June 4, 2025

16 Billion Credentials Leaked in Massive Data Dump

Cybersecurity researchers revealed the exposure of an unprecedented 16 billion login credentials, described as the largest credential compilation ever recorded. The data, sourced from past breaches, infostealer malware logs, and recycled leaks, included usernames, passwords, cookies, and tokens linked to major platforms such as Google, Apple, Facebook, Telegram, and government services. While many experts stressed that much of the dataset […]
May 17, 2025

Peter Green Chilled Supply Chain Attack

UK-based logistics firm Peter Green Chilled, a key distributor of chilled, frozen, and ambient foods to major supermarkets including Tesco, Sainsbury’s, M&S, Aldi, Waitrose, Co-op, Asda, and Morrisons, suffered a significant ransomware attack. The incident began on the evening of 14 May, when malicious actors encrypted the company’s systems. By 15 – 16 May, order processing was fully disrupted, though […]
May 8, 2025

Coinbase Ransomware Attack Insider Participation

Coinbase publicly disclosed that cybercriminals had orchestrated a major insider-mediated extortion attempt. These attackers had bribed overseas customer support agents to access and steal sensitive customer data—including names, addresses, phone numbers, emails, images of government-issued IDs, masked Social Security and bank account details, account balances, transaction histories, and certain internal corporate documents.Coinbase estimated that less than 1% of its monthly […]
May 2, 2025

Retail Giants Harrods and Co-Op Under Attack

A wave of cyberattacks targeted major UK retail institutions, including Harrods and the Co-operative Group (Co-op), alongside Marks & Spencer (M&S). These assaults unfolded in rapid succession and collectively exposed systemic vulnerabilities in the retail sector’s cybersecurity infrastructure.Harrods, the renowned luxury department store, disclosed on May 1, 2025, that it had experienced attempted unauthorized access to its systems. In response, […]
April 15, 2025

Zero-Day Supply Chain Breach Hits Real Estate Sector

Microsoft disclosed a critical zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS) driver. The flaw was actively exploited by a threat group known as Storm-2460, which deployed PipeMagic malware to gain elevated privileges, harvest credentials, and execute ransomware attacks. While the broader campaign mainly impacted IT and technical service providers, the real estate sector was among the […]
April 5, 2025

 Massive Cyber-Attack Halts Marks & Spencer Operations

Marks & Spencer experienced a massive cyberattack that completely halted its online operations, including website and app transaction processing. While customers could still browse products, all new orders were suspended as a precautionary measure stores remained open for in-person shopping.The breach, which began during the Easter weekend, also disrupted click-and-collect services, contactless payments, and other in-store functionalities. M&S relied on […]
March 30, 2025

Cyber Attack Disrupts Ukrainian Railway’s Online Services

Ukrainian state railway operator Ukrzaliznytsia was formally and definitively attacked by a large-scale, multi-layered cyberattack that disrupted its online services, particularly the mobile app and website used for ticket purchases. Despite this, train schedules remained unaffected, and all physical train operations continued uninterrupted. As a result of the attack, significant queues formed at Kyiv’s central railway station and other major […]
March 28, 2025

Massive Supply Chain Attack on GitHub Actions

A major supply chain attack targeted GitHub Actions, one of the most widely used automation platforms in modern software development. The incident involved the compromise of the popular open-source Action tj-actions/changed-files, which had been adopted in more than 23,000 repositories. Researchers discovered that malicious code had been injected into the Action, enabling the exfiltration of sensitive secrets such as API […]
March 5, 2025

Oracle Cloud Breach 6 Million Records Exposed

A major breach targeted Oracle Cloud in March 2025, with the threat actor “rose87168” claiming to have stolen 6 million records containing sensitive credentials, including SSO passwords and Java KeyStore files, impacting over 140,000 tenant organizations worldwide. The attacker attempted to extort Oracle, demanding $20 million in exchange for technical information. Oracle initially denied the breach but later began notifying […]
Prev page
1234567891011121314151617181920212223242526272829303132333435
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.