South Korea has slapped e-commerce giant Coupang with a record $400 million fine after a data breach exposed personal information belonging to roughly 37.5 million users — more than half the country's population. Seoul's Personal Information Protection Commission found the company failed to properly manage authentication keys and access controls. Regulators added a separate penalty for collecting data without user consent.
Coupang says the breach likely started as early as June through a foreign server and initially affected 4,500 accounts before ballooning to nearly 34 million. The company's CEO resigned following the incident. Coupang plans to fight the ruling in court.
Source: BBC News
South Korea has slapped e-commerce giant Coupang with a record $400 million fine after a data breach exposed personal information belonging to roughly 37.5 million users — more than half the country's population. Seoul's Personal Information Protection Commission found the company failed to properly manage authentication keys and access controls. Regulators added a separate penalty for collecting data without user consent.
Coupang says the breach likely started as early as June through a foreign server and initially affected 4,500 accounts before ballooning to nearly 34 million. The company's CEO resigned following the incident. Coupang plans to fight the ruling in court.
Source: BBC News
A researcher known as Nightmare-Eclipse has released yet another Microsoft zero-day exploit — this one called RoguePlanet — timed to drop right after Microsoft's June Patch Tuesday, which addressed a record 206 CVEs.
The new exploit targets Windows Defender via a race condition, potentially granting attackers full SYSTEM-level access on Windows 10 and 11. It's the latest salvo in a months-long feud that began in April with the BlueHammer exploit. Microsoft has since patched several of Nightmare-Eclipse's disclosures, but real-world exploitation has already occurred.
The researcher claims to have more vulnerabilities in Defender and other Windows components ready to go.
Source: Dark Reading
A researcher known as Nightmare-Eclipse has released yet another Microsoft zero-day exploit — this one called RoguePlanet — timed to drop right after Microsoft's June Patch Tuesday, which addressed a record 206 CVEs.
The new exploit targets Windows Defender via a race condition, potentially granting attackers full SYSTEM-level access on Windows 10 and 11. It's the latest salvo in a months-long feud that began in April with the BlueHammer exploit. Microsoft has since patched several of Nightmare-Eclipse's disclosures, but real-world exploitation has already occurred.
The researcher claims to have more vulnerabilities in Defender and other Windows components ready to go.
Source: Dark Reading
A malware attack has knocked out IT systems at Great Marlow School in Buckinghamshire, forcing a partial closure on Wednesday. The school can't contact parents via email, teachers can't set work, and internal exams for Years 10 and 12 have been postponed. Only Year 11 and 13 students are required in for external exams.
Headteacher Guy Pendlebury confirmed the school is working with cybersecurity professionals to restore systems, following guidance from the Department for Education and the National Cyber Security Centre. The school, famously attended by Olympic rower Steve Redgrave, says student safety remains its top priority.
Source: BBC News
A malware attack has knocked out IT systems at Great Marlow School in Buckinghamshire, forcing a partial closure on Wednesday. The school can't contact parents via email, teachers can't set work, and internal exams for Years 10 and 12 have been postponed. Only Year 11 and 13 students are required in for external exams.
Headteacher Guy Pendlebury confirmed the school is working with cybersecurity professionals to restore systems, following guidance from the Department for Education and the National Cyber Security Centre. The school, famously attended by Olympic rower Steve Redgrave, says student safety remains its top priority.
Source: BBC News
Two Russia-linked hacker groups — Gamaredon and Shadow-Earth-066 — are actively exploiting a WinRAR vulnerability (CVE-2025-8088) that's been patched since July 2024, targeting Ukrainian military and government organizations through weaponized phishing emails.
The attacks differ in execution but share the same goal. Shadow-Earth-066 deploys the GiftedCrook stealer to harvest credentials and documents, while Gamaredon plants espionage malware via malicious HTA files. Both abuse WinRAR's path traversal flaw to drop payloads into Windows Startup folders.
The flaw stays dangerous because WinRAR doesn't auto-update and falls outside standard enterprise patching tools — leaving millions of endpoints exposed.
Source: Dark Reading
Two Russia-linked hacker groups — Gamaredon and Shadow-Earth-066 — are actively exploiting a WinRAR vulnerability (CVE-2025-8088) that's been patched since July 2024, targeting Ukrainian military and government organizations through weaponized phishing emails.
The attacks differ in execution but share the same goal. Shadow-Earth-066 deploys the GiftedCrook stealer to harvest credentials and documents, while Gamaredon plants espionage malware via malicious HTA files. Both abuse WinRAR's path traversal flaw to drop payloads into Windows Startup folders.
The flaw stays dangerous because WinRAR doesn't auto-update and falls outside standard enterprise patching tools — leaving millions of endpoints exposed.
Source: Dark Reading
A 2020 cyberattack on South Staffordshire Water exposed the personal data of 633,887 people, with over 4.1 terabytes of information — including bank details and National Insurance numbers — ending up on the dark web. The breach went undetected for 20 months.
Victims like Chris Durham, 53, had phones fraudulently taken out in his name and spent months fighting to recover £60 monthly charges he never authorized. Another customer, Nigel Calladine, 75, had to change his email and bank accounts entirely after six months of phishing attacks.
The ICO fined South Staffordshire £963,900. Customers say the fine doesn't go far enough.
Source: BBC News
A 2020 cyberattack on South Staffordshire Water exposed the personal data of 633,887 people, with over 4.1 terabytes of information — including bank details and National Insurance numbers — ending up on the dark web. The breach went undetected for 20 months.
Victims like Chris Durham, 53, had phones fraudulently taken out in his name and spent months fighting to recover £60 monthly charges he never authorized. Another customer, Nigel Calladine, 75, had to change his email and bank accounts entirely after six months of phishing attacks.
The ICO fined South Staffordshire £963,900. Customers say the fine doesn't go far enough.
Source: BBC News
A self-replicating worm called Shai-Hulud has infected over 100 packages across NPM and PyPI since September 2025, with attacks sharply escalating in recent weeks. After hacking group TeamPCP released the worm's source code in mid-May, clones emerged fast.
The latest variants — Miasma and Hades — harvest credentials, API keys, and tokens, then spread by infecting packages the victim can access. Red Hat's Hybrid Cloud Console was among the targets, alongside SDKs like Vapi and Wrangler. In total, 471 malicious artifacts have been identified, including PyPI wheel files tied to the Hades branch.
Source: SecurityWeek
A self-replicating worm called Shai-Hulud has infected over 100 packages across NPM and PyPI since September 2025, with attacks sharply escalating in recent weeks. After hacking group TeamPCP released the worm's source code in mid-May, clones emerged fast.
The latest variants — Miasma and Hades — harvest credentials, API keys, and tokens, then spread by infecting packages the victim can access. Red Hat's Hybrid Cloud Console was among the targets, alongside SDKs like Vapi and Wrangler. In total, 471 malicious artifacts have been identified, including PyPI wheel files tied to the Hades branch.
Source: SecurityWeek
A threat group called Silent Ransom (also tracked as UNC3753, Luna Moth, and Chatty Spider) has been hitting US law, financial, and professional services firms with a slick social engineering campaign between January and May 2026, according to Google's Mandiant division.
The attacks start with a fake invoice email, followed by a phone call from someone pretending to be IT support. Victims are talked into screen-sharing sessions and downloading remote access tools. In some cases, attackers physically showed up at offices with USB drives to steal data directly.
Once inside, the group moves fast — sometimes from initial contact to extortion demand in under an hour. Ransom demands come with a three-day deadline and threats to notify clients, partners, and journalists if victims don't comply.
Source: Dark Reading
A threat group called Silent Ransom (also tracked as UNC3753, Luna Moth, and Chatty Spider) has been hitting US law, financial, and professional services firms with a slick social engineering campaign between January and May 2026, according to Google's Mandiant division.
The attacks start with a fake invoice email, followed by a phone call from someone pretending to be IT support. Victims are talked into screen-sharing sessions and downloading remote access tools. In some cases, attackers physically showed up at offices with USB drives to steal data directly.
Once inside, the group moves fast — sometimes from initial contact to extortion demand in under an hour. Ransom demands come with a three-day deadline and threats to notify clients, partners, and journalists if victims don't comply.
Source: Dark Reading
A ransomware attack has forced Evanston Township High School to close its campus, canceling summer school, sports camps, and all on-campus activities. The attack, discovered Sunday, knocked out phone lines, internet, computers, and even the school's emergency notification and PA systems.
The FBI is now investigating alongside cybersecurity attorneys and forensic experts. No ransom demand has been received yet. Staff were told to stay home Monday, and students and teachers won't have building access for at least two days. District spokesperson Reine Hanna noted the summer timing reduced the overall impact. Google passwords for employees have already been reset as a precaution.
Source: CBS News Chicago
A ransomware attack has forced Evanston Township High School to close its campus, canceling summer school, sports camps, and all on-campus activities. The attack, discovered Sunday, knocked out phone lines, internet, computers, and even the school's emergency notification and PA systems.
The FBI is now investigating alongside cybersecurity attorneys and forensic experts. No ransom demand has been received yet. Staff were told to stay home Monday, and students and teachers won't have building access for at least two days. District spokesperson Reine Hanna noted the summer timing reduced the overall impact. Google passwords for employees have already been reset as a precaution.
Source: CBS News Chicago
Lansing Community College (LCC) is notifying 174,307 people that their personal data was exposed in a breach discovered in February 2025 — more than a year after it happened. Hackers used compromised credentials to access systems, pulling names, addresses, dates of birth, driver's license details, and Social Security numbers.
LCC says there's no evidence the data was removed or misused, and that affected data varies by individual. The Michigan college is offering 24 months of free credit monitoring and identity protection to those impacted. No ransomware group has claimed responsibility.
Source: SecurityWeek
Lansing Community College (LCC) is notifying 174,307 people that their personal data was exposed in a breach discovered in February 2025 — more than a year after it happened. Hackers used compromised credentials to access systems, pulling names, addresses, dates of birth, driver's license details, and Social Security numbers.
LCC says there's no evidence the data was removed or misused, and that affected data varies by individual. The Michigan college is offering 24 months of free credit monitoring and identity protection to those impacted. No ransomware group has claimed responsibility.
Source: SecurityWeek
CISA has added CVE-2022-0492, a Linux kernel privilege escalation flaw, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The vulnerability targets the cgroups v1 release_agent feature, allowing attackers to execute arbitrary commands with root-level access — and potentially break out of containerized environments entirely.
It's especially dangerous in cloud-native setups where containers rely on cgroups for resource isolation. Federal agencies must patch by June 5, 2026. Other organizations should move fast too — fixes include updating the kernel, disabling unprivileged user namespaces, and auditing container configurations for suspicious cgroup activity.
Source: Cybersecurity News
CISA has added CVE-2022-0492, a Linux kernel privilege escalation flaw, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The vulnerability targets the cgroups v1 release_agent feature, allowing attackers to execute arbitrary commands with root-level access — and potentially break out of containerized environments entirely.
It's especially dangerous in cloud-native setups where containers rely on cgroups for resource isolation. Federal agencies must patch by June 5, 2026. Other organizations should move fast too — fixes include updating the kernel, disabling unprivileged user namespaces, and auditing container configurations for suspicious cgroup activity.
Source: Cybersecurity News