Hackers hit Iranian apps, websites after US-Israeli strikes

Cyber-enabled operations accompanied joint U.S.-Israeli strikes on Iran early Saturday. State-linked Iranian hacking groups conducted data-wiping attacks on Israeli targets, while unidentified actors defaced the BadeSaba religious calendar app—downloaded by over 5 million users—with messages urging Iranian armed forces to disarm. CrowdStrike observed Iranian-aligned threat actors conducting reconnaissance and DDoS attacks alongside physical military operations.

The Case for Why Better Breach Transparency Matters

RSA Conference session led by security consultants Adam Shostack and Adrian Sanabria highlights systemic lack of feedback mechanisms in cybersecurity incident response, arguing that mandated detailed breach disclosure is essential to reduce cyber-risk. Current US requirements vary state-by-state with publicly traded companies only obligated to report material-impact incidents, while The British Library's 2023 ransomware after-action report cited as rare example of comprehensive public accountability.

Ransomware payments cratered in 2025

Chainalysis research shows ransomware payments dropped to record lows in 2025 despite attacks surging 50% year-over-year, with over 8,000 organizations publicly named on leak sites according to Emsisoft data. Developed economies remain primary targets with the US leading followed by Canada, Germany, and UK, while high-profile victims included Jaguar Land Rover's costliest UK cyber incident and Marks & Spencer's Scattered Spider-linked breach wiping hundreds of millions in market value.

Conduent Data Breach Could Affect 25M People. Learn How to Protect Your Online Accounts

A ransomware attack on government contractor Conduent has exposed personal data of 25 million Americans across multiple state healthcare programs, including names, Social Security numbers, and medical information. The SafePay ransomware gang spent three months in Conduent's systems before discovery, exfiltrating approximately 8 terabytes of data. Many affected individuals were unaware their data flowed through Conduent's backend systems, highlighting systemic supply-chain vulnerabilities in government technology procurement.

Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses

Congressional Democrats released findings showing data broker breaches have cost consumers tens of billions in identity theft losses. The report follows a WIRED investigation that exposed how data brokers hid opt-out pages from search engines using "no index" codes, making it nearly impossible for consumers to remove their personal information. Four companies subsequently removed the blocking code after congressional scrutiny.

How scammers are using AI deepfakes to steal money from taxpayers

Ad Tech Company Optimizely Targeted in Cyberattack

Ad technology firm Optimizely confirmed that a voice-phishing attack compromised internal business systems including Zendesk and Salesforce, exposing customer data. The breach affects major enterprise clients including PayPal, Salesforce, Vodafone, and Zoom. Voice phishing enables attackers to bypass technical security measures by targeting employees through social engineering.

Destitute survivors of south-east Asia's cyberscam farms an 'international crisis'

The Guardian reports that thousands of survivors freed from forced-labor cyberscam compounds across Southeast Asia are now destitute and sleeping on streets, with aid agencies warning of an international humanitarian crisis. Victims trafficked into compounds to conduct global cryptocurrency and investment scams lack passports, money, and support from Cambodian authorities who have failed to offer victim screening or other assistance.

Teenager first in SA to be prosecuted for allegedly creating deepfake images

William Hamish Yeates, 19, became the first person in South Australia prosecuted under 2024 Commonwealth laws criminalizing non-consensual deepfake pornography. He faces eight counts of creating or altering sexual material without consent for allegedly generating explicit deepfake images of a teenage girl and distributing them on social media. The case marks an early enforcement action against AI-generated intimate image abuse under Australia's federal deepfake legislation.

Ministers urged to impose temporary ban on crypto political donations

UK Parliament's Joint Committee on National Security Strategy demanded a moratorium on cryptocurrency political donations until safeguards against foreign interference are implemented. The warning comes after the Representation of the People bill omitted crypto donation restrictions despite concerns that digital assets enable malign actors to conceal funding sources, complicating Electoral Commission and law enforcement oversight capabilities.

CrowdStrike says attackers are moving through networks in under 30 minutes

CrowdStrike's 2026 Global Threat Report found the average time from intrusion to lateral network movement plummeted to 29 minutes in 2025, a 65% increase in attack speed. State-sponsored threat actors increased cloud intrusion activity by 266% while AI-enabled adversary activity surged 89%. Chinese threat groups achieved immediate system access in two-thirds of vulnerability exploitations, with 40% targeting edge devices. North Korea's Lazarus Group orchestrated the largest cryptocurrency theft in history stealing $1.46 billion from Bybit.

600+ FortiGate Devices Hacked by AI-Armed Amateur

A Russian-speaking threat actor used commercial generative AI tools to compromise more than 600 Fortinet FortiGate firewalls across 55 countries in five weeks. Researchers from Amazon Web Services found the attacker was not state-sponsored but used LLMs to automate attack scripting, credential extraction, and lateral movement. The campaign exploited exposed management ports and weak credentials, with AI enabling the low-skilled actor to achieve outcomes previously requiring substantial technical expertise.

Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS

Amazon Web Services threat researchers identified a Russian-speaking hacker who compromised over 600 Fortinet FortiGate firewall instances across 55 countries using generative AI tools. The attacker exploited exposed management ports and weak credentials, then used AI to generate Python scripts for credential extraction and lateral movement. AWS confirmed the threat actor is not associated with any advanced persistent threat group, demonstrating how commercial AI services lower technical barriers for unsophisticated attackers to execute scaled campaigns.

The Big One: The cyberattack scenarios that keep officials up at night

Seven former national security officials and industry leaders detailed their gravest cybersecurity concerns. Paul Nakasone, former NSA and Cyber Command head, warned that nation-state actors who have breached food and water infrastructure could accidentally trigger catastrophic outages if they lose control of AI agents. Former CISA director Jen Easterly noted AI is scaling existing weaknesses in insecure software and over-trusted automation.

Password Managers Share a Hidden Weakness

Researchers at ETH Zurich and USI Lugano have exposed fundamental flaws in password manager cryptographic implementations, challenging "zero knowledge" claims that companies claim prevent them from accessing user credentials. The study demonstrates that malicious insiders or sophisticated hackers can exploit these cryptographic weaknesses to compromise the supposedly secure vaults across multiple major platforms. The findings undermine years of privacy assurances that have positioned password managers as essential security infrastructure.

Top NATO allies believe cyberattacks on hospitals are an act of war. They're still struggling to fight back.

A major poll across the US and four NATO member states reveals that majorities in each country view cyberattacks on critical infrastructure, particularly hospitals and energy grids, as acts of war. Despite this consensus, the allied nations remain divided on appropriate responses, with less than half believing that hacking political leaders' private communications constitutes an act of war. State-linked attacks have escalated dramatically - the 2024 Change Healthcare breach exposed 190 million US medical records, while a Russian cyberattack on UK NHS systems contributed to a patient's death. Iranian government-backed hackers also targeted Boston Children's Hospital in 2022.

Mississippi hospital system closes all clinics after ransomware attack

The University of Mississippi Medical Center has closed all clinics and canceled elective procedures for a second consecutive day following a ransomware attack that disrupted critical healthcare systems. The attack forced the state's only academic medical center to divert ambulances and postpone patient care as IT teams work to contain the breach and restore operations. The incident represents the latest in a series of ransomware attacks targeting U.S. healthcare infrastructure, demonstrating the vulnerability of critical medical systems to cyber extortion operations.

A small number of samples can poison LLMs of any size

Even a tiny number of malicious documents can create hidden backdoors in large language models, enabling unseen actors to subtly compromise AI systems deeply integrated into society

Discord says 70,000 users may have had their government IDs leaked in breach

Third-party breach exposes government ID photos of 70,000 users for extortion schemes, highlighting biometric data vulnerability in surveillance economy

One iPhone led police to gang who sent 40,000 snatched phones to China

Device tracking surveillance capabilities enable law enforcement to dismantle international theft operation through digital breadcrumbs