Ticker feed

The Georgia Department of Human Services is notifying residents that their personal information may have been exposed after hackers gained unauthorized access to employee email accounts. The Georgia Technology Authority discovered the breach at their email services provider, which hosts DHS accounts containing confidential data.

While there's no evidence that information was actually viewed or misused, potentially exposed data includes names, Social Security numbers, driver's license numbers, medical details, and financial account information. DHS has secured the compromised accounts and launched an investigation.

The agency is mailing notifications to affected individuals and recommends monitoring credit reports and considering fraud alerts with major credit bureaus as a precaution.

Source: CBS News Atlanta

GreyNoise has uncovered a coordinated campaign targeting Cisco, Fortinet, and Palo Alto Networks devices, with attackers using IPs from the same subnets. The firm detected scanning attempts against Cisco ASA devices in September, weeks before two zero-day vulnerabilities were disclosed. These bugs, scoring up to 9.9 on the CVSS scale, were linked to China-based hackers in the ArcaneDoor espionage campaign.

Scanning activity against Palo Alto Networks firewalls spiked 500% over two days, involving 2,200 unique IPs and generating over 1.3 million login attempts. GreyNoise warns that similar spikes typically precede vulnerability disclosures within six weeks, with roughly 80% accuracy for major firewall and VPN vendors.

Source: Security Week

Hackers breached Discord through a third-party customer service provider, stealing government ID photos from approximately 70,000 users who submitted them for age verification appeals. The attackers reportedly grabbed 1.5 terabytes of data and are demanding ransom money from Discord.

The stolen information includes names, usernames, email addresses, messages to customer support, and limited billing details like the last four digits of credit cards. However, passwords and full payment information weren't compromised.

Discord immediately cut off the vendor's access and contacted law enforcement. The company is notifying affected users via email from noreply@discord.com. Some frustrated users report Discord never processed their age appeals before the breach occurred.

Source: CNET

SonicWall confirmed Wednesday that attackers successfully breached its cloud backup service through a brute-force attack, accessing firewall configuration files from every customer who used the platform. The company initially downplayed the breach's scope, claiming less than 5% of customers were affected, but later admitted all cloud backup users were compromised.

The stolen data includes firewall rules, encrypted passwords, and network configurations—essentially a roadmap for future attacks. Security experts criticized SonicWall for lacking basic protections like rate limiting on public APIs.

This marks another blow for SonicWall customers, who've faced years of actively exploited vulnerabilities, including recent Akira ransomware campaigns. The company has notified affected customers and released detection tools.

Source: CyberScoop

A Vietnam-based cyber group called BatShadow is targeting job seekers and digital marketing professionals with malicious emails containing "Vampire Bot" malware. The sophisticated surveillance tool, written in Go, continuously captures screenshots and steals sensitive data from infected computers.

The attack works through zip files containing fake PDFs and hidden malicious executables. When victims open these files, PowerShell scripts quietly install the malware while displaying a decoy document. Vampire Bot then harvests system information, maintains persistence by hiding in core folders, and sends encrypted data to command servers.

Researchers at Aryaka Threat Research Labs say the campaign exploits job seekers' willingness to open career-related emails, making them prime targets for cybercriminals seeking extended system access.

Source: Dark Reading

Discord suffered a data breach on September 20 when hackers compromised a third-party customer service provider to extort money from the gaming platform. The attack exposed personal information from users who contacted customer support, including usernames, emails, billing details, IP addresses, and government ID documents like passports and driver's licenses.

The stolen IDs belonged to users who had appealed age verification decisions in the UK and Australia, where Discord uses facial recognition technology. While Discord says it normally deletes these images after verification, some were stored for manual review appeals.

Discord has notified affected users, revoked the provider's access, and contacted law enforcement. The breach comes as Australia prepares to implement a social media ban for under-16s in December.

Source: The Guardian

Europol's executive director Catherine de Bolle told 500 global experts that cybercriminals are exploiting encryption and emerging technologies faster than authorities can respond. At the agency's annual Cybercrime Conference, officials emphasized that lawful data access has become the decisive factor in fighting cyber threats.

European Commissioner Magnus Brunner stressed that "cybercrime knows no borders" as drones threaten critical infrastructure and criminals exploit new technologies. The conference highlighted successful operations including Operation Eastwood, which disrupted pro-Russian hacktivists, and Operation Ratatouille, leading to arrests of major cybercrime platform administrators.

Delegates discussed balancing privacy with security needs and updating regulatory frameworks to match evolving technology.

Source: Industrial Cyber

A 17-year-old and 22-year-old have been arrested in connection with a cyber attack on Kido nursery chain that compromised data of around 8,000 children. The suspects, taken into custody in Bishop's Stortford on Tuesday, face charges of computer misuse and blackmail.

Hackers allegedly used children's photos and names to demand ransom money from the London-based nursery chain. The breach exposed personal contact details of children, parents, and carers two weeks ago.

A group called Radiant initially claimed responsibility and threatened to release more profiles, but later appeared to delete the data following public backlash. Met Police specialist investigators continue working to bring those responsible to justice.

Source: Sky News

BK Technologies, a Florida company that makes wireless communication equipment for police and government agencies, discovered hackers broke into its systems on September 20. The attackers stole employee data, including information on current and former workers, before being kicked out.

The breach caused minor disruptions to non-critical systems, but didn't affect daily operations. BK Technologies told the SEC it doesn't expect the cyberattack to hurt its finances, especially since insurance covers most incident costs.

It's unclear if this was a ransomware attack, as no hacker groups have claimed responsibility yet.

Source: SecurityWeek

Unknown attackers posing as Libya's Navy Office of Protocol targeted Brazil's military using a malicious calendar file to exploit a zero-day vulnerability in Zimbra's email system. The rare attack method bypassed traditional defenses through a weaponized ICS file containing JavaScript that exploited CVE-2025-27915, an XSS vulnerability.

Once executed, the malware stole credentials, emails, contacts, and authentication data while redirecting messages to attacker-controlled servers. The sophisticated payload included multiple obfuscation layers and could bypass multi-factor authentication protections.

Zimbra patched the vulnerability in June with version 10.1.9 after the attack occurred. StrikeReady researchers noted this direct exploitation of collaboration tools via email attachments is extremely rare, suggesting involvement of highly skilled threat actors.

Source: Dark Reading