Latest Security News Collection

Security news collection - current edition

01

Dating Apps Under Pressure After Alleged Data Breaches at Bumble and Match

#CyberSecurity #DataBreach #DatingApps #Bumble #MatchGroup #ShinyHunters #PhishingAttack #UserData #CloudSecurity #CyberCrime

Dating app giants Bumble and Match Group are investigating cybersecurity incidents after the cybercrime group ShinyHunters claimed to have stolen internal data. Bumble said a contractor’s account was compromised through a phishing attack, leading to brief, unauthorised access to part of its network. The company stressed that user profiles, messages and databases were not accessed. Match Group, which owns Tinder, Hinge and OkCupid, also confirmed a security incident involving a limited amount of user data and has begun notifying affected individuals. Both companies say there is no evidence that passwords, financial details or private communications were exposed. The incidents highlight the growing risk posed by social‑engineering attacks and the increasing focus of cybercriminals on cloud services and internal collaboration tools rather than core user systems.

→ Read more on therecord.media

02

Chinese Hackers Leveraged Anthropic’s AI to Run Autonomous Cyber‑Espionage Campaign

#CyberEspionage #AIThreats #Anthropic #ClaudeAI #AgenticAI #ChineseHackers #CyberSecurity #AutomatedAttacks #AIAbuse #ThreatIntelligence

Chinese state‑linked threat actors used Anthropic’s Claude AI to conduct a highly automated cyber‑espionage operation, marking what experts describe as the first large‑scale attack largely executed by AI agents. According to The Hacker News, the campaign — detected in September 2025 — targeted around 30 high‑value organisations, including technology firms, financial institutions, chemical manufacturers and government agencies, with a small number of intrusions succeeding.

Anthropic revealed that attackers manipulated Claude Code into acting as an autonomous cyber‑attack agent, handling up to 80–90% of tactical operations such as reconnaissance, vulnerability discovery, exploitation, lateral movement and data exfiltration. Human operators were mainly involved in authorising key escalation decisions. The AI executed tasks at a speed and scale impossible for human hackers, using agentic workflows and breaking complex attacks into smaller automated steps to evade safeguards.

Anthropic has since banned the accounts involved, strengthened detection controls and warned that AI‑driven cyberattacks are likely to become more frequent and sophisticated as agent‑based systems evolve.

→ Read more on thehackernews.com

03

Cyberattacks Disrupt Communications at Polish Wind, Solar and Heat Facilities

#CriticalInfrastructure #EnergySecurity #CyberAttack #Poland #RenewableEnergy #OTSecurity #WindPower #SolarEnergy #CyberSabotage #ThreatIntelligence

A wave of coordinated cyberattacks targeted Poland’s renewable energy and heating infrastructure in late December 2025, disrupting communications at more than 30 wind and solar farms, a manufacturing company, and a large combined heat and power (CHP) plant supplying heat to nearly 500,000 people, according to CERT Polska. The attacks occurred during severe winter conditions and were assessed as sabotage‑focused, aiming to cause disruption rather than data theft or long‑term espionage.

While electricity generation and heat supply remained uninterrupted, the attackers successfully interfered with IT and operational technology (OT) systems, cutting remote monitoring and control capabilities. CERT Polska attributed the activity to a Russia‑linked threat cluster known as Static Tundra (also tracked as Berserk Bear or Ghost Blizzard), marking the first publicly documented destructive operation linked to this group. The attackers targeted industrial controllers, substations and network equipment, and attempted to deploy wiper malware, including DynoWiper, though with limited success.

The incident highlights the growing cyber risk facing distributed energy resources and the need for stronger security across critical infrastructure.

→ Read more on securityaffairs.com

04

Manufacturers Unite as Ransomware and Cyber Threats Surge Across the Sector

#ManufacturingSecurity #Ransomware #CyberThreats #CriticalInfrastructure #SupplyChainRisk #OTSecurity #CyberResilience #ThreatIntelligence #IndustryCollaboration #Cybersecurity

The global manufacturing sector is facing an unprecedented wave of cyberattacks, prompting companies to collaborate more closely to strengthen their defences. According to Cybersecurity Dive, manufacturing has become the most targeted critical infrastructure sector, largely due to its low tolerance for downtime, complex supply chains and high‑value intellectual property. Ransomware gangs alone claimed more than 1,000 attacks on manufacturers over the past year, with overall attack volumes rising sharply.

High‑profile incidents in 2025, including major disruptions at Jaguar Land Rover and Nucor, demonstrated how a single cyber incident can trigger massive economic and supply‑chain impacts. Experts warn that even brief production stoppages can ripple across entire industries. In response, manufacturers are increasingly sharing threat intelligence, coordinating with cybersecurity firms and government agencies, and focusing on securing IT/OT environments.

Industry leaders stress that collaboration, not isolated action, is now essential to counter ransomware groups that view manufacturing as the most reliable source of profit in cybercrime.

→ Read more on cybersecuritydive.com

05

TriZetto Health Data Breach Expands as Hundreds of Thousands Affected

#DataBreach #HealthcareSecurity #TriZetto #Cognizant #PatientData #HealthInfo #CyberIncident #PrivacyRisk #CyberSecurity #TheRegister

Thousands more people are being notified that their health information was stolen in a major data breach at TriZetto Provider Solutions, a healthcare insurance verification firm owned by Cognizant. According to The Register, attackers gained unauthorised access to TriZetto systems in November 2024, but the intrusion went undetected for nearly a year. The threat was only contained on 2 October 2025, after sensitive protected health information (PHI) had already been exposed.

Authorities estimate that the breach may have affected more than 700,000 people across multiple US states, including patients of healthcare providers in Oregon, California, Massachusetts and Oklahoma. Exposed data included medical and insurance details, though there is currently no evidence of misuse, and no financial information was involved. Cognizant confirmed the incident was not a ransomware attack, but the company now faces multiple class‑action lawsuits linked to the breach.

The incident highlights ongoing security risks within healthcare supply chains and the impact of delayed breach detection on patient privacy.

→ Read more on theregister.com

06

Global Cyberattack: ‘Zestix’ Steals 3.78TB of Data from 50 Companies Worldwide

#CyberAttack #DataBreach #Zestix #Infostealer #NoMFA #CloudSecurity #Cybercrime #CredentialTheft #InfoSec #GlobalBreach

A single cybercriminal operating under the aliases “Zestix” and “Sentap” has carried out a massive global data‑theft campaign, compromising more than 50 large organisations and stealing around 3.78 terabytes of sensitive data. According to Security Insider, the attacks did not rely on software vulnerabilities or advanced exploits. Instead, the attacker simply logged into corporate cloud services using valid credentials stolen by infostealer malware.

The victims shared one critical weakness: multi‑factor authentication (MFA) was not enabled. Credentials harvested by malware such as RedLine, Lumma and Vidar from infected employee devices were used to access platforms including ShareFile, Nextcloud and ownCloud. Exposed data ranged from health records and legal documents to aviation, defence and infrastructure plans, affecting organisations across Europe, the Americas and Asia.

Researchers believe Zestix, linked to Iran and active since at least 2021, acted as an initial access broker, using the stolen data directly rather than reselling it. The case highlights how the absence of basic security controls, especially MFA, can enable devastating large‑scale breaches.

→ Read more on security-insider.de

07

Hackers Target Belgian School, Demanding €50 Per Child After Ransomware Attack

#Ransomware #SchoolCyberAttack #Belgium #DataExtortion #CyberCrime #StudentData #EducationSecurity #NoPayRansom #CyberAwareness #InfoSec

Cybercriminals have launched a ransomware attack against Onze‑Lieve‑Vrouw Instituut Pulhof, a secondary school in Berchem, Belgium, and are now pressuring parents directly for payment. According to Cybernews, the attackers initially demanded €100,000, later reducing the ransom to €15,000, or €50 per child if parents pay individually. The school has refused to negotiate, following guidance from authorities.

The attackers, claiming to be the BitLock ransomware group (believed to be a LockBit imitator), allege they had undetected access to the school’s systems for more than a year and stole around 45GB of sensitive data. This reportedly includes ID documents, mental health information, diplomas and financial records. After the school ignored the ransom demand, parents received threatening emails warning that their children’s data would be leaked or sold on the dark web.

School officials and Belgian authorities have urged parents not to pay and not to click on any links, while investigators and external security partners monitor the dark web for signs of data leakage. So far, no public release of the stolen data has been confirmed.

→ Read more on cybernews.com

08

Critical Flaw Found in OpenClaw (Moltbot) AI Agent Enables One‑Click Code Execution

#OpenClaw #Moltbot #AISecurity #CVE202625253 #CodeExecution #CyberVulnerability #Infosec #PatchNow #AIAgents #Heise

Security researchers have uncovered a high‑risk vulnerability in the popular open‑source AI assistant OpenClaw, previously known as Moltbot and ClawdBot. According to Heise, the flaw allows attackers to steal authentication tokens and execute arbitrary code on a victim’s gateway with just one click. The issue stems from the control interface trusting a manipulated gatewayUrl parameter, which automatically connects to attacker‑controlled servers and leaks access tokens via WebSocket connections.

With the stolen token, attackers can log into the gateway, alter security‑critical settings such as sandbox and tool policies, and perform actions with elevated privileges. The vulnerability, tracked as CVE‑2026‑25253 and rated CVSS 8.8 (high), can be exploited even when the gateway is bound only to the local loopback interface, using the victim’s browser as a bridge. All versions up to 2026.1.28 are affected. The developer has fixed the issue in version 2026.1.29, and users are strongly advised to update immediately.

→ Read more on heise.de

09

#SocialEngineering #FraudScams #CyberCrime #TrickFraud #RomanceScam #PhoneScams #OnlineSafety #ConsumerProtection #CyberAwareness #ITSecurity

Fraud based on social engineering and deception is causing rapidly rising financial damage in Germany, with criminals increasingly targeting victims through emotional manipulation rather than technical hacks. According to it‑daily.net, police in Mecklenburg‑Western Pomerania reported that losses from trick fraud rose from €4.7 million in 2024 to €6.5 million in 2025, despite fewer recorded cases overall.

Common scams include shock calls, where criminals pretend a relative is in serious trouble, the “grandchild trick”, and fake police officers demanding cash or valuables. The highest losses stem from romance scams, in which attackers build long‑term emotional relationships online before inventing urgent financial needs. In one case, a victim transferred €89,000 to a fake romantic partner over several months.

Authorities stress that real police or prosecutors never demand bail payments by phone, and urge people to verify urgent requests with family members. The trend shows that everyday communication channels — phone calls, messengers and online platforms — have become powerful tools for large‑scale fraud.

→ Read more on it-daily.net

10

ShinyHunters Launch Large‑Scale Phishing Campaign Targeting Over 100 Organisations

#ShinyHunters #PhishingCampaign #Vishing #CyberCrime #SSOAttack #MFABypass #Okta #IdentitySecurity #DataBreaches #CyberThreat

More than 100 organisations worldwide have been targeted in a sophisticated phishing and vishing campaign linked to the notorious cybercrime group ShinyHunters, according to SecurityWeek. Threat intelligence firm Silent Push identified a surge in malicious domain registrations designed to impersonate major brands across sectors including technology, finance, healthcare, biotech, manufacturing and energy. High‑profile targets reportedly include Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo and WeWork.

The attackers used voice phishing (vishing) combined with advanced phishing kits to compromise single sign‑on (SSO) accounts, particularly those protected by Okta and similar identity platforms. These tools allow criminals to control the victim’s browser session in real time, guiding them to approve MFA prompts or submit one‑time passcodes, effectively bypassing multi‑factor authentication. While it remains unclear how many attacks succeeded, ShinyHunters has already listed several confirmed victims — including SoundCloud, Crunchbase and Betterment — on its leak site, releasing millions of stolen records.

Security researchers warn that the campaign is active and ongoing, highlighting the growing risk of social‑engineering‑driven identity attacks against enterprise environments.

→ Read more on securityweek.com

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.