 13, 2025
565 views 2 mins 0

Gucci, Balenciaga, Brioni, and Alexander McQueen allegedly hit by Salesforce attacks

More high-end retailers have reportedly fallen prey to Salesforce attacks. As first reported by DataBreaches.net, Gucci customer data was stolen last year. The data included more than 43 million records with customers’ names, age range, month and date of birth, email addresses, mobile phone numbers, addresses, total sales prices, and some additional information. The records […]

Data Breach News, Vendor News, Vulnerabilities
September 13, 2025
774 views 45 secs 0

FBI FLASH: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion

The FBI has issued an alert, FLASH-20250912-001. Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting […]

Data Breach News, Vendor News
September 12, 2025
581 views 19 secs 0

Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack

Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]

Legal News, Data Breach News
September 09, 2025
626 views 20 secs 0

Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program

From the U.S. Department of Defense, now called the Department of War: On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register.  The final rule will […]