The Cyber Security Hub Newsletter reports: British retail giant Marks & Spencer (M&S) has officially ended its long-standing partnership with Indian IT services leader Tata Consultancy Services (TCS) after suffering one of the most damaging cyberattacks in its history. The high-profile breach, which occurred earlier this year, is estimated to have cost the company around […]
Bank Info Security reports: Montana state regulators are investigating a data breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the health insurer’s third-party services providers – and they want to know why nearly 10 months have gone by without notifying the breach victims. It took nearly four months for the […]
Given how many breaches are at third-party service providers this year, guidance on dealing with vendors with an eye towards cybersecurity seems timely. October 21, 2025 New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on third-party service […]
The Sun reports: RUSSIAN cybercriminals have stolen hundreds of military documents and posted them on the dark web in a ‘catastrophic’ hack. The security breach compromised eight RAF and Royal Navy bases as well as emails and names of Ministry of Defence staff, as reported in The Mail on Sunday. The breach has been labelled ‘catastrophic’ and the MoD are investigating the […]
The Record reports: Capita, the United Kingdom’s largest outsourcing company, was on Wednesday fined £14 million ($18.7 million) over security failings that saw attackers compromise the personal information of 6.6 million people in a ransomware attack in 2023. The voluntary settlement is for less than a third of the £45 million ($60 million) Britain’s data […]
Bleeping Computer reports: Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle’s E-Business Suite servers. “Harvard is aware of reports that data associated with the University has been obtained […]
Hunton Andrews Kurth writes: When a cyber incident occurs and the insurer pays out the claim, they often face the frustrating reality that pursuing the actual criminals – the threat actors – for indemnification is virtually impossible. Thus, insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect […]
Bleeping Computer reports: Discord says they will not be paying threat actors who claim to have stolen the data of 5.5 million unique users from the company’s Zendesk support system instance, including government IDs and partial payment information for some people. The company is also pushing back on claims that 2.1 million photos of government IDs […]
The FBI Cyber Division has posted the following on LinkedIn to emphasize this critical alert and the need to patch and hunt promptly: Oracle just issued a Security Alert for CVE-2025-61882, a remote code execution vulnerability (CVSS 9.8 – Critical) affecting Oracle E-Business Suite versions 12.2.3 through 12.2.14. The vulnerability allows unauthenticated attackers to execute […]
Infosecurity Magazine reports: Read more at Infosecurity Magazine.
