Dior Confirms Data Breach Exposing Chinese Customer Information

Dior announced a data breach affecting Chinese customers, revealing unauthorized access to sensitive personal data, including names and addresses. Discovered on May 7, the breach did not compromise financial information. Affected customers were notified promptly, and the company is investigating the scope of the incident. Cybersecurity experts are assessing potential misuse of the exposed data within the luxury market. Read more

Nucor Shuts Down Production Lines Following Cybersecurity Incident

Nucor Corporation halted production at several sites due to a cybersecurity incident involving unauthorized access to internal systems. The company activated its incident response plan, taking affected systems offline to mitigate risks. Nucor is collaborating with external cybersecurity experts and has reported the incident to federal law enforcement. The exact nature of the breach remains unclear, and no specific data types have been confirmed as compromised. Read more

Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach

A hacker is reportedly selling 89 million Steam user records on the dark web, with the data likely originating from unauthorized access to a vendor dashboard rather than a direct Steam breach. The dataset includes phone numbers and SMS logs for two-factor authentication. Valve denies any breach of its systems and emphasizes that the leaked data does not contain sensitive account information. The investigation into the data’s source continues. Read more

HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage

HireClick experienced a data leak after an Amazon S3 bucket was left unsecured, exposing over 5.7 million resumes. The leaked files contain personal data such as names, addresses, and contact details, which creates significant risks for identity theft and phishing. Cybersecurity researchers identified the exposure, which was publicly accessible. HireClick has not yet responded to inquiries regarding the incident’s duration or specific impact. Read more

Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes

Valve has denied claims of a Steam data breach, asserting that leaked records consist only of expired SMS codes and do not include personal account information. The company confirmed that the data does not associate phone numbers with Steam accounts or contain payment details. Valve recommends users to enable the Steam Mobile Authenticator for enhanced security, but no immediate action is necessary regarding passwords or phone numbers. Read more

Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach

Memphis-Shelby County Schools has filed a federal lawsuit against PowerSchool due to a data breach that compromised personal information. The lawsuit alleges security failures and breach of contract, citing unauthorized access to sensitive data, including Social Security numbers and student information. Over 100 U.S. school districts are pursuing legal action against PowerSchool, and the complexity of switching vendors may hinder immediate responses. Read more

DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack

The DragonForce hacking group has claimed responsibility for a cyberattack on UK retailer Co-op, disrupting operations and compromising customer data. The sophisticated ransomware attack led to a shutdown of internal systems across multiple business units. Co-op is actively collaborating with authorities to assess the breach’s impact, reflecting a trend of state-aligned cybercrime that merges financial motives with geopolitical objectives. Read more

EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis

The EU has launched the European Union Vulnerability Database (EUVD) to enhance cybersecurity and reduce reliance on the U.S.-based CVE system. Developed by ENISA, the EUVD will provide critical vulnerability data relevant to European digital infrastructure. This initiative follows concerns over the stability of MITRE CVE’s funding. The EUVD is designed to complement existing systems, aggregating data to improve overall cyber resilience in Europe. Read more

Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes

Twilio has denied any breach after claims of leaked Steam 2FA codes surfaced, stating there is no evidence of compromise in its systems. The alleged leak involves SMS messages containing one-time passcodes, but Twilio maintains it has not been breached. The investigation continues, with suspicions pointing towards a third-party SMS provider as the possible source of the leak. Read more

VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines

Broadcom has patched a critical VMware Tools vulnerability affecting versions 12.x.x and 11.x.x, which allowed unauthorized access to local files within guest VMs. This flaw impacts both Windows and Linux platforms, enabling attackers with limited privileges to exploit insecure file operations. Organizations are urged to upgrade to VMware Tools version 12.5.2 to mitigate risks effectively. This incident highlights the need for secure configurations in virtualized environments. Read more

Thousands of Node Developers Compromised by Malware in Popular npm Packages

Recent reports reveal that thousands of Node.js developers have been compromised by malware embedded in popular npm packages. The malicious code is linked to supply chain attacks that exploit developer trust in widely used libraries. Security experts emphasize the importance of reviewing package dependencies and utilizing automated tools to identify vulnerabilities, highlighting ongoing risks in open-source software development. Read more

Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets

A Türkiye-backed threat actor has exploited a zero-day vulnerability in Output Messenger to conduct cyberespionage against Kurdish targets. The attack utilizes malicious payloads to infiltrate systems and gather sensitive information, reflecting ongoing geopolitical tensions. This incident underscores the necessity for continuous monitoring and patching of software vulnerabilities in sensitive environments to prevent such exploits. Read more

Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks

Moldovan authorities have arrested a suspect linked to the DoppelPaymer ransomware attacks, which have targeted various sectors globally. This arrest is part of a broader crackdown on cybercrime aimed at disrupting ransomware operations. Investigators are examining the suspect’s connections to previous attacks and potential recovery of stolen assets, highlighting ongoing efforts to combat ransomware threats. Read more

Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability

Chinese cyber actors are exploiting a zero-day vulnerability in SAP NetWeaver servers, targeting organizations for data exfiltration and espionage. Attackers employ sophisticated techniques to bypass security measures, highlighting the importance of timely patching and vulnerability management. Organizations are urged to assess their SAP environments for vulnerabilities and implement necessary defenses against these advanced threats. Read more

iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty

The iClicker website was compromised in a malware attack utilizing ClickFix, impacting students and faculty. The attack involved distributing malicious payloads, exploiting the platform’s user base. Security teams are investigating the extent of the breach and are implementing measures to secure the website. Users are advised to remain vigilant and monitor for any suspicious activity related to their accounts. Read more

LockBit Ransomware Gang Breached Internal Negotiation Data and Affiliate Info Leaked

The LockBit ransomware group has suffered a breach, leading to the leak of internal negotiation data and affiliate information. This incident raises concerns about the security of ransomware operations and potential internal conflicts among cybercriminal organizations. Ongoing investigations aim to assess the breach’s implications for affiliates and victims involved in these operations. Read more

Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients

Ascension reported a data breach exposing personal and health information of over 430,000 patients due to unauthorized access. The breach involved sensitive data, including medical records and Social Security numbers. Ascension is notifying affected individuals and enhancing security measures to prevent future incidents, highlighting risks associated with healthcare data security. Read more

---

Podcasts

Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients

The Ascension podcast discusses a significant data breach affecting over 430,000 patients, revealing unauthorized access to sensitive health information. The breach involved personal details such as medical records and Social Security numbers. Ascension emphasizes its commitment to patient privacy and outlines steps taken to enhance security measures post-breach. The discussion highlights ongoing challenges in healthcare data protection and the importance of safeguarding patient information against cyber threats. Read more

Chrome’s New Vulnerability CVE-2025-4664: A Security Flaw That Can Lead to Account Takeover

This podcast episode examines CVE-2025-4664, a critical vulnerability in Chrome that poses risks of account takeover. Security experts discuss the technical details of the flaw, its potential exploitation methods, and implications for users. The conversation also covers mitigation strategies that can be implemented until a patch is released, highlighting the urgency of addressing this security issue in widely used browser technology. Read more

Scattered Spider Targets UK and US Retailers: The Growing Threat to Major Brands

In this episode, experts analyze the rising threat posed by the Scattered Spider hacking group targeting major retailers in the UK and US. The discussion focuses on the group’s tactics, techniques, and procedures (TTPs) used to infiltrate retail systems. Security measures being implemented by affected brands and the overall impact on the retail sector are also explored, emphasizing the need for enhanced defenses against such cyber threats. Read more

Proofpoint Acquires Hornetsecurity for $1B: A New Era in Microsoft 365 Security

This podcast covers Proofpoint’s acquisition of Hornetsecurity for $1 billion, marking a significant shift in the cybersecurity landscape for Microsoft 365 users. Experts discuss how this merger is expected to enhance security offerings and improve protection against email-based threats. The implications for existing customers and the broader market are examined, highlighting the evolving nature of cybersecurity solutions in response to increasing threats. Read more

Exploited in the Wild: SAP NetWeaver Zero-Days Hit Fortune 500

The podcast discusses the exploitation of zero-day vulnerabilities in SAP NetWeaver, targeting Fortune 500 companies. Experts analyze the methods used by attackers to exploit these vulnerabilities and the potential consequences for affected organizations. The conversation highlights the necessity for robust security measures and timely patching to mitigate risks associated with such critical vulnerabilities in widely used enterprise software. Read more

Checkout Chaos: Inside the $3.5 Million-a-Day M&S Cyber Shutdown

This episode delves into the cyber shutdown of Marks & Spencer, resulting in significant financial losses. Experts discuss the attack’s impact on operations and the response measures taken to recover from the incident. The discussion emphasizes the importance of cybersecurity preparedness in retail environments and the financial ramifications of such disruptions. Read more

Targeted iOS Attacks: The Zero-Days Apple Had to Patch Fast

This podcast episode examines recent targeted zero-day attacks on iOS devices, prompting urgent patches from Apple. Experts discuss the nature of these vulnerabilities and the implications for user security. The conversation covers the rapid response required to address these threats and the ongoing risks posed by zero-day exploits in mobile environments. Read more

Texas vs Google: The $1.4 Billion Wake-Up Call for Data Privacy Violations

This episode analyzes the Texas vs. Google case, where the tech giant faces a $1.4 billion lawsuit for alleged data privacy violations. Experts discuss the legal implications and the broader impact on data privacy regulations in the tech industry. The conversation highlights the need for companies to reassess their data handling practices in light of increasing scrutiny and enforcement actions. Read more

Marbled Dust’s Zero-Day Exploit: Unveiling a Türkiye-Linked Espionage Campaign Against Kurdish Forces

This podcast investigates a zero-day exploit linked to a Türkiye-backed espionage campaign targeting Kurdish forces. Experts discuss the technical details of the exploit and its implications for regional security. The conversation highlights the intersection of cyber warfare and geopolitical tensions, emphasizing the need for vigilance against such threats. Read more

TeleMessage Exploit: Inside the Messaging Flaw That Hit Coinbase and CBP

This episode covers a significant messaging flaw in TeleMessage that affected both Coinbase and U.S. Customs and Border Protection. Experts analyze the technical aspects of the exploit and the potential risks associated with such vulnerabilities in communication platforms. The discussion emphasizes the importance of securing messaging services to prevent data breaches and unauthorized access. Read more

Rand User Agent: The npm Package That Opened a Backdoor

The podcast discusses the Rand User Agent npm package, which was found to contain a backdoor, posing risks to developers. Experts analyze how the malicious code was introduced and the implications for the open-source community. The conversation highlights the importance of scrutinizing dependencies in software development to prevent similar incidents from occurring. Read more

160,000 Victims Later: The Aspire USA Breach Under Valsoft’s Watch

This episode investigates the Aspire USA data breach, which affected 160,000 individuals. Experts discuss the circumstances surrounding the breach and the response measures implemented by Valsoft. The conversation highlights the ongoing challenges faced by organizations in protecting sensitive data and the repercussions of insufficient security practices. Read more

Backdoored by Cheap AI: How Fake npm Packages Compromised Cursor IDE

This podcast episode examines how fake npm packages, posing as legitimate software, compromised Cursor IDE through backdoors. Experts discuss the tactics used by attackers to infiltrate the development environment and the implications for software security. The conversation emphasizes the need for developers to remain vigilant against supply chain threats in open-source ecosystems. Read more