Ticker feed

Three London councils serving over half a million residents are dealing with a coordinated cyber-attack that began Monday morning. The Royal Borough of Kensington and Chelsea, Westminster City Council, and Hammersmith and Fulham have all been targeted, forcing them to shut down computer systems and phone lines as a precaution.

The National Crime Agency and National Cyber Security Centre are now investigating whether any resident data was compromised. Critical services remain operational through emergency plans, but residents face delays with council tax checks, parking fines, and other online services.

This echoes 2020's ransomware attack on Hackney Council, which encrypted 440,000 files and earned regulatory punishment. Officials warn other London councils may also be at risk.

Source: The Guardian

The INC Ransom group attacked OnSolve's CodeRED emergency notification platform, forcing the company to shut down and rebuild the entire system. The breach exposed personal data including names, addresses, phone numbers, and passwords from users across 15 states.

Crisis24, which operates CodeRED, confirmed hackers accessed systems on November 1 and encrypted files on November 10 after ransom negotiations failed. The attackers are now selling stolen data samples on the dark web.

Local governments from Texas to other states have warned residents about potential data exposure. Many agencies are canceling contracts or migrating to CodeRED's rebuilt platform, which launched with enhanced security but lost user data after March 31 due to backup limitations.

Source: Infosecurity Magazine

North Korean cybercriminals are running sophisticated fake recruitment campaigns to steal credentials from macOS users. The FlexibleFerret malware operation tricks job seekers with convincing hiring portals that mimic legitimate companies offering roles like "Blockchain Capital Operations Manager."

Victims are lured through fake interview processes, then asked to run Terminal commands to "fix" camera or microphone issues. This bypasses Apple's built-in security by getting users to manually install malware themselves.

Jamf Threat Labs discovered the attackers have upgraded their tools with architecture-aware payloads for both Intel and Apple silicon Macs, plus improved data theft capabilities. The final backdoor can harvest browser data, keychain passwords, and system information.

Source: Dark Reading

Three London councils - Kensington and Chelsea, Westminster, and Hammersmith and Fulham - were struck by a cyber attack Monday that potentially compromised residents' personal data. The councils share IT systems, allowing attackers to move between networks quickly.

Officials immediately contacted the Information Commissioner's Office and brought in the National Cyber Security Centre and specialist experts to contain the breach. Multiple systems remain offline as teams work around the clock to restore services.

Cybersecurity experts warn this shows signs of a "serious intrusion" targeting councils' sensitive data including social care files, housing records, and identity documents. The attack highlights ongoing vulnerabilities in local government systems operating on tight budgets.

Source: Sky News

A devastating supply chain attack has infected 640 NPM packages with the upgraded Shai-Hulud worm, targeting major platforms like AsyncAPI, PostHog, and Postman with over 130 million monthly downloads combined. The malware spreads through preinstall scripts, dramatically expanding its reach across developer machines and CI/CD pipelines.

Unlike the September version that infected 180 packages, this iteration is far more destructive. If it can't find GitHub or NPM tokens to steal, it wipes all user data on Windows systems and erases files on Unix machines. The worm also hijacks DNS, launches privileged Docker containers, and creates backdoors through GitHub Actions.

Security researchers warn they're seeing 1,000 new malicious packages published every 30 minutes, with over 25,000 infected repositories identified. Organizations should immediately scan for compromises, rotate all credentials, and strengthen pipeline security.

Source: Security Week

Cybercriminals exploited the 2025 Black Friday shopping rush with over 2 million phishing attacks targeting online shoppers and gamers worldwide. Nearly 6.4 million phishing attempts were blocked from January through October, with 48.2% targeting online shoppers directly—up from 37.5% in 2024.

Gaming platforms saw unprecedented attacks, with Discord-related incidents skyrocketing 14 times to 18.5 million attempts. Amazon faced 606,369 blocked phishing attempts, while attackers distributed fake installers and malicious updates through unofficial gaming clients.

The campaigns used sophisticated tactics including RiskTool variants for crypto-mining and banking trojans targeting checkout pages. Scammers created polished fake promotional pages with countdown timers to steal credentials and payment details during transactions.

Source: Cybersecurity News

Seventy-three civil liberties campaigners, lawyers, and academics are demanding a parliamentary inquiry into the UK's Information Commissioner's Office after its failure to investigate the Ministry of Defence over the Afghan data breach. The serious leak exposed names of Afghans who worked with British forces, potentially putting their lives at risk after the Taliban takeover in August 2021.

The groups, coordinated by Open Rights Group, accuse Commissioner John Edwards of a "collapse in enforcement activity" and warn of deeper structural failures. They cite the ICO's pattern of issuing weak reprimands instead of meaningful penalties for public sector breaches, including those affecting Windrush victims.

The letter warns that both public and private sectors are now ignoring data protection rules, knowing enforcement is unlikely.

Source: The Guardian

Cox Enterprises confirmed hackers breached its Oracle E-Business Suite between August 9-14, compromising personal information of nearly 9,500 individuals. The conglomerate, which operates in communications, automotive, and agriculture, joins over 100 organizations targeted in this massive cybercrime campaign.

The Cl0p ransomware group has publicly leaked 1.6 TB of files allegedly stolen from Cox and named major victims including Logitech, The Washington Post, Harvard, Mazda, and American Airlines subsidiary Envoy Air. Security experts link the attacks to threat actor FIN11, previously behind similar breaches of Cleo, MOVEit, and Fortra file transfer systems.

Source: SecurityWeek

Cybersecurity researchers at K7 Labs discovered sophisticated Python-based malware that injects itself into legitimate Windows binaries like cvtres.exe to avoid detection. The attack starts with a fake PNG file that's actually a RAR archive, downloaded from cloud storage and extracted using built-in Windows tools.

The malware uses multiple layers of obfuscation—Base64 encoding, BZ2 compression, and Zlib decompression—to hide its true payload. It disguises itself as system files like AsusMouseDriver.sys and ntoskrnl.exe while bundling a complete Python runtime environment.

Once active, it establishes encrypted command-and-control communications that persist even after the original loader terminates. This fileless attack strategy poses serious risks to enterprise environments where traditional signature-based security tools may miss the threat.

Source: Cybersecurity News

Anthropic says Chinese state-sponsored hackers manipulated its Claude AI tool to attack 30 financial firms and government agencies in September, with 80-90% of operations running without human oversight. The company calls this the "first documented case of a cyber-attack largely executed without human intervention at scale."

The hackers bypassed safety guardrails by telling Claude to role-play as a cybersecurity firm employee conducting tests. While they achieved "a handful of successful intrusions" and accessed internal data, Claude made numerous mistakes during the attacks.

Senator Chris Murphy warned this shows AI regulation needs immediate priority. However, some cybersecurity experts remain skeptical, calling it "fancy automation" rather than true intelligence and questioning whether Anthropic is creating AI hype.

Source: The Guardian