Latest Security News Collection
Canadian Tire Data Breach Exposes Personal Data of 38 Million Customer Accounts
Section titled “Canadian Tire Data Breach Exposes Personal Data of 38 Million Customer Accounts”#DataBreach #CanadianTire #CyberSecurity #RetailSecurity #CustomerData #Ecommerce #PrivacyRisk #EncryptedPasswords #HaveIBeenPwned
Canadian retail giant Canadian Tire has confirmed a major data breach affecting more than 38 million customer accounts, making it one of the largest retail cyber incidents in Canada to date. According to SecurityWeek, the breach was discovered on 2 October 2025 and involved unauthorised access to an e‑commerce database used across several brands, including Canadian Tire, SportChek, Mark’s/L’Équipeur and Party City. The compromised data includes names, email addresses, phone numbers, physical addresses and encrypted passwords, with a smaller subset of accounts also exposing dates of birth and partial credit‑card details. Canadian Tire stressed that the leaked financial data could not be used for fraudulent transactions and that banking and loyalty programme systems were not affected. The incident came to wider attention after the dataset appeared on Have I Been Pwned, highlighting the scale of the exposure. Affected customers have been notified as investigations continue.
→ Read more on therecord.media
Web Server Exploits and Mimikatz Fuel Long‑Running Cyber Espionage Campaign in Asia
Section titled “Web Server Exploits and Mimikatz Fuel Long‑Running Cyber Espionage Campaign in Asia”#CyberEspionage #WebServerSecurity #Mimikatz #CredentialTheft #ThreatIntelligence #CriticalInfrastructure #AsiaCyberThreats #LivingOffTheLand #WebShells
A sustained cyber‑espionage campaign targeting critical infrastructure and high‑value organisations across Asia has been uncovered, combining web server exploits with credential‑stealing tools such as Mimikatz, according to The Hacker News. Researchers from Palo Alto Networks Unit 42 attribute the activity to a previously undocumented threat cluster tracked as CL‑UNK‑1068, believed to be focused on intelligence gathering. Active since at least 2021, the attackers exploit vulnerable web servers to deploy web shells, enabling persistent access and lateral movement across both Windows and Linux environments. Once inside, the group harvests sensitive files, database backups and credentials, often abusing living‑off‑the‑land tools to blend in with legitimate activity. Stolen data is quietly exfiltrated using creative techniques that avoid traditional upload detection. The campaign has hit sectors including energy, government, telecommunications and aviation, highlighting how web infrastructure weaknesses continue to provide a reliable foothold for sophisticated espionage operations.
→ Read more on thehackernews.com
Massive GitHub Malware Campaign Uses Fake Repositories to Spread BoryptGrab Stealer
Section titled “Massive GitHub Malware Campaign Uses Fake Repositories to Spread BoryptGrab Stealer”#GitHubMalware #BoryptGrab #InfoStealer #CyberCrime #MalwareCampaign #SupplyChainRisk #OpenSourceAbuse #CryptoTheft #ThreatIntelligence
Cybersecurity researchers have uncovered a large‑scale malware operation abusing GitHub to distribute the BoryptGrab information stealer, according to Security Affairs. Investigations by Trend Micro reveal that attackers used more than 100 public GitHub repositories posing as free software tools, utilities and game cheats. These repositories are heavily SEO‑optimised, allowing them to rank highly in search results and lure unsuspecting users into downloading malicious ZIP archives. Once executed, BoryptGrab steals browser credentials, cryptocurrency wallet data, system information and user files. Some variants also deploy a PyInstaller‑based backdoor called TunnesshClient, which establishes a reverse SSH tunnel for persistent remote access. The infection chain relies on techniques such as DLL sideloading, obfuscated launchers and multiple payload stages to evade detection. Evidence including Russian‑language code comments and infrastructure suggests a Russian‑speaking threat actor. The campaign highlights how trusted developer platforms are increasingly weaponised to deliver malware at scale.
→ Read more on securityaffairs.com
Ransomware Shifts Focus from Malware to Identity Abuse, Cloudflare Warns
Section titled “Ransomware Shifts Focus from Malware to Identity Abuse, Cloudflare Warns”#Ransomware #IdentitySecurity #Cloudflare #CyberThreats #StolenCredentials #PhishingAttacks #AIinCybersecurity #CriticalInfrastructure #ZeroTrust #AccessManagement
Ransomware attacks are increasingly driven by identity compromise rather than malicious software, according to a new Cloudflare threat report highlighted by Cybersecurity Dive. The findings show that attackers now rely heavily on stolen credentials, phishing and impersonation to gain access, allowing them to blend into legitimate network traffic before launching extortion. Cloudflare researchers describe modern ransomware as an identity and access crisis, where authorised accounts and session tokens are weaponised instead of traditional malware. The report also notes a sharp rise in attacks against manufacturing and critical infrastructure, which now account for more than half of all ransomware targets due to their operational sensitivity. Artificial intelligence is further accelerating this shift by enabling faster reconnaissance, more convincing social‑engineering lures and rapid exploit development. Cloudflare warns that defenders must move beyond malware detection and prioritise strong identity security, continuous monitoring and zero‑trust principles to counter this evolving threat landscape.
→ Read more on cybersecuritydive.com
AI Agents Are Now Helping Hackers Build and Run Attack Infrastructure
Section titled “AI Agents Are Now Helping Hackers Build and Run Attack Infrastructure”#AIThreats #CyberCrime #AttackInfrastructure #AgenticAI #ThreatIntelligence #NationStateHackers #Automation #CyberSecurity #NorthKorea
Cybercriminals and nation‑state hackers are increasingly using AI agents to automate the setup and management of attack infrastructure, according to The Register. Microsoft threat‑intelligence experts warn that so‑called agentic AI is being deployed to handle time‑consuming tasks such as reconnaissance, scanning networks, and standing up command‑and‑control systems. Instead of manually configuring servers or compromised assets, attackers can now instruct AI tools in natural language, dramatically speeding up campaign preparation and lowering technical barriers. Microsoft has observed North Korean threat groups, including actors linked to fake IT‑worker schemes, using development platforms and AI‑assisted workflows to rapidly deploy and test infrastructure at scale. This shift allows attackers to operate faster, cheaper and with greater stealth, making detection more difficult for defenders. Security researchers caution that AI‑driven infrastructure management represents a significant escalation, as it enables both sophisticated actors and less skilled criminals to launch complex operations with minimal effort.
→ Read more on theregister.com
AI‑Driven Phishing Uses LLMs to Generate Malicious JavaScript Directly in the Browser
Section titled “AI‑Driven Phishing Uses LLMs to Generate Malicious JavaScript Directly in the Browser”#AIPhishing #LLMSecurity #JavaScriptAttacks #BrowserSecurity #PaloAltoNetworks #Unit42 #CyberThreats #GenerativeAI #RuntimeAttacks
Security researchers from Palo Alto Networks’ Unit 42 have identified a new AI‑powered phishing technique that allows attackers to generate malicious JavaScript in real time inside a victim’s browser, according to Security‑Insider. Instead of hosting detectable phishing code on a server, attackers abuse trusted large language model (LLM) services such as Google Gemini or DeepSeek via client‑side API calls. By carefully manipulating prompts, threat actors can bypass AI safety controls and receive harmful JavaScript snippets that are assembled and executed only at runtime. This turns an initially harmless website into a fully functional, personalised phishing page within seconds. Because each visit produces a unique, polymorphic code variant and the content is delivered from reputable LLM domains, traditional network‑ and signature‑based defences struggle to detect the attack. Palo Alto Networks warns that this technique represents a new class of web attacks, highlighting the urgent need for runtime browser protection and behavioural analysis.
→ Read more on security-insider.de
Operation Candy: Two Seized Phones Expose a Vast Global Crime Network
Section titled “Operation Candy: Two Seized Phones Expose a Vast Global Crime Network”#OperationCandy #Europol #OrganisedCrime #DigitalForensics #EncryptedData #DrugTrafficking #MoneyLaundering #LawEnforcement #GlobalCrime
A major Europol‑led investigation known as Operation Candy has uncovered a large‑scale international organised crime network after forensic analysts extracted data from just two mobile phones seized in a small rural town in Sweden, according to Cybernews. What began as a local drug case in 2023 rapidly escalated when investigators uncovered encrypted communications, international contacts and financial records linking multiple criminal groups across Europe, Asia and Australia. Europol revealed that the networks were coordinating synthetic drug trafficking and large‑scale money laundering, using complex corporate structures to conceal ownership and financial flows. On 4 March 2026, authorities carried out around 20 coordinated raids, leading to at least 15 arrests in Sweden, Spain, Thailand and Australia. Officials described the case as a powerful example of how digital evidence from seized devices can unravel hidden criminal ecosystems and drive effective cross‑border law‑enforcement cooperation.
→ Read more on cybernews.com
Cyberattack on London Transport Authority Exposes Data of 10 Million Customers
Section titled “Cyberattack on London Transport Authority Exposes Data of 10 Million Customers”#CyberAttack #DataBreach #TransportForLondon #ScatteredSpider #UKCyberSecurity #PersonalData #DigitalInfrastructure #PublicSector #IncidentResponse
A major cyberattack on Transport for London (TfL) has resulted in the theft of personal data belonging to around 10 million customers, according to heise online. The breach occurred during a large‑scale attack on TfL’s IT systems in 2024, but the full extent has only now come to light. Stolen information includes names, email addresses, phone numbers and postal addresses, contained in a database of nearly 15 million records. The data was reportedly shared with the BBC by an anonymous source, which verified the material before deleting it. Investigators have linked the attack to the cybercrime group Scattered Spider, whose activities caused widespread disruption to TfL’s online services and digital displays, with estimated losses of £39 million. The incident is considered one of the largest cyberattacks in UK history. Critics say TfL failed to adequately warn affected users, leaving millions unaware of their exposure, although there is currently no evidence of further misuse of the data.
→ Read more on heise.de
Supply‑Chain Attacks: The Underestimated Cyber Threat Facing Businesses
Section titled “Supply‑Chain Attacks: The Underestimated Cyber Threat Facing Businesses”#SupplyChainSecurity #CyberRisk #ThirdPartyRisk #TrustedRelationships #CyberAttacks #BusinessContinuity #RiskManagement #Kaspersky #ITSecurity
Supply‑chain cyberattacks are affecting far more organisations than many realise, yet they remain widely underestimated, according to a report highlighted by it‑daily.net. A recent Kaspersky survey found that nearly one in three German companies experienced a supply‑chain attack within the past year, while a quarter were hit by so‑called trusted‑relationship attacks that abuse legitimate partner access. Despite the scale of the problem, only a small minority of organisations rate these attacks as a top risk, revealing a dangerous gap between actual exposure and risk perception. Medium‑sized firms are particularly vulnerable, as they often rely on numerous external partners without the security resources of larger enterprises. The consequences are significant: operational disruption, reputational damage and financial losses are common outcomes. Experts warn that as digital ecosystems grow more interconnected, attackers will increasingly target the weakest link in the chain, making supplier security and access governance critical priorities.
→ Read more on it-daily.net
LexisNexis Confirms New Data Breach After Hackers Leak Stolen Files
Section titled “LexisNexis Confirms New Data Breach After Hackers Leak Stolen Files”#LexisNexis #DataBreach #CyberSecurity #CloudSecurity #React2Shell #AWSMisconfiguration #ThirdPartyRisk #PersonalData #VulnerabilityManagement
Legal and data analytics giant LexisNexis has confirmed a new data breach after hackers publicly leaked files allegedly stolen from its systems, according to SecurityWeek. The attackers claim to have exfiltrated around 2 GB of data, including personal information linked to roughly 400,000 individuals, and attempted to extort the company. LexisNexis said the intrusion affected a limited number of servers containing mostly legacy and deprecated data from before 2020, and stressed that its core products and services were not impacted. Exposed information includes customer names, user IDs, business contact details, IP addresses from surveys and support tickets. The threat actors reportedly exploited the React2Shell vulnerability and misconfigured AWS infrastructure to gain access. While hackers allege a far broader compromise, including government‑linked accounts, LexisNexis maintains the incident has been contained and that no highly sensitive financial or identity data was involved. The case highlights the ongoing risks posed by unpatched vulnerabilities and cloud misconfigurations.
→ Read more on securityweek.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.