Skip to content
Get weekly news collection

Latest Security News Collection

Security news collection - current edition

#NorthKoreaAPT #UNC2970 #CyberEspionage #AerospaceSecurity #MistpenMalware #SumatraPDFExploit #SocialEngineering #DefenceCyberThreat #MandiantReport #NationStateAttack

A North Korea-linked cyber-espionage group, tracked as UNC2970, has launched a targeted campaign against aerospace and energy companies across Europe and beyond. According to Mandiant researchers, the attackers impersonate recruiters on platforms like email and WhatsApp, luring victims with fake job offers. These messages contain malicious PDF files that can only be opened using a trojanised version of SumatraPDF, which installs a backdoor named Mistpen. This malware, disguised as a Notepad++ plugin, enables remote access and data exfiltration. The campaign appears to focus on senior-level employees, suggesting a strategic aim to access sensitive corporate and defence-related information.

→ Read more on therecord.media


#F5Breach #BIGIP #UNC5221 #NationStateAttack #CyberEspionage #ZeroDay #EdgeSecurity #ChinaHackers #CyberResilience #BRICKSTORM

F5 Networks disclosed a breach by China-linked group UNC5221, which infiltrated its systems for over a year. Attackers stole BIG-IP source code and details of undisclosed vulnerabilities. Over 680,000 F5 devices are exposed globally. The incident highlights the strategic targeting of edge infrastructure by nation-state actors.

→ Read more on thehackernews.com


#YaleNewHavenHealth #DataBreach #HealthcareCybersecurity #HIPAABreach #PatientPrivacy #CyberAttack2025 #ClassActionSettlement #HealthDataSecurity #InfoSec #BankInfoSecurity

Yale New Haven Health System, Connecticut’s largest healthcare provider, has agreed to an $18 million settlement following a March 2025 cyberattack that compromised the personal data of nearly 5.6 million individuals. The breach, the largest reported to US health regulators this year, involved unauthorised access to a network server. While no financial or treatment data was exposed, sensitive information such as names, birth dates, contact details, Social Security numbers, and medical record identifiers was potentially accessed. The attack was disclosed just days after detection, and several lawsuits were swiftly consolidated into a class action. Although the organisation’s Epic electronic medical records remained untouched, the incident has raised serious concerns about healthcare cybersecurity.

→ Read more on securityaffairs.com


#MujiCyberAttack #Ransomware #AskulBreach #SupplyChainRisk #EcommerceDisruption #RetailCybersecurity #ThirdPartyVulnerability #LogisticsSecurity #DataBreachAlert #SecurityAffairs

Japanese retail giant Muji has suspended its online sales following a ransomware attack on its logistics partner, Askul. The cyber incident disrupted critical services including order processing, app functionality, and website access. Askul confirmed the ransomware infection on 21 October 2025, which forced a halt to all order fulfilment, shipping, and customer support operations. While Muji’s internal systems were not directly compromised, the attack has significantly impacted its e-commerce capabilities. The company has not yet announced when services will resume and is currently investigating the potential exposure of customer data. No ransomware group has claimed responsibility so far.

→ Read more on securityaffairs.com


#UKCyberSecurity #NCSC #JaguarLandRover #Ransomware #SupplyChainRisk #CyberResilience #CriticalInfrastructure #BoardPriority #CyberThreats #DigitalDefence

The UK’s National Cyber Security Centre reported a 50% rise in “highly significant” cyberattacks affecting critical sectors. Incidents involving Jaguar Land Rover and major retailers exposed supply chain vulnerabilities. Officials urge businesses to treat cybersecurity as a board-level priority.

→ Read more on ibtimes.co.uk


#ChinaVsUSA #NSAHack #CyberDiplomacy #TimeServiceCenter #CyberWeapons #Espionage #InfrastructureAttack #GlobalCyberConflict #MSS #CyberWar

China claims the US NSA launched a cyberattack on its National Time Service Center, using 42 cyber weapons to infiltrate systems and attempt disruption of national infrastructure. The MSS alleges the attack was thwarted, escalating tensions in global cyber diplomacy.

→ Read more on theregister.com


#MicrosoftCyberReport #GermanyCyberThreat #DigitalDefence2025 #Ransomware #AIinCybercrime #QuantumSecurity #SupplyChainAttack #IdentityProtection #SecurityByDesign #CyberResilience

Germany has become one of the top four global targets for cyberattacks, according to Microsoft’s Digital Defense Report 2025. With 3.3% of all global cyber incidents directed at the country, critical sectors such as government, research, and industry are increasingly under threat. The report highlights a surge in ransomware, identity theft, and supply chain attacks, often enabled by poor multi-factor authentication and compromised credentials. Cybercriminals are now leveraging generative AI to automate phishing, malware deployment, and social engineering. Microsoft also warns of a geopolitical race in quantum computing, which could undermine current cryptographic standards.

→ Read more on security-insider.de


#AWSOutage #AmazonCloud #DynamoDB #DNSFailure #CloudInfrastructure #EC2Issues #NetworkLoadBalancer #ServiceDisruption #RootCauseAnalysis

Amazon has published a detailed root cause analysis of the widespread AWS outage that disrupted global internet services on 20 October 2025. The incident, which affected services like Prime Video, Amazon Music, and even the Signal messenger, originated from a latent defect in the DNS management system of DynamoDB in the US-EAST-1 region. The failure unfolded in three cascading phases: initial API errors in DynamoDB, connection issues in Network Load Balancers due to faulty health checks, and the inability to launch new EC2 instances. Although services were gradually restored by midnight, the outage exposed a critical single point of failure in Amazon’s cloud infrastructure.

→ Read more on heise.de


#DublinAirportBreach #CyberAttack #PassengerDataLeak #AviationSecurity #ThirdPartyRisk #SASAirlines #DAA #TravelCyberThreat #CollinsAerospace #CybernewsReport

A cyberattack on a third-party supplier used by Dublin and Cork Airports may have compromised the personal data of millions of passengers. The breach, which occurred in August 2025, involved the unauthorised access and potential publication of boarding pass information, including names, booking references, frequent flyer numbers, and travel itineraries. While the airport operator DAA confirmed that its own systems were not directly affected, it is working with the Irish Aviation Authority, the Data Protection Commission, and cybersecurity agencies to assess the full impact. Swedish airline SAS has also notified affected customers and regulators. The breach follows a broader wave of cyber incidents targeting aviation infrastructure, including a recent ransomware attack on Collins Aerospace.

→ Read more on cybernews.com


#PromptLock #AIRansomware #CyberThreats #ESETResearch #LuaScripts #OfflineMalware #SPECKEncryption #AIinCybercrime #MalwareEvolution #CyberSecurityAlert

Security researchers at ESET have uncovered PromptLock, the first known ransomware to use a locally embedded AI language model to autonomously generate attack scripts. Unlike traditional malware, PromptLock dynamically creates Lua scripts during execution, enabling it to adapt its behaviour—whether encrypting, copying, or deleting files—based on internal instructions. It operates across Windows, Linux, and macOS, and uses the SPECK 128-bit encryption algorithm. Notably, the malware does not rely on external command-and-control servers, making detection more difficult. Instead, it runs entirely offline, with even the ransom Bitcoin address hardcoded—curiously linked to Satoshi Nakamoto. Though currently considered a proof of concept, PromptLock demonstrates how AI can lower the barrier for cybercriminals and increase the sophistication of attacks.

→ Read more on it-daily.net

Contact us

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.