The Daily Beast reports: Four airports across the U.S. and Canada were hacked to display a series of pro-Hamas and anti-Trump messages, causing flights to be delayed. Videos posted by passengers at Harrisburg International Airport in Pennsylvania showed loudspeakers blasting pro-Palestinian messages in Arabic while flight information screens broadcast messages reading “Israel lost the war, […]
The Record reports: The federal government has issued an emergency directive ordering all civilian agencies to update products from F5 after the security company said a nation-state actor had long-term persistent access to source code and information about undisclosed vulnerabilities during a breach discovered in August. The Cybersecurity and Infrastructure Security Agency (CISA) said it “has identified […]
From the New York Attorney General’s Office:
The Register reports: Cyberattacks that meet upper severity thresholds set by the UK government’s cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled. GCHQ’s cyber arm, the National Cyber Security Centre’s (NCSC), said in its annual review published today that its incident management team handled 429 […]
KrebsOnSecurity.com reports: The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, which shattered […]
Hunton Andrews Kurth writes: When a cyber incident occurs and the insurer pays out the claim, they often face the frustrating reality that pursuing the actual criminals – the threat actors – for indemnification is virtually impossible. Thus, insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect […]
CSO reports: Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 […]
Bleeping Computer reports: Discord says they will not be paying threat actors who claim to have stolen the data of 5.5 million unique users from the company’s Zendesk support system instance, including government IDs and partial payment information for some people. The company is also pushing back on claims that 2.1 million photos of government IDs […]
The FBI Cyber Division has posted the following on LinkedIn to emphasize this critical alert and the need to patch and hunt promptly: Oracle just issued a Security Alert for CVE-2025-61882, a remote code execution vulnerability (CVSS 9.8 – Critical) affecting Oracle E-Business Suite versions 12.2.3 through 12.2.14. The vulnerability allows unauthenticated attackers to execute […]
IT Pro reports two men have been arrested in connection with the attack on Kido schools in which individuals calling themselves Radiant Group first posted pictures, names, and details of nursery school kids and threatened to dump all 8,000, and then deleted the data and apologized. The UK’s Metropolitan Police have arrested two teenagers for […]
