Ticker feed

The Education Authority (EA) has written to parents at 23 schools in Northern Ireland warning that their children's personal data may have been accessed in a recent cyber attack — 16 of those schools hadn't received any previous notification.

The attack targeted the C2K network, which handles IT for all schools across Northern Ireland, locking students out of accounts and resources during the lead-up to exam season. A 16-year-old boy was arrested and released on bail.

Forensic investigations are ongoing, and the EA says further notifications will follow as new evidence emerges.

Source: BBC News

Researchers at Unit 42 have uncovered a serious cloud attack technique called bucket hijacking, confirmed to work across Google Cloud, AWS, and Microsoft Azure. The method exploits a simple but fundamental flaw: cloud storage bucket names are globally unique, meaning whoever owns the name owns the destination.

An attacker with bucket deletion permissions can delete a target's active storage bucket, immediately re-register the same name under their own account, and watch the original data stream — audit logs, telemetry, metrics — flow silently into their environment. No alerts fire. No errors appear. The pipeline just keeps running.

Unit 42 recommends restricting deletion permissions, enforcing data perimeter controls, and monitoring bucket deletion API calls closely.

Source: Cybersecurity News

A supply chain attack on market intelligence platform Klue, carried out June 11–12, has now been confirmed by roughly two dozen customers, including AlertMedia, Blackbaud, Deel, and Tines. Hackers used legacy credentials to steal OAuth tokens and bulk-exfiltrate Salesforce data. Salesforce and Gong both disabled the Klue integration on June 17.

The threat actor, Icarus, demanded ransom via a Tor leak site — but then got hacked themselves. A second group reportedly stole sample data from Icarus and launched their own extortion campaign. Klue, which has hundreds of customers, says Icarus has begun deleting the stolen data, suggesting a ransom may have been paid.

Source: SecurityWeek

Japan's Ground Self-Defense Force (JGSDF) unknowingly used malware-infected USB drives on classified military networks for almost a year, according to Nikkei's investigation of leaked internal documents. The counterfeit drives, manufactured in China and sold at suspiciously low prices, were distributed during earthquake relief operations in March 2024.

By the time a soldier in Itami noticed his computer slowing down in February 2025, over 50 machines had connected to the infected drives — nearly half handling classified troop movement data. The malware matches a strain linked to a China-backed hacking group. The JGSDF never disclosed the breach publicly, even as identical drives spread to Japanese factories and research institutions.

Source: Cybersecurity News

Two young men convicted of the 2024 cyber-attack on Transport for London were repeat offenders well known to law enforcement long before the breach. Owen Flowers, 18, from Walsall, and Thalha Jubair, 20, from east London, pleaded guilty Monday to the attack, which disrupted TfL services for months and exposed data on millions of people.

Flowers first caught police attention at 16. Jubair had 22 prior convictions and previously received a youth rehabilitation order for hacking Nvidia and BT/EE. Both are also wanted in the US. Sentencing is set for July 16. The National Crime Agency is now pushing for stronger pre-emptive legal powers to intervene earlier with high-risk young offenders.

Source: BBC News

Microsoft and law enforcement pulled off something new this week — dismantling two criminal hacking tools simultaneously instead of one at a time. Working with Europol, ESET, IBM X-Force, Proofpoint, and several national police agencies, they used the RICO Act to take down more than 200 command-and-control servers linked to Amadey and StealC.

The two tools are commonly used together: Amadey delivers malware, StealC steals passwords, crypto wallets, and personal data. In just the first week of May, they infected over 140,000 computers globally. Microsoft says AI tools helped lawyers connect both threats as a single criminal conspiracy — a strategy it plans to expand.

Source: CyberScoop

A critical Android zero-day vulnerability, CVE-2025-48595, is being actively exploited in targeted attacks — no user interaction required. Disclosed in Google's June 2026 Android Security Bulletin, the flaw sits in the Android Framework and lets attackers remotely escalate privileges, bypassing core security boundaries to access sensitive system resources.

Devices running Android 14, 15, 16, and 16 QPR2 are all affected. Patch level 2026-06-05 fixes the issue, and Google notified OEM partners over a month ahead of public disclosure. Users should update immediately — sideloaders face the highest risk, as third-party app channels are common exploit delivery points.

Source: Cybersecurity News

A severe vulnerability chain in Splunk Enterprise is letting unauthenticated attackers execute remote code, no login required. Tracked as CVE-2026-20253 with a CVSS score of 9.8, the flaw targets the PostgreSQL Sidecar Service introduced in Splunk Enterprise 10 and later.

The service is active by default on AWS deployments, making cloud installations immediately exposed. Researchers at watchTowr Labs found attackers can send crafted HTTP requests to internal API endpoints, manipulate file paths, inject malicious database connections, and ultimately overwrite Python scripts to run arbitrary commands.

Splunk has released a patch — AWS users should prioritize updating immediately.

Source: Cybersecurity News

A well-known hacking group has breached the University of Nottingham's systems, accessing "a significant amount of data" — including financial information — belonging to current students and alumni. The university confirmed the attack on Wednesday and has since set up a helpline, notified police, and alerted the Information Commissioner's Office, the Office for Students, and Action Fraud.

Students and graduates are rattled. Incoming law student Tolu Olufunwa, 17, said the breach made her question her university choice. Graduate Jacob Edwards, 23, criticized the university's vague communication. Former applicant Margaret Ladipo, 19, has already changed her bank details and passwords after learning her national insurance number was compromised.

Source: BBC News

The ShinyHunters extortion gang exploited a critical zero-day vulnerability in Oracle's PeopleSoft software between May 27 and June 9, 2026, compromising more than 300 instances across 100+ organizations. The flaw, CVE-2026-35273 (CVSS 9.8), allowed unauthenticated remote code execution through PeopleSoft's Environment Management Hub service.

About 68% of targeted organizations were higher education institutions. The University of Nottingham confirmed a breach, with ShinyHunters claiming 40 GB of student records stolen. Oracle patched the vulnerability on June 10 after researchers flagged it. Organizations are urged to disable or block external access to the EMHub service immediately.

Source: Dark Reading