Latest News and Insights
Stay informed about the latest cybersecurity threats, BreachFeed updates, and industry insights.
Recent Cybersecurity News
Catwatchful - 61,641 breached accounts
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
Columbia University Hack Exposes Higher Ed Cyber Gaps
Experts Warn Funding Gaps Elevate Cyber Risk A breach of Columbia University’s IT systems after repeated attacks by U.S. President Donald Trump is highlighting how universities are unprepared for today’s threat landscape. Schools often leave campuses without enough resources for…
Breach Roundup: Phony Chinese Sites Mimic Retail Brands
Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and Journalists This week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT.…
Static Credentials Flaw Patched in Cisco Systems
Flaw Exposes Remote Privilege Escalation Risk Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log…
Medical Device Maker Surmodics Recovering From Attack
Latest Medical Device Vendor to Disclose a Recent Cyber Incident A Minnesota maker of catheters notified federal regulators it is recovering from a cyberattack discovered in early June that rendered a portion of its IT systems and data inaccessible. Threat…
Phishing Scammers Push for Callbacks in Latest Innovation
Telephone-Oriented Attack Delivery Social Engineering Tactic Thrives The phishing industry is a never ending source of innovation. Cyber fraudsters are determined to sneak their way into your inbox. Recent attacks involve callback phishing, a social engineering tactic designed to break…
Ransomware Group Hunters International Announces Exit
Cybercrime Experts Greet Announcement With Skepticism Hunters International said Thursday it closed shop, provoking skepticism among cybercrime experts who said it's more likely the Russian-speaking hackers behind the ransomware group will start up again under a new brand name. "Ransomware…
Hunters International shuts ransomware operations, reportedly becomes an extortion-only gang called World Leaks
Ransomware gang Hunters International says it’s shutting down its operations for unexplained reasons, and is offering decryption keys to victim organizations. The offer of decryption keys could be good news for CISOs whose data were recently scrambled and who can’t…
Cryptohack Roundup: Inside the $100M Nobitex Breach
Also: Dismantling a 460 Million Euro Crypto Fraud Network This week, a peek into Iran's largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M…
Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons…
New Cyber Blueprint Aims to Guide Organizations on AI Journey
Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.
Hunters International to provide free decryptors for all victims as they shut down
At the beginning of 2025, it appeared that Hunters International was abandoning encrypting victims and was re-branding as World Leaks. But Hunters kept updating their leak site with new encryption incidents instead of going extortion-only and becoming World Leaks. A…
Dark Web Vendors Shift to Third Parties, Supply Chains
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
Criminals Sending QR Codes in Phishing, Malware Campaigns
The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware.
IDE Extensions Pose Hidden Risks to Software Supply Chain
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.
Hardcoded root credentials in Cisco Unified CM trigger max-severity alert
Cisco has patched a max severity flaw in its Unified Communications Manager (Unified CM) and Session Management Edition (Unified CM SME) products that could let attackers walk right in using a hardcoded root login. The enterprise communications giant said the…
Attackers Impersonate Top Brands in Callback Phishing
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
SEC and SolarWinds Seek Settlement in Securities Fraud Case
Hunton Andrews Kurth writes: In a surprising development in the US Securities and Exchange Commission’s (“SEC’s”) ongoing securities fraud case against SolarWinds Corp. (“SolarWinds”) and its former chief information security officer (“CISO”), Timothy Brown, all three parties have petitioned the…
Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
IranWire reports: Iran’s subsidized bread distribution system remains crippled two weeks after cyberattacks targeted major banks, leaving bakers unable to access payments and forcing authorities to reimpose restrictions on bread sales. The disruption affects the nationwide Nanino electronic payment system,…
Hacker with ‘political agenda’ stole data from Columbia, university says
Suzanne Smalley reports: A hacktivist with a “political agenda” broke into Columbia University IT systems and stole “targeted” student data in recent weeks, a university official said Tuesday. It is unclear how long the hacker was in university systems but…
Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
Aman Mishra reports: A shadowy group known as Keymous+ has emerged as a formidable force in the cyber landscape, claiming responsibility for over 700 Distributed Denial of Service (DDoS) attacks in 2025 alone. Operating with a self-proclaimed identity as “North…
Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
Zack Whittaker reports: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of…
Erneute Cyberattacke auf Internationalen Strafgerichtshof
Der Internationale Strafgerichtshof wurde bereists zum zweiten Mal von einer Cyberattacke getroffen. Nominesine – shutterstock.com Der Internationale Strafgerichtshof (IStGH) ist Opfer eines raffinierten Cyberangriffs geworden, dem zweiten großen Cyberspionageversuch gegen das Kriegsverbrechertribunal innerhalb von nur zwei Jahren. Der jüngste Vorfall…
Surveillance Used by a Drug Cartel
Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and…
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust…
The Hidden Weaknesses in AI SOC Tools that No One Talks About
If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a…
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities…
Third-party risk management: How to avoid compliance disaster
Whether your organization is aware or not, it does relly on third-party services providers that help to make business processes more effective and efficient. However, working with third parties also involves risk. Companies should therefore establish a third-party risk management…
Sovereign by Design: Data Control in a Borderless World
How IT Leaders Can Navigate Regulatory Complexity, Use Tech for Digital Sovereignty From Schrems II to TikTok fines, data sovereignty is redefining the rules of digital engagement. It is no longer an option for enterprises. CIOs must navigate a maze…
Russland nutzt Medienplattform für Desinformation
Die Bundesregierung macht Russland für Desinformation im Netz verantwortlich. Skorzewiak – shutterstock.com Die Bundesregierung macht Russland für Desinformation verantwortlich, die über eine von der Türkei aus agierende Medienplattform verbreitet wird. Moskau nutze die dort registrierte Plattform “Red.” gezielt zur Informationsmanipulation,…