Ticker feed

Pennsylvania's Attorney General office confirmed a major data breach following a ransomware attack that disrupted services for three weeks in August. The Inc Ransom group claimed responsibility in September, allegedly stealing 5.7 TB of data including personal information like Social Security numbers and medical records from investigative units.

The hackers also accessed details about the office's use of Cellebrite software, which extracts data from mobile devices. While officials say there's no evidence of data misuse, cybersecurity experts remain skeptical since ransomware groups typically publish or sell stolen information. The attack likely exploited a Citrix Netscaler vulnerability called CitrixBleed2.

Source: Security Week

Google released an emergency Chrome update to patch a critical zero-day vulnerability that hackers are already exploiting in the wild. The fix addresses CVE-2025-13223, a type confusion bug in Chrome's V8 JavaScript engine that lets attackers execute malicious code remotely without user interaction.

Google's Threat Analysis Group discovered the flaw on November 12, 2025, and confirmed exploits are circulating. The vulnerability affects Chrome's sandbox protections, potentially allowing hackers to steal data or install malware. A second related bug was also patched.

The update is available in Chrome version 142.0.7444.175 for Windows/Linux and 142.0.7444.176 for Mac. Users should update immediately and enable automatic updates to stay protected.

Source: Cybersecurity News

Iranian state-sponsored hacking group APT42, linked to the Islamic Revolutionary Guard Corps, is conducting an elaborate espionage campaign targeting senior defense and government officials. The hackers spend weeks building relationships with victims through social media before sending fake conference invitations that either steal credentials or install TameCat malware.

The sophisticated PowerShell backdoor communicates through Telegram and Discord, allowing hackers to remotely execute commands and steal sensitive data. APT42 even targets victims' family members to increase pressure and expand their attack surface. Israel's National Digital Agency warns the campaign uses legitimate cloud services mixed with attacker infrastructure to maintain long-term access to high-value targets.

Source: Security Week

Multiple threat actors are actively exploiting CVE-2025-24893, a critical XWiki vulnerability discovered October 28, 2025, to deploy botnets and cryptocurrency miners on servers worldwide. CISA added it to their Known Exploited Vulnerabilities catalog just two days later on October 30.

The RondoDox botnet incorporated the flaw by November 3, causing a sharp spike in attacks. Hackers are using the vulnerability to execute malicious code through XWiki's SolrSearch endpoint, with attacks ranging from automated scanning to sophisticated reverse shell attempts from AWS IP addresses.

Organizations should immediately patch XWiki installations, monitor for unusual SolrSearch requests, and implement network segmentation to reduce exposure.

Source: Cyber Security News

Pennsylvania's Attorney General's Office is warning residents about a data breach that occurred in August, potentially exposing personal information including social security numbers. The cyber incident took down the office's website, email, and phone systems on August 9. While hackers may have accessed sensitive data, officials say there's no evidence the information has been misused yet.

Affected residents were notified Friday and offered identity protection services. The breach comes just weeks after Pennsylvania experienced a statewide 911 outage in July, though that incident was caused by technical issues, not a cyberattack.

Source: CBS News Pittsburgh

The UK government has officially ranked cyber attacks among the nation's top security threats, with the National Cyber Security Centre handling 204 significant incidents in the past year - roughly one every two days. These attacks target critical infrastructure including water, energy, healthcare, and transport systems.

The scale is staggering: 43% of UK businesses experienced cyber breaches last year, affecting over 600,000 organizations. In response, the government introduced the Cyber Security and Resilience Bill this week to strengthen defenses for essential services.

The UK's cybersecurity sector contributes £13.2 billion annually and supports 67,000 jobs. The government plans a National Cyber Strategy refresh to coordinate action across businesses, regulators, and law enforcement against increasingly sophisticated state-backed and criminal threats.

Source: Industrial Cyber

A critical vulnerability in pgAdmin4, the popular PostgreSQL management tool, allows attackers to execute remote code on servers. CVE-2025-12762 affects versions up to 9.9 and scores 9.3 out of 10 on the severity scale.

The flaw occurs when pgAdmin processes PLAIN-format dump files during database restores. Attackers can craft malicious dump files that inject commands, exploiting the tool's system-level operations. Even low-privilege users can trigger this vulnerability with minimal effort.

The pgAdmin team fixed the issue in version 10.0. Organizations should upgrade immediately, especially those running pgAdmin in server mode or handling external database dumps.

Source: Cyber Security News

The Washington Post disclosed that hackers breached its Oracle E-Business Suite system, compromising personal data of 9,720 current and former employees and contractors. The Cl0p ransomware group exploited zero-day vulnerabilities between July 10 and August 22, stealing names, Social Security numbers, bank account details, and tax IDs.

The attackers contacted the newspaper on September 29 demanding ransom. When the Post refused to pay, hackers published over 120 GB of stolen data on their leak site. The breach affects dozens of organizations including Harvard University and American Airlines subsidiary Envoy Air. Oracle didn't release patches until months after the initial July attacks began.

Source: Security Week

Personal details of 111 job applicants for a website developer position at Tate art galleries have been leaked online, exposing addresses, salaries, and referee contact information. The data, from applications submitted in October 2023, appeared on an unrelated website and includes current employers, education details, and lengthy application responses.

Computer programmer Max Kohler, 29, discovered his information in the leak after a referee was contacted by a stranger who found the data dump. The breach exposed his salary, employer details, and referee information including personal emails and addresses.

Tate says they're investigating but haven't identified any system breach. Data security incidents reported to the UK's Information Commissioner's Office have risen from 2,000 quarterly in 2022 to over 3,200 this year.

Source: The Guardian

Payment provider Checkout.com disclosed a data breach after hackers from the notorious ShinyHunters group tried to extort them. The attackers accessed a legacy third-party cloud storage system that hadn't been used since 2020 and wasn't properly decommissioned.

The breach affected internal documents and merchant onboarding materials but didn't compromise payment processing, merchant funds, or card numbers. Checkout refused to pay the ransom and instead announced they'll donate the ransom amount to Carnegie Mellon University and Oxford's Cyber Security Center for cybercrime research.

The company has launched an investigation and reported the incident to law enforcement and regulators.

Source: Security Week