Google says that Chinese SMS phishing campaigns have collectively yielded somewhere between 15 million and 100 million stolen credit cards in the US alone. The case names 25 individuals and believes the hackers produced over 100 different fraudulent websites that made use of Google branding.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
DoorDash has confirmed a data breach that exposed customer, Dasher, and merchant information after an employee fell victim to a compelling social engineering scam.
With the first new release since 2021, the one thing that hasn't changed about the OWASP Top 10 is that "broken access control" is still the lead category after all this time, present as a security risk in 3.73% of the apps that were tested.
Logitech confirms a third-party data breach after Cl0p ransomware, which is infamous for exploiting Oracle’s E-Business Suite zero-day vulnerabilities, claims responsibility.
Anthropic's calls the incident the "first reported AI-orchestrated cyber espionage campaign" and has attributed it with high confidence to a Chinese state-sponsored group it calls GTG-1002. The campaign took place in mid-September and the integration of AI agents for performance of autonomous tasks is described as unprecedented.
The UK has experienced a long string of disruptive cyber incidents, but the announcement of the cyber resilience bill cites attacks on managed service providers as a particular impetus for the overhaul of existing laws.
Europol has dismantled a cybercrime operation tied to Elysium, Rhadamanthys, and VenomRAT malware networks, which stole millions of credentials and over 100,000 crypto wallets.
A new report from the Association of British Insurers (ABI) has tallied up the cyber insurance claims from 2024 and found that payout numbers more than tripled from those recorded in 2023, with a 230% year-on-year increase.
The Swedish Authority for Privacy Protection (IMY) is investigating a data breach at major government software supplier Miljödata that has compromised the personal information of 1.5 million people.
Scattered Spider, ShinyHunters, and LAPSUS$ are the three groups involved, and have collectively been the most active of the major cybercrime gangs over roughly the past year. The groups all had prior ties via "The Com," a broader collection of cyber criminals that loosely affiliate and come together for singular projects in a fluid way.










