Western Sydney University Data Breach Exposes 10,000 Student Records
Western Sydney University (WSU) has confirmed a data breach impacting approximately 10,000 current and former students. Discovered in early 2025, the unauthorized access resulted in the publication of sensitive student data on the dark web. The breach is believed to have originated from the university’s sign-on system, prompting a swift response to secure the network and notify affected individuals. Read more
Treasury OCC Data Breach: Hackers Accessed 150,000 Emails Since June 2023
The Treasury’s Office of the Comptroller of the Currency (OCC) experienced a significant data breach, revealing over 150,000 emails and sensitive financial data. Attackers gained access through a compromised email system administrator account, remaining undetected for months. The breach raises concerns about national security and the integrity of the financial sector. Read more
Mirai Botnet Exploiting TVT DVRs
A new variant of the Mirai botnet is targeting TVT NVMS9000 digital video recorders, exploiting a vulnerability that allows attackers to gain administrator access. This surge in attacks, peaking on April 3, 2025, has seen over 2,500 unique IP addresses involved in scanning for vulnerable devices. The compromised DVRs pose risks of being used for DDoS attacks and other malicious activities. Read more
Rödl Management Data Breach, Personal Data Exposed
Rödl Management reported a data breach that occurred between January 30 and February 9, 2024, compromising confidential consumer information. The breach was detected by the company’s managed service provider, prompting an immediate investigation and notification to affected individuals. While specific details of the compromised data remain undisclosed, personalized letters have been sent to victims detailing the breach. Read more
Kellogg Data Breached: Clop Ransomware Exploits Cleo Zero-Day Vulnerabilities
WK Kellogg Co. confirmed a data breach linked to the Clop ransomware gang, exposing employee names and Social Security numbers. The attackers exploited two zero-day vulnerabilities in Cleo file transfer software. In response, Kellogg is offering affected individuals free identity monitoring and is working to improve security measures to prevent future incidents. Read more
Texas State Bar Data Breach Exposes Sensitive Attorney Information
The Texas State Bar experienced a major data breach, exposing sensitive information of over 100,000 licensed attorneys, including Social Security numbers and financial details. The INC ransomware group claimed responsibility for the attack. In response, the State Bar is providing complimentary credit monitoring and has implemented additional security measures. Read more
Everest Ransomware: Data Extortionist Turned Initial Access Broker
The Everest ransomware group has evolved from data extortion to acting as an Initial Access Broker (IAB), primarily targeting healthcare providers. The group has been linked to significant breaches, selling access to compromised networks to other malicious actors. This shift highlights the increasing sophistication and adaptability of ransomware threats in the cybersecurity landscape. Read more
Excerpt
This week in cybersecurity highlights critical incidents, including multiple data breaches affecting educational and legal institutions, the resurgence of the Mirai botnet, and the evolving tactics of ransomware groups.
