Ticker feed

Air France and KLM disclosed yesterday that hackers breached their customer service platform, stealing personal data including names, email addresses, phone numbers, and rewards program details. The airlines quickly cut off the attackers' access and stressed that sensitive information like passwords, credit card details, and passport data remained secure.

Both airlines reported the incident to their respective data protection authorities and are notifying affected customers. Security experts suspect the breach may be linked to the ShinyHunters group, which has targeted Salesforce platforms to attack major brands like Chanel and Dior. The incident highlights how cybercriminals increasingly focus on software-as-a-service platforms that store vast amounts of customer data.

Source: Dark Reading

Columbia University revealed that hackers breached its network on May 16, stealing personal data from nearly 870,000 current and former students, applicants, and employees. The stolen information includes names, Social Security numbers, birth dates, contact details, academic records, and financial aid information.

The university discovered the breach after experiencing a technical outage on June 24. Working with cybersecurity experts, they found that an unauthorized actor had accessed their systems and stolen 460GB of data.

While there's no evidence the stolen data has been misused yet, Columbia isn't ruling out future misuse. The university is offering two years of free credit monitoring through Kroll and urging affected individuals to monitor their accounts for suspicious activity.

Source: Dark Reading

Bouygues Telecom, one of France's largest telecommunications companies, discovered a cyberattack on August 4 that compromised personal information of 6.4 million customers. Hackers accessed contact details, contract data, and bank account numbers for both individual and business customers.

The company assured customers that passwords and payment card information weren't compromised. Affected customers are being notified by email and text, with warnings to watch for fraudulent communications.

This follows another recent attack on French telecom Orange in July, highlighting the sector's vulnerability to cybercriminals.

Source: SecurityWeek

OPSWAT's 2025 Threat Report reveals a staggering 127% increase in malware complexity over six months, with legacy security systems missing one in every 14 threats. The analysis of 890,000 sandbox scans shows attackers are using multi-stage execution chains and hiding payloads in benign formats like .NET Bitmaps and Google services.

Critical infrastructure sectors including manufacturing, energy, and utilities face the heaviest targeting. New techniques like ClickFix clipboard attacks are spreading among criminal and nation-state actors. The report warns that signature-based defenses can't handle today's evasive, behavior-driven malware, urging organizations to adopt dynamic, behavioral detection systems.

Source: Industrial Cyber

Luxury fashion house Chanel notified customers of a data breach discovered July 25, affecting a subset of US client care contacts. Hackers accessed names, email addresses, mailing addresses, and phone numbers through a compromised third-party Salesforce provider.

The breach is part of a larger wave targeting Salesforce customers since March, using voice phishing tactics to trick employees into authorizing malicious apps. Other luxury brands hit include Adidas, Dior, and Tiffany & Co.

Threat actors identifying as ShinyHunters typically follow up with extortion demands, giving victims 72 hours to pay Bitcoin ransoms or face data publication on underground forums.

Source: Dark Reading

SonicWall has confirmed that recent ransomware attacks targeting its SSL VPN products weren't caused by a new zero-day vulnerability, but rather were the result of attackers exploiting the previously patched CVE-2024-40766 flaw. The attacks affected fewer than 40 customers and appear linked to legacy credentials left over during migrations from Generation 6 to Generation 7 firewalls.

Attackers exploited outdated or weak credentials that weren't updated during hardware upgrades. SonicWall is urging customers to immediately change their credentials and upgrade to SonicOS 7.3.0, which includes enhanced multi-factor authentication, login attempt lockouts, and stronger password policies to prevent future attacks.

Source: Cyber Security News

Darktrace's latest research reveals cybercriminals are increasingly using artificial intelligence to scale and sharpen their attacks. The company detected over 12.6 million malicious emails between January and May 2025, with threat actors leveraging AI-powered tools like large language models to create convincing phishing campaigns at unprecedented speed.

Advanced persistent threat groups, ransomware-as-a-service operations, and malware distributors are all adopting AI technology. Notable threats include the LameHug malware powered by open-source AI and sophisticated ClickFix social engineering campaigns. Chinese-linked actors exploited critical vulnerabilities in government infrastructure weeks before public disclosure, highlighting the evolving threat landscape that traditional security tools struggle to counter.

Source: Industrial Cyber

Google disclosed Tuesday that hackers breached its corporate Salesforce instance in June, stealing contact information for small and medium businesses. The attack was carried out by threat group UNC6040, linked to notorious cybercrime groups Scattered Spider and ShinyHunters. The same campaign has hit Adidas, Cisco, Dior, and others through sophisticated phishing attacks targeting Salesforce customers.

Google says the stolen data was mostly publicly available business information like company names and contact details. The hackers follow up with extortion demands, threatening victims to pay bitcoin within 72 hours or face data leaks.

Source: Security Week

Cybercriminals are abusing Microsoft 365's Direct Send feature to bypass email security and send phishing emails that appear to come from internal users. The technique exploits a legitimate feature designed for printers and scanners, allowing attackers to evade authentication protocols like SPF, DKIM, and DMARC.

Security firm StrongestLayer documented successful attacks targeting HR, finance, and executive personnel. Multiple vendors report widespread campaigns affecting over 70 organizations since May, primarily in US financial services, manufacturing, and healthcare sectors.

Microsoft has acknowledged the issue and introduced detection options, but experts recommend disabling Direct Send and implementing strict DMARC policies.

Source: Dark Reading

Kidney dialysis provider DaVita suffered a massive ransomware attack in April 2025 that compromised personal information of more than one million people. The Interlock ransomware gang accessed DaVita's dialysis labs database, stealing names, Social Security numbers, medical records, financial details, and even images of personal checks.

The breach affected both DaVita patients and individuals whose lab results were processed by DaVita Labs for other healthcare providers. DaVita has offered free credit monitoring and identity protection services to victims.

The attack cost DaVita $13.5 million in remediation expenses and disrupted patient care. This ranks as the seventh largest data breach of 2025 and highlights the growing threat ransomware poses to healthcare systems nationwide.

Source: SecurityWeek