Ticker feed

The Chinese state-sponsored Salt Typhoon hacking group has expanded far beyond telecommunications, now targeting government, transportation, lodging, and military networks across 80+ countries. The FBI revealed Wednesday that over 200 American organizations have been compromised, vastly exceeding the nine telecom companies previously identified.

This campaign, dubbed the most serious telecom breach in US history, may have started years ago and famously targeted US presidential candidates. Cybersecurity agencies from 12 countries issued joint technical guidance to help organizations defend against the attacks.

The hackers exploit router vulnerabilities to maintain persistent access across critical infrastructure. Beyond stealing communications data, targeting hospitality and transportation sectors allows them to build comprehensive surveillance profiles of individuals' movements and contacts.

Source: CyberScoop

Citrix is dealing with another security crisis as attackers actively exploit a zero-day vulnerability in its NetScaler products. The critical flaw, CVE-2025-7775, scores 9.2 out of 10 on the severity scale and allows remote attackers to hijack systems or crash them without needing credentials.

The vulnerability affects NetScaler ADC and Gateway devices used by organizations for secure remote access. Two additional flaws were also disclosed, bringing the total to three new security holes. What's particularly concerning is that nearly 20% of NetScaler devices run on unsupported, end-of-life versions that can't be patched.

This marks yet another blow for Citrix, whose NetScaler products have become a favorite target for cybercriminals. The US government currently lists 10 NetScaler vulnerabilities in its catalog of actively exploited flaws, with six discovered in just the past two years.

Source: Dark Reading

AT&T has reached a massive $177 million settlement for two major data breaches that exposed millions of customers' personal information. The 2019 breach affected 73 million people, exposing Social Security numbers and birth dates. A separate 2024 hack accessed phone records of 109 million customers through cloud provider Snowflake.

Customers can now file claims through November 18, 2025. Those who can prove documented losses may receive up to $5,000 for the 2019 breach and $2,500 for the 2024 incident. People affected by both breaches can claim compensation from each settlement. Even without proof of loss, eligible customers will receive cash payments based on which breach affected them.

Source: CNET

Healthcare Services Group, a major provider of housekeeping and food services to healthcare facilities, suffered a significant data breach affecting 624,000 individuals. The Pennsylvania-based company discovered unauthorized access to its systems containing sensitive personal information including names, Social Security numbers, and medical data.

The breach occurred earlier this year, though the company has not disclosed specific details about how attackers gained access or the exact timeline of the incident. Healthcare Services Group has notified affected individuals and is providing credit monitoring services.

This breach adds to the growing list of healthcare-related cyberattacks in 2025, highlighting ongoing vulnerabilities in the sector's digital infrastructure.

Source: Security Week

Cybersecurity researchers at Trail of Bits discovered a sneaky new way to trick AI systems through image scaling attacks. Attackers can hide malicious instructions in high-resolution images that become visible only when AI tools automatically downscale them for processing.

The attack works because the hidden prompt is invisible in the original image but appears clearly in the smaller version that gets fed to the AI model. Trail of Bits demonstrated this by hiding instructions to steal calendar data.

Several major platforms are vulnerable, including Google's Gemini, Vertex AI Studio, and Google Assistant. The researchers released an open-source tool called Anamorpher to help other security experts test for these vulnerabilities.

Source: Security Week

Australia is facing an unprecedented cyber crisis, with one attack hitting every second and over 1,100 data breaches reported in 2024—a 25% jump from 2023. The country now sees 732 breaches per 100 people, far exceeding the global average of 285.

AI-powered attacks are driving much of this surge. More than 50% of Australian businesses experienced cyberattacks in 2024, with 36% being AI-generated—higher rates than the US and UK. Cybercriminals are using AI for sophisticated phishing campaigns, with over 30 million attempts recorded, and even deploying voice-cloning technology for social engineering.

Supply chain vulnerabilities compound the problem, with 38% of breaches stemming from cybersecurity incidents. Healthcare and critical infrastructure remain prime targets through compromised third-party vendors.

Source: Cyble

CISA added a critical Git vulnerability (CVE-2025-48384) to its Known Exploited Vulnerabilities catalog Monday, warning that attackers are actively exploiting the flaw. The bug allows hackers to manipulate Git repositories with malicious .gitmodules files, potentially achieving remote code execution when developers clone infected repos.

The vulnerability affects macOS and Linux systems but not Windows. It stems from Git's handling of carriage return characters in submodule paths, letting attackers write files to unexpected locations. Git patched the issue in July across multiple versions, but CISA now requires federal agencies to update by September 15. Software developers and CI/CD systems remain primary targets.

Source: Security Week

Cybercriminals are exploiting over 100 compromised WordPress sites in a campaign called ShadowCaptcha, first detected in August 2025 by Israel's National Digital Agency. The attack redirects visitors to fake CAPTCHA pages that trick users into downloading ransomware, cryptocurrency miners, and data-stealing malware.

The scam uses social engineering tactics called ClickFix, automatically copying malicious commands to users' clipboards and instructing them to paste and run the code. Victims end up infected with Lumma and Rhadamanthys stealers, Epsilon Red ransomware, or XMRig cryptocurrency miners.

Most targeted sites are in Australia, Brazil, Italy, Canada, Colombia, and Israel across various industries. The campaign demonstrates how attackers now combine multiple attack methods for maximum profit.

Source: The Hacker News

French retail chain Auchan announced on August 21, 2025, that hackers breached their customer loyalty database, exposing personal information from "several hundred thousand" accounts. The stolen data includes names, email addresses, phone numbers, postal addresses, and loyalty card numbers.

Fortunately, financial data, passwords, and reward balances remained secure thanks to the company's segmented database architecture. Auchan immediately notified customers and France's data protection authority (CNIL), warning about potential phishing attacks using the stolen contact information.

This marks Auchan's second major breach in nine months, suggesting persistent vulnerabilities in their systems that need urgent attention.

Source: Cybersecurity News

Cybercriminals are selling access to a massive trove of scraped Discord data, including 1.8 billion messages from 35 million users across 6,000 servers.

This follows Discord's 2024 shutdown of similar service Spy.Pet, which had scraped data from 620 million users. The new operation targets people willing to pay for others' private conversations and those who'll pay to have their data removed.

Researchers warn the service is designed to facilitate online harassment and stalking, making it easier for bad actors to dig up personal information for malicious purposes.

Source: Cybernews