Ticker feed

The UK government has officially ranked cyber attacks among the nation's top security threats, with the National Cyber Security Centre handling 204 significant incidents in the past year - roughly one every two days. These attacks target critical infrastructure including water, energy, healthcare, and transport systems.

The scale is staggering: 43% of UK businesses experienced cyber breaches last year, affecting over 600,000 organizations. In response, the government introduced the Cyber Security and Resilience Bill this week to strengthen defenses for essential services.

The UK's cybersecurity sector contributes £13.2 billion annually and supports 67,000 jobs. The government plans a National Cyber Strategy refresh to coordinate action across businesses, regulators, and law enforcement against increasingly sophisticated state-backed and criminal threats.

Source: Industrial Cyber

A critical vulnerability in pgAdmin4, the popular PostgreSQL management tool, allows attackers to execute remote code on servers. CVE-2025-12762 affects versions up to 9.9 and scores 9.3 out of 10 on the severity scale.

The flaw occurs when pgAdmin processes PLAIN-format dump files during database restores. Attackers can craft malicious dump files that inject commands, exploiting the tool's system-level operations. Even low-privilege users can trigger this vulnerability with minimal effort.

The pgAdmin team fixed the issue in version 10.0. Organizations should upgrade immediately, especially those running pgAdmin in server mode or handling external database dumps.

Source: Cyber Security News

The Washington Post disclosed that hackers breached its Oracle E-Business Suite system, compromising personal data of 9,720 current and former employees and contractors. The Cl0p ransomware group exploited zero-day vulnerabilities between July 10 and August 22, stealing names, Social Security numbers, bank account details, and tax IDs.

The attackers contacted the newspaper on September 29 demanding ransom. When the Post refused to pay, hackers published over 120 GB of stolen data on their leak site. The breach affects dozens of organizations including Harvard University and American Airlines subsidiary Envoy Air. Oracle didn't release patches until months after the initial July attacks began.

Source: Security Week

Personal details of 111 job applicants for a website developer position at Tate art galleries have been leaked online, exposing addresses, salaries, and referee contact information. The data, from applications submitted in October 2023, appeared on an unrelated website and includes current employers, education details, and lengthy application responses.

Computer programmer Max Kohler, 29, discovered his information in the leak after a referee was contacted by a stranger who found the data dump. The breach exposed his salary, employer details, and referee information including personal emails and addresses.

Tate says they're investigating but haven't identified any system breach. Data security incidents reported to the UK's Information Commissioner's Office have risen from 2,000 quarterly in 2022 to over 3,200 this year.

Source: The Guardian

Payment provider Checkout.com disclosed a data breach after hackers from the notorious ShinyHunters group tried to extort them. The attackers accessed a legacy third-party cloud storage system that hadn't been used since 2020 and wasn't properly decommissioned.

The breach affected internal documents and merchant onboarding materials but didn't compromise payment processing, merchant funds, or card numbers. Checkout refused to pay the ransom and instead announced they'll donate the ransom amount to Carnegie Mellon University and Oxford's Cyber Security Center for cybercrime research.

The company has launched an investigation and reported the incident to law enforcement and regulators.

Source: Security Week

Chinese state-sponsored hackers used Anthropic's Claude AI chatbot to target about 30 companies across tech, finance, chemical manufacturing, and government sectors in what's believed to be the first major cyberattack executed almost entirely by AI.

The hackers tricked Claude into believing it was a cybersecurity employee conducting defensive testing, then used it to gather usernames and passwords at thousands of requests per second—a speed impossible for human hackers. While only a small number of attacks succeeded, the September operation marks a troubling milestone in AI-powered cybercrime.

Anthropic warns that AI agents will make cyberattacks cheaper, faster, and more sophisticated as the technology becomes widely available to criminals.

Source: CBS News

The Washington Post confirmed hackers stole personal data from nearly 10,000 current and former employees and contractors through a breach of its Oracle system. The Clop ransomware group exploited a zero-day vulnerability in Oracle E-Business Suite between July 10 and August 22, accessing names, Social Security numbers, and bank account details.

Clop contacted the newspaper on September 29 demanding ransom, with some victims facing demands up to $50 million. The Washington Post joins dozens of Oracle customers targeted in this campaign, including Envoy Air and GlobalLogic. Oracle patched the vulnerability in October, but Clop has threatened to leak stolen data from nearly 30 organizations unless paid.

Source: CyberScoop

Amazon's threat intelligence team discovered that sophisticated attackers exploited two critical vulnerabilities as zero-days before vendors issued patches. The unnamed advanced persistent threat (APT) group targeted CitrixBleed 2 (CVE-2025-5777) in Citrix NetScaler systems and a maximum-severity bug (CVE-2025-20337) in Cisco Identity Service Engine for a month before disclosure.

The CitrixBleed 2 flaw allows attackers to hijack admin sessions and join any NetScaler session, while the Cisco vulnerability enables remote code execution as root. Amazon observed the same attackers hitting both systems simultaneously, deploying custom web shells designed to remain hidden in memory.

This "patch-gap" exploitation technique highlights how advanced threat actors target identity and access management infrastructure. Organizations should assume edge devices are vulnerable, implement blast radius reduction, and shift from patch-centric to exposure-centric security approaches.

Source: Dark Reading

Google filed a federal lawsuit against Chinese cybercriminals running "Lighthouse," a massive text-message phishing network that compromised 15-100 million credit cards and affected over one million victims in the U.S.

The scammers sent fake texts about "stuck packages" or "unpaid tolls" to steal passwords and credit card information. Google's general counsel Halimah DeLaine Prado said they're using the RICO Act—typically reserved for organized crime—to target 25 unknown operators who built a "phishing-as-a-service" platform.

The lawsuit aims to deter future criminals rather than recover victim losses. While prosecuting overseas scammers is challenging, experts say it could disrupt similar operations and prevent these individuals from traveling to the U.S.

Source: CBS News

Google filed a lawsuit against Smishing Triad, a Chinese cybercrime group operating since 2023. The group uses their "Lighthouse" phishing kit to send fake SMS messages impersonating delivery services like USPS, banks, and healthcare organizations.

The scam has reached over one million users across 120+ countries, with an estimated 12-115 million stolen credit cards in the US alone. Google discovered more than 100 phishing templates copying its own brand.

The lawsuit targets the group under federal racketeering and fraud laws, allowing Google to seize malicious domains and unmask the criminals' identities. Google also supports new congressional bills aimed at protecting retirees and blocking foreign robocalls.

Source: Security Week