NEW
Microsoft’s Digital Crimes Unit (DCU) has dismantled a major phishing-as-a-service operation known as RaccoonO365, which stole thousands of Microsoft 365 credentials and targeted victims worldwide, including U.S. healthcare organizations. The takedown, announced on September 16, 2025, was made possible through a court order from the Southern District of New York.…
Luxury fashion giants Gucci, Balenciaga, and Alexander McQueen have confirmed a data breach after their parent company, Kering, was targeted by the hacker group ShinyHunters. The incident exposed customer data and raises concerns over scams and targeted phishing campaigns against high-value clients. How the Breach Happened According to Kering’s disclosure,…
Salesloft has confirmed that its GitHub account was the initial entry point in the supply chain breach tied to its Drift application, an incident that has already impacted at least 22 companies. The campaign has been attributed to UNC6395, the same threat actor linked to recent high-profile cloud and SaaS…
Chess.com has disclosed a limited data breach that affected just over 4,500 users after attackers exploited a third-party file transfer tool earlier this summer. The company emphasized that no passwords or payment data were exposed, and its core platform remains secure. How the Breach Happened According to Chess.com’s statement, the…
Cloudflare has confirmed a data breach affecting customer support case data, following the exploitation of its Salesforce environment through the Salesloft Drift supply chain attack. The company stressed that its core systems and infrastructure were not impacted, but sensitive case information tied to customer support was exposed. How the Breach…
TransUnion confirmed a major data breach affecting 4.4 million U.S. consumers, after attackers exploited a Salesforce environment to exfiltrate sensitive records. The breach exposed Social Security numbers (SSNs), personal identifiers, and other data tied to consumer credit files. Google’s Threat Analysis Group (TAG) linked the attack to UNC6395, the same…
On July 26, 2025, Allianz Life’s 1.4M customers hit by a vendor CRM breach via social engineering. PII stolen, raising cyber insurance concerns.
In July 2025, a colossal National Public Data leak exposed 2.9 billion records on a dark web forum, orchestrated by the hacking group USDoD. Containing names, Social Security numbers, addresses, and more from the U.S., Canada, and UK, this breach ranks among the largest ever, threatening widespread identity theft. This…
Recent research from CloudSEK reveals the growing sophistication of the Androxgh0st botnet, which is now targeting academic institutions such as UC San Diego. The malware uses remote code execution (RCE) vulnerabilities and web shells to infiltrate systems. Learn how this evolving threat operates — and what steps you can take…
