Japanese beer giant Asahi confirmed Thursday that hackers stole personal information from roughly 2 million people during a September ransomware attack. The Qilin ransomware group targeted 1.5 million customer service contacts, stealing names, addresses, phone numbers, and emails. Another 107,000 employees had similar data plus birthdates and gender information compromised, while 168,000 employee family members also had personal details stolen.

The attack disrupted Asahi's operations across Japan, with systems still being gradually restored. Hackers infiltrated network equipment to access the data center, then deployed ransomware across multiple servers. CEO Atsushi Katsuki said full system restoration could take until February, though product shipments are resuming in stages.

Source: Security Week

GitLab has released urgent security updates across versions 18.6.1, 18.5.3, and 18.4.5 to fix multiple high-severity vulnerabilities affecting both Community and Enterprise editions.

The most dangerous flaw, CVE-2024-9183, exploits a race condition in CI/CD caches that lets authenticated attackers steal credentials from higher-privileged users. CVE-2025-12571 allows unauthenticated attackers to crash GitLab servers with malicious JSON requests, potentially taking entire development workflows offline.

A third vulnerability, CVE-2025-12653, enables unauthorized users to bypass security checks and join organizations by manipulating request headers. GitLab.com is already patched, but administrators running self-managed installations must upgrade immediately to prevent exploitation.

Source: CyberSecurity News

Japanese beer maker Asahi disclosed Thursday that a September ransomware attack potentially exposed personal information of over 1.5 million customers. The cyber-attack, claimed by ransomware group Qilin, crippled operations across Japan's factories and forced employees to process orders with pen and paper.

The breach affected customer names, addresses, and contact details from service centers, plus data from 107,000 current and former employees and 168,000 family members. Credit card information wasn't compromised. The attack caused widespread drink shortages across Japan, where Asahi controls 40% of the beer market.

Asahi spent two months containing the breach and is delaying financial results to focus on recovery efforts.

Source: BBC

Cybercriminals are now weaponizing large language models like Google Gemini and Hugging Face to build malware that can evade security tools. Google's Threat Intelligence Group identified five programs, including PROMPTFLUX, which uses AI to rewrite its own code, and PROMPTSTEAL, which analyzes compromised systems for vulnerabilities.

These AI-powered tools help both skilled hackers work faster and enable less technical criminals to create sophisticated attacks. Some malware calls AI services during execution to adapt and stay unpredictable, though most samples are still experimental prototypes.

Attackers are bypassing AI safety guardrails by pretending they need offensive code for cybersecurity competitions. While these techniques aren't widespread yet, experts warn they could make future attacks much more adaptive and difficult to defend against.

Source: Dark Reading

Three London councils serving over half a million residents are dealing with a coordinated cyber-attack that began Monday morning. The Royal Borough of Kensington and Chelsea, Westminster City Council, and Hammersmith and Fulham have all been targeted, forcing them to shut down computer systems and phone lines as a precaution.

The National Crime Agency and National Cyber Security Centre are now investigating whether any resident data was compromised. Critical services remain operational through emergency plans, but residents face delays with council tax checks, parking fines, and other online services.

This echoes 2020's ransomware attack on Hackney Council, which encrypted 440,000 files and earned regulatory punishment. Officials warn other London councils may also be at risk.

Source: The Guardian

The INC Ransom group attacked OnSolve's CodeRED emergency notification platform, forcing the company to shut down and rebuild the entire system. The breach exposed personal data including names, addresses, phone numbers, and passwords from users across 15 states.

Crisis24, which operates CodeRED, confirmed hackers accessed systems on November 1 and encrypted files on November 10 after ransom negotiations failed. The attackers are now selling stolen data samples on the dark web.

Local governments from Texas to other states have warned residents about potential data exposure. Many agencies are canceling contracts or migrating to CodeRED's rebuilt platform, which launched with enhanced security but lost user data after March 31 due to backup limitations.

Source: Infosecurity Magazine

North Korean cybercriminals are running sophisticated fake recruitment campaigns to steal credentials from macOS users. The FlexibleFerret malware operation tricks job seekers with convincing hiring portals that mimic legitimate companies offering roles like "Blockchain Capital Operations Manager."

Victims are lured through fake interview processes, then asked to run Terminal commands to "fix" camera or microphone issues. This bypasses Apple's built-in security by getting users to manually install malware themselves.

Jamf Threat Labs discovered the attackers have upgraded their tools with architecture-aware payloads for both Intel and Apple silicon Macs, plus improved data theft capabilities. The final backdoor can harvest browser data, keychain passwords, and system information.

Source: Dark Reading

Three London councils - Kensington and Chelsea, Westminster, and Hammersmith and Fulham - were struck by a cyber attack Monday that potentially compromised residents' personal data. The councils share IT systems, allowing attackers to move between networks quickly.

Officials immediately contacted the Information Commissioner's Office and brought in the National Cyber Security Centre and specialist experts to contain the breach. Multiple systems remain offline as teams work around the clock to restore services.

Cybersecurity experts warn this shows signs of a "serious intrusion" targeting councils' sensitive data including social care files, housing records, and identity documents. The attack highlights ongoing vulnerabilities in local government systems operating on tight budgets.

Source: Sky News

A devastating supply chain attack has infected 640 NPM packages with the upgraded Shai-Hulud worm, targeting major platforms like AsyncAPI, PostHog, and Postman with over 130 million monthly downloads combined. The malware spreads through preinstall scripts, dramatically expanding its reach across developer machines and CI/CD pipelines.

Unlike the September version that infected 180 packages, this iteration is far more destructive. If it can't find GitHub or NPM tokens to steal, it wipes all user data on Windows systems and erases files on Unix machines. The worm also hijacks DNS, launches privileged Docker containers, and creates backdoors through GitHub Actions.

Security researchers warn they're seeing 1,000 new malicious packages published every 30 minutes, with over 25,000 infected repositories identified. Organizations should immediately scan for compromises, rotate all credentials, and strengthen pipeline security.

Source: Security Week

Cybercriminals exploited the 2025 Black Friday shopping rush with over 2 million phishing attacks targeting online shoppers and gamers worldwide. Nearly 6.4 million phishing attempts were blocked from January through October, with 48.2% targeting online shoppers directly—up from 37.5% in 2024.

Gaming platforms saw unprecedented attacks, with Discord-related incidents skyrocketing 14 times to 18.5 million attempts. Amazon faced 606,369 blocked phishing attempts, while attackers distributed fake installers and malicious updates through unofficial gaming clients.

The campaigns used sophisticated tactics including RiskTool variants for crypto-mining and banking trojans targeting checkout pages. Scammers created polished fake promotional pages with countdown timers to steal credentials and payment details during transactions.

Source: Cybersecurity News