June 17, 2025

Supply Chain Attack on NPM Packages

In June 2025, a significant supply chain attack on the NPM ecosystem was uncovered, primarily affecting multiple React-Native Aria packages that had been tampered with to distribute a Remote Access Trojan (RAT). The malicious code was embedded in seemingly routine updates, beginning with @react-native-aria/focus version 0.2.10 and quickly spreading across related packages, many of which collectively record hundreds of thousands […]
June 4, 2025

16 Billion Credentials Leaked in Massive Data Dump

Cybersecurity researchers revealed the exposure of an unprecedented 16 billion login credentials, described as the largest credential compilation ever recorded. The data, sourced from past breaches, infostealer malware logs, and recycled leaks, included usernames, passwords, cookies, and tokens linked to major platforms such as Google, Apple, Facebook, Telegram, and government services. While many experts stressed that much of the dataset […]
May 25, 2025

Cellcom Outage Mobile Carrier Suffers Major Cyberattack

Wisconsin-based wireless carrier Cellcom suffered a major cyberattack that severely disrupted mobile services for nearly 75,000 subscribers across Northeast Wisconsin and Michigan’s Upper Peninsula. The outage began on May 14, leaving customers unable to make calls, send SMS messages, or port numbers, though 911 services, mobile data, iMessage, and RCS messaging continued to function.At first, Cellcom described the disruption as […]
May 17, 2025

Peter Green Chilled Supply Chain Attack

UK-based logistics firm Peter Green Chilled, a key distributor of chilled, frozen, and ambient foods to major supermarkets including Tesco, Sainsbury’s, M&S, Aldi, Waitrose, Co-op, Asda, and Morrisons, suffered a significant ransomware attack. The incident began on the evening of 14 May, when malicious actors encrypted the company’s systems. By 15 – 16 May, order processing was fully disrupted, though […]
May 8, 2025

Coinbase Ransomware Attack Insider Participation

Coinbase publicly disclosed that cybercriminals had orchestrated a major insider-mediated extortion attempt. These attackers had bribed overseas customer support agents to access and steal sensitive customer data—including names, addresses, phone numbers, emails, images of government-issued IDs, masked Social Security and bank account details, account balances, transaction histories, and certain internal corporate documents.Coinbase estimated that less than 1% of its monthly […]
May 2, 2025

Retail Giants Harrods and Co-Op Under Attack

A wave of cyberattacks targeted major UK retail institutions, including Harrods and the Co-operative Group (Co-op), alongside Marks & Spencer (M&S). These assaults unfolded in rapid succession and collectively exposed systemic vulnerabilities in the retail sector’s cybersecurity infrastructure.Harrods, the renowned luxury department store, disclosed on May 1, 2025, that it had experienced attempted unauthorized access to its systems. In response, […]
April 25, 2025

Apple iPhone Targeted by Advanced Attackers

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS, and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.CVE-2025-31200 affects CoreAudio, an API Apple devices use for processing audio. The memory corruption vulnerability can be triggered with a maliciously crafted media file: when the audio […]
April 15, 2025

Zero-Day Supply Chain Breach Hits Real Estate Sector

Microsoft disclosed a critical zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS) driver. The flaw was actively exploited by a threat group known as Storm-2460, which deployed PipeMagic malware to gain elevated privileges, harvest credentials, and execute ransomware attacks. While the broader campaign mainly impacted IT and technical service providers, the real estate sector was among the […]
April 10, 2025

Supply Chain Email Breach Hits Marketing Giants

A notable supply-chain email breach impacted marketing giants through the compromise of OAuth tokens associated with Salesloft’s Drift platform. This breach propagated through integrations such as Salesforce, affecting hundreds of companies, including high-profile security enterprises like Cloudflare, Zscaler, Palo Alto Networks, SpyCloud, and Tanium. Attackers exploited the interconnected nature of modern SaaS ecosystems, leveraging downstream trust to access sensitive credentials […]
Prev page
123456789101112131415161718192021222324252627282930313233343536373839404142
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.