Transport for London suffered one of the UK's largest data breaches when hackers from the Scattered Spider crime group stole personal information from around 10 million customers in late 2024. The BBC discovered the true scale after obtaining a copy of the stolen database containing names, addresses, phone numbers, and email addresses.

TfL initially said only "some" customers were affected and has never publicly disclosed the full numbers. The attack disrupted online services and cost £39 million in damages, though London transport itself wasn't impacted. Two British teenagers face trial in June for the hack.

While TfL emailed over 7 million customers, only 58% opened the notifications, leaving millions unaware their data was stolen.

Source: BBC

The FBI is investigating a sophisticated cyber attack on an internal system containing sensitive surveillance information, including pen register data and personal details from investigations. The breach was discovered February 17 when agents noticed abnormal network activity.

Hackers used advanced techniques and exploited a commercial internet provider's infrastructure to penetrate FBI security controls. The compromised system holds law enforcement data like phone surveillance records and personally identifiable information about investigation subjects.

While the FBI confirmed the incident and says it addressed the suspicious activities, officials haven't identified who's responsible or revealed the full scope of the breach.

Source: Security Week

The Iranian hacking group MuddyWater has infiltrated multiple US organizations, including an airport, bank, aerospace defense contractor, and software company with Israeli operations, according to Broadcom's Symantec team. The attacks continued even after recent US and Israeli military strikes on Iran, suggesting ongoing cyber warfare amid regional tensions.

The hackers deployed new backdoors called Dindoor and Fakeset across victim networks, using fake certificates under names like "Amy Cherne" and "Donald Gay." They attempted to steal data from the software company's Israeli branch, highlighting their focus on Israeli-connected targets.

Linked to Iran's Ministry of Intelligence since 2017, MuddyWater has previously supported kinetic attacks by hacking Jerusalem CCTV cameras during missile strikes. While this specific campaign was disrupted, security experts warn other organizations remain vulnerable.

Source: Security Week

Cisco disclosed 48 vulnerabilities across its firewall products, including two critical flaws scoring perfect 10s on the severity scale. The most dangerous bugs affect the Secure Firewall Management Center (FMC), allowing attackers to bypass authentication and gain root access through crafted HTTP requests or malicious Java objects.

The vulnerabilities impact Cisco's ASA firewalls, Secure FTD systems, and FMC management platforms. Nine additional flaws earned "high" severity ratings, mostly denial-of-service bugs plus SQL injection issues.

Experts warn these critical vulnerabilities could give attackers control over network security at a fundamental level, letting them modify firewall rules or disable protections across multiple devices. Nation-state groups have increasingly targeted edge devices as primary attack vectors. Cisco urges immediate updates.

Source: Dark Reading

A Feb. 21 ransomware attack on Change Healthcare has crippled electronic billing systems nationwide, leaving doctors unable to process payments for weeks. The attack on UnitedHealth's subsidiary is being called "the most significant incident of its kind" against U.S. healthcare.

Doctors like Margaret Parsons in Sacramento can't bill electronically, while paper claims take months to process. Miami's Jackson Health System faces $30 million in lost payments if outages continue. Relief efforts have fallen short—one Long Island physician was offered just $540 weekly for a practice earning hundreds of thousands monthly.

Reports suggest hackers received $22 million in bitcoin, potentially encouraging future attacks. UnitedHealth says core systems won't be restored until later this month, highlighting dangerous vulnerabilities in America's healthcare infrastructure.

Source: CBS News

A critical vulnerability in FreeScout help desk software (CVE-2026-28289) lets attackers completely compromise servers without any user interaction. The flaw bypasses a recent security patch using an invisible zero-width space character in filenames, allowing hackers to upload malicious .htaccess files simply by sending an email to any FreeScout mailbox.

Rated 10/10 on the severity scale, this zero-click remote code execution attack affects all FreeScout 1.8.206 installations running on Apache servers. Successful exploitation gives attackers full server control, access to helpdesk tickets and emails, plus potential network access for further attacks. Users should immediately update to version 1.8.207.

Source: Security Week

Security researchers discovered a critical zero-click vulnerability called "Mail2Shell" in FreeScout, a popular open-source help desk application. The flaw (CVE-2026-28289) allows attackers to completely hijack mail servers without any user interaction or authentication.

The attack exploits a bypass in a recent security patch by using a hidden Unicode character (Zero-Width Space) in malicious email attachments. When FreeScout processes these crafted emails, the hidden character slips past security filters but gets stripped later, leaving dangerous files on the server.

With over 1,100 publicly exposed FreeScout instances used by healthcare, finance, and tech companies, this vulnerability poses serious risks. Successful attacks can lead to complete server takeover, data theft, and network infiltration. FreeScout released version 1.8.207 to fix the issue - administrators must update immediately.

Source: Cyber Security News

A Qualcomm graphics kernel vulnerability (CVE-2026-21385) is being exploited in "limited, targeted" attacks against Android devices. Google's March security bulletin flagged this high-severity flaw, which affects multiple chipsets and earned a 7.8 CVSS score.

Security experts believe the "limited, targeted" language suggests nation-state actors or commercial spyware vendors are behind the attacks, similar to previous Qualcomm zero-days linked to surveillance tools. The vulnerability requires local access and causes memory corruption during allocation.

Another critical flaw (CVE-2026-0047) allows privilege escalation without user interaction, though it needs existing device access. Patches are available through Qualcomm and Android's open source project, but users must wait for device manufacturers to deploy updates—a delay that matters when exploits spread rapidly.

Source: Dark Reading

Data breach notifications hit record highs last year, with 80% of Americans receiving at least one letter. The Identity Theft Resource Center says don't just toss these notices – they often include free identity protection services.

Experts recommend three key steps: freeze your credit (the most effective protection), change passwords on affected accounts, and consider adopting passkeys for future security. Parents should also freeze their children's credit.

The recent Conduent breach exemplifies delayed notifications – while disclosed in April, some of the 25 million affected people are just now receiving letters. Companies compromised names, Social Security numbers, and medical information, though no misuse has been detected yet.

Source: CBS News Philadelphia

Microsoft disclosed a critical zero-day vulnerability in Word (CVE-2026-21514) on February 10, 2026, that's being actively exploited by attackers. The flaw bypasses Word's security protections, allowing malicious documents to execute code without triggering the usual "Enable Content" warnings that alert users to threats.

The vulnerability affects multiple Office versions, including Microsoft 365, Office LTSC 2021/2024, and Mac editions. Attackers exploit it by sending specially crafted Word documents through phishing emails. When victims open these files, the exploit runs silently in the background.

Microsoft has released patches for all affected versions. CISA ordered federal agencies to update by March 3, 2026, highlighting the severity of this threat.

Source: Cybersecurity News