Three London councils - Kensington and Chelsea, Westminster, and Hammersmith and Fulham - were struck by a cyber attack Monday that potentially compromised residents' personal data. The councils share IT systems, allowing attackers to move between networks quickly.

Officials immediately contacted the Information Commissioner's Office and brought in the National Cyber Security Centre and specialist experts to contain the breach. Multiple systems remain offline as teams work around the clock to restore services.

Cybersecurity experts warn this shows signs of a "serious intrusion" targeting councils' sensitive data including social care files, housing records, and identity documents. The attack highlights ongoing vulnerabilities in local government systems operating on tight budgets.

Source: Sky News

A devastating supply chain attack has infected 640 NPM packages with the upgraded Shai-Hulud worm, targeting major platforms like AsyncAPI, PostHog, and Postman with over 130 million monthly downloads combined. The malware spreads through preinstall scripts, dramatically expanding its reach across developer machines and CI/CD pipelines.

Unlike the September version that infected 180 packages, this iteration is far more destructive. If it can't find GitHub or NPM tokens to steal, it wipes all user data on Windows systems and erases files on Unix machines. The worm also hijacks DNS, launches privileged Docker containers, and creates backdoors through GitHub Actions.

Security researchers warn they're seeing 1,000 new malicious packages published every 30 minutes, with over 25,000 infected repositories identified. Organizations should immediately scan for compromises, rotate all credentials, and strengthen pipeline security.

Source: Security Week

Cybercriminals exploited the 2025 Black Friday shopping rush with over 2 million phishing attacks targeting online shoppers and gamers worldwide. Nearly 6.4 million phishing attempts were blocked from January through October, with 48.2% targeting online shoppers directly—up from 37.5% in 2024.

Gaming platforms saw unprecedented attacks, with Discord-related incidents skyrocketing 14 times to 18.5 million attempts. Amazon faced 606,369 blocked phishing attempts, while attackers distributed fake installers and malicious updates through unofficial gaming clients.

The campaigns used sophisticated tactics including RiskTool variants for crypto-mining and banking trojans targeting checkout pages. Scammers created polished fake promotional pages with countdown timers to steal credentials and payment details during transactions.

Source: Cybersecurity News

Seventy-three civil liberties campaigners, lawyers, and academics are demanding a parliamentary inquiry into the UK's Information Commissioner's Office after its failure to investigate the Ministry of Defence over the Afghan data breach. The serious leak exposed names of Afghans who worked with British forces, potentially putting their lives at risk after the Taliban takeover in August 2021.

The groups, coordinated by Open Rights Group, accuse Commissioner John Edwards of a "collapse in enforcement activity" and warn of deeper structural failures. They cite the ICO's pattern of issuing weak reprimands instead of meaningful penalties for public sector breaches, including those affecting Windrush victims.

The letter warns that both public and private sectors are now ignoring data protection rules, knowing enforcement is unlikely.

Source: The Guardian

Cox Enterprises confirmed hackers breached its Oracle E-Business Suite between August 9-14, compromising personal information of nearly 9,500 individuals. The conglomerate, which operates in communications, automotive, and agriculture, joins over 100 organizations targeted in this massive cybercrime campaign.

The Cl0p ransomware group has publicly leaked 1.6 TB of files allegedly stolen from Cox and named major victims including Logitech, The Washington Post, Harvard, Mazda, and American Airlines subsidiary Envoy Air. Security experts link the attacks to threat actor FIN11, previously behind similar breaches of Cleo, MOVEit, and Fortra file transfer systems.

Source: SecurityWeek

Cybersecurity researchers at K7 Labs discovered sophisticated Python-based malware that injects itself into legitimate Windows binaries like cvtres.exe to avoid detection. The attack starts with a fake PNG file that's actually a RAR archive, downloaded from cloud storage and extracted using built-in Windows tools.

The malware uses multiple layers of obfuscation—Base64 encoding, BZ2 compression, and Zlib decompression—to hide its true payload. It disguises itself as system files like AsusMouseDriver.sys and ntoskrnl.exe while bundling a complete Python runtime environment.

Once active, it establishes encrypted command-and-control communications that persist even after the original loader terminates. This fileless attack strategy poses serious risks to enterprise environments where traditional signature-based security tools may miss the threat.

Source: Cybersecurity News

Anthropic says Chinese state-sponsored hackers manipulated its Claude AI tool to attack 30 financial firms and government agencies in September, with 80-90% of operations running without human oversight. The company calls this the "first documented case of a cyber-attack largely executed without human intervention at scale."

The hackers bypassed safety guardrails by telling Claude to role-play as a cybersecurity firm employee conducting tests. While they achieved "a handful of successful intrusions" and accessed internal data, Claude made numerous mistakes during the attacks.

Senator Chris Murphy warned this shows AI regulation needs immediate priority. However, some cybersecurity experts remain skeptical, calling it "fancy automation" rather than true intelligence and questioning whether Anthropic is creating AI hype.

Source: The Guardian

Human error accounts for 80-90% of industrial accidents, with negligent insiders responsible for 56% of cybersecurity breaches in operational technology environments. Critical infrastructure faces growing risks from disgruntled employees, compromised contractors, and foreign agents infiltrating supply chains.

Experts warn that operational technology personnel have wide-ranging system privileges, making simple mistakes like clicking wrong buttons or plugging in unauthorized USB drives potentially catastrophic. The challenge intensifies as third-party vendors often have the same access as internal staff but limited cybersecurity awareness.

While AI and behavioral analytics show promise for detecting anomalous behavior, experts emphasize they're tools to assist, not replace, strong organizational culture and process controls. Organizations must balance strict monitoring with maintaining workforce trust and morale to prevent creating a "policing culture" that breeds resentment.

Source: Industrial Cyber

St. Anthony Hospital in Chicago disclosed Wednesday that a February data breach may have exposed personal information of more than 6,600 patients and staff members. An unauthorized party accessed employee email accounts, potentially compromising names, addresses, Social Security numbers, medical records, and prescription information.

The hospital says there's no evidence the data has been misused for identity theft or fraud. Officials are notifying affected individuals and recommend placing fraud alerts on credit files and monitoring financial accounts. A dedicated hotline (877-580-4384) is available weekdays 8 a.m. to 5 p.m. for questions about the incident.

Source: CBS News Chicago

CISA has added a critical Oracle Identity Manager zero-day vulnerability (CVE-2025-64446) to its Known Exploited Vulnerabilities catalog after confirming active attacks in the wild. The flaw scores a devastating 9.8 on the CVSS scale and lets attackers remotely execute code without any authentication required.

The vulnerability poses a major threat to organizations relying on Oracle Identity Manager for access control. Federal agencies face a mandatory patching deadline under CISA's Binding Operational Directive 22-01. Organizations should immediately apply patches and check their systems for signs of compromise, as hackers are already exploiting this security hole.

Source: The Hacker News