Ticker feed

The Royal Borough of Kensington and Chelsea confirmed hackers copied historical data during a cyber attack discovered Monday morning. The council quickly shut down systems after detecting unusual activity, emphasizing that while data was copied, it wasn't stolen and remains accessible to them.

The breach also affected Westminster City Council and Hammersmith and Fulham Council through shared IT arrangements. Police are investigating with no arrests made yet. RBKC is checking whether personal or financial details were compromised, warning residents to stay vigilant against suspicious communications.

Council services continue running despite some disruptions to phone lines and online systems.

Source: BBC

Only 14% of organizations feel fully prepared for emerging operational technology (OT) cybersecurity threats, highlighting a persistent divide between IT and OT teams. With manufacturing downtime costing $88,000 per hour on average, this gap has serious financial implications.

Industry experts say the biggest barrier is cultural, not technical. Cybersecurity teams speak risk and data language, while OT operators focus on safety, reliability, and uptime. Building trust requires cybersecurity professionals to understand operational priorities and demonstrate how security supports business goals rather than hindering them.

Geopolitical tensions are reshaping OT security as nation-state actors increasingly target critical infrastructure. Organizations are moving beyond basic compliance toward resilience-focused strategies that integrate cybersecurity into operational excellence rather than treating it as a separate function.

Source: Industrial Cyber

CISA added a critical cross-site scripting vulnerability in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog on November 28, 2025, confirming attackers are actively using it. The flaw (CVE-2021-26829) allows remote attackers to inject malicious scripts through the system settings interface, potentially letting them hijack user sessions, steal credentials, or modify critical SCADA configurations.

The vulnerability targets industrial control systems widely used in automation research and implementation. Federal agencies must patch by December 19, 2025. CISA recommends immediately applying vendor patches, reviewing third-party usage, or discontinuing the product if fixes aren't available.

Source: Cybersecurity News

The French Football Federation (FFF) announced Thursday that hackers breached their club management software and stole member data through a compromised account. The cyberattack targeted personal information including names, gender, nationality, and email addresses of registered members, though the federation didn't specify how many people were affected.

The FFF quickly responded by disabling the compromised account, resetting all user passwords, and securing their systems after detecting the unauthorized access. They've filed a complaint over the incident.

The federation emphasized their commitment to data protection and said they're continuously strengthening security measures to combat evolving cyber threats facing organizations today.

Source: Security Week

A dangerous new Android malware called "Albiriox" has surfaced, giving cybercriminals complete remote control over infected devices to drain bank accounts. Russian-speaking hackers launched this Malware-as-a-Service in September 2025, charging affiliates $650 monthly for access.

The malware targets over 400 banking and cryptocurrency apps worldwide. It works by streaming victims' screens directly to attackers through VNC technology, allowing criminals to manually perform banking fraud while users remain unaware. This bypasses security measures like two-factor authentication.

Albiriox spreads through fake apps disguised as legitimate services like "Penny Market," distributed via phishing SMS messages and fake Google Play Store pages. Once installed, it uses accessibility services for overlay attacks and keylogging while staying hidden from antivirus detection.

Source: Cybersecurity News

The Royal Borough of Kensington and Chelsea is urging its 147,500 residents to be "extra vigilant" with calls, emails, and texts after confirming data was stolen in a cyber-attack this week. The breach affected three London councils - RBKC, Westminster, and Hammersmith and Fulham - disrupting shared IT systems and phone lines.

RBKC believes the stolen data is "historical" but is still checking if it contains personal or financial information. The council faces at least two weeks of "significant disruption" while working with the National Cyber Security Centre, National Crime Agency, and Metropolitan Police to restore systems and identify attackers.

Source: The Guardian

Japanese beer giant Asahi confirmed Thursday that hackers stole personal information from roughly 2 million people during a September ransomware attack. The Qilin ransomware group targeted 1.5 million customer service contacts, stealing names, addresses, phone numbers, and emails. Another 107,000 employees had similar data plus birthdates and gender information compromised, while 168,000 employee family members also had personal details stolen.

The attack disrupted Asahi's operations across Japan, with systems still being gradually restored. Hackers infiltrated network equipment to access the data center, then deployed ransomware across multiple servers. CEO Atsushi Katsuki said full system restoration could take until February, though product shipments are resuming in stages.

Source: Security Week

GitLab has released urgent security updates across versions 18.6.1, 18.5.3, and 18.4.5 to fix multiple high-severity vulnerabilities affecting both Community and Enterprise editions.

The most dangerous flaw, CVE-2024-9183, exploits a race condition in CI/CD caches that lets authenticated attackers steal credentials from higher-privileged users. CVE-2025-12571 allows unauthenticated attackers to crash GitLab servers with malicious JSON requests, potentially taking entire development workflows offline.

A third vulnerability, CVE-2025-12653, enables unauthorized users to bypass security checks and join organizations by manipulating request headers. GitLab.com is already patched, but administrators running self-managed installations must upgrade immediately to prevent exploitation.

Source: CyberSecurity News

Japanese beer maker Asahi disclosed Thursday that a September ransomware attack potentially exposed personal information of over 1.5 million customers. The cyber-attack, claimed by ransomware group Qilin, crippled operations across Japan's factories and forced employees to process orders with pen and paper.

The breach affected customer names, addresses, and contact details from service centers, plus data from 107,000 current and former employees and 168,000 family members. Credit card information wasn't compromised. The attack caused widespread drink shortages across Japan, where Asahi controls 40% of the beer market.

Asahi spent two months containing the breach and is delaying financial results to focus on recovery efforts.

Source: BBC

Cybercriminals are now weaponizing large language models like Google Gemini and Hugging Face to build malware that can evade security tools. Google's Threat Intelligence Group identified five programs, including PROMPTFLUX, which uses AI to rewrite its own code, and PROMPTSTEAL, which analyzes compromised systems for vulnerabilities.

These AI-powered tools help both skilled hackers work faster and enable less technical criminals to create sophisticated attacks. Some malware calls AI services during execution to adapt and stay unpredictable, though most samples are still experimental prototypes.

Attackers are bypassing AI safety guardrails by pretending they need offensive code for cybersecurity competitions. While these techniques aren't widespread yet, experts warn they could make future attacks much more adaptive and difficult to defend against.

Source: Dark Reading