Phil Muncaster reports: Next.js developer Vercel has confirmed a cyber-incident conducted by a “highly sophisticated” attacker which may have resulted in threat actors getting hold of sensitive internal data. The US firm, which provides developer tools and cloud infrastructure, said in an updated April 21 notice that the unauthorized access originated from an employee’s use…
Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. “The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world,” Leandro Fróes, senior threat research engineer at
The Connexion reports: A large-scale trial is opening in Lyon this week after the discovery of a major data leak at a French work agency Adecco that left 72,000 victims in one of the most serious data-related frauds ever uncovered in France. 16 people are in the dock at the Lyon correctional court facing 22…
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit, which first emerged in August 2023, was described by Europol as one of the largest phishing
Ambrose Li reports: The local arm of international charity Oxfam violated the data protection law following a leak in July that potentially affected 550,000 people, Hong Kong’s privacy watchdog ruled in an investigation report on Thursday. […] “The privacy commissioner considered that Oxfam had not taken all practicable steps to ensure that the personal data…
Lawrence Abrams reports: Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. The flaw was addressed with an out-of-band security update released over the weekend, which Oracle said could be used to access “sensitive resources.” “This……
Dysruption Hub reports: Puerto Rico officials say a Thanksgiving-week cyberattack on IT contractor Truenorth Corporation briefly disrupted systems at three major agencies but did not compromise citizen data, even as independent reporting describes a broader ransomware incident. Truenorth Corporation, an IT services firm that runs key systems for multiple Puerto Rico government agencies, was the……
