United Natural Foods, distributor for Whole Foods Market, hit by cyberattack
Whole Foods Market's primary food distributor United Natural Foods is experiencing operational disruptions in response to a cyberattack it detected last week, the company said in a regulatory filing released Monday. The Rhode Island-based natural food distributor said it took some systems offline Thursday when it became aware of unauthorized activity on its IT systems. The attack and response has "temporarily impacted the company's ability to fulfill and distribute customer orders." READ MORE...
Sensata Technologies says personal data stolen by ransomware gang
Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. Sensata is a global industrial tech firm specializing in mission-critical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion. READ MORE...
Hackers Stole 300,000 Crash Reports From Texas Department of Transportation
The Texas Department of Transportation (TxDOT) says hackers accessed its Crash Records Information System (CRIS) and downloaded roughly 300,000 crash reports. The incident, TxDOT says, was discovered on May 12 and occurred after a system account was compromised and used to access information stored in CRIS. The agency says it disabled access to the compromised account immediately after identifying the suspicious activity and launched an investigation on how the compromise occurred. READ MORE...
Stolen Ticketmaster data from Snowflake attacks briefly for sale again
The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. The extortion group posted screenshots of the allegedly stolen data, advertising over 569 GB of Ticketmaster data for sale, causing speculation that this was a new breach. The files shown match samples of Ticketmaster data we previously saw during the 2024 Snowflake data theft attacks. READ MORE...
Internet infamy drives The Com's crime sprees
The Com doesn't fit into a traditional definition of cybercrime. While the majority of groups tend to either be financially-motivated or working at the behest of a government, The Com's chaotic, sprawling network, composed of mostly teenagers and young adults, are committing their crimes primarily for notoriety amongst their peers on the internet, Allison Nixon, chief research officer at Unit 221B, said Friday during a presentation at a cybersecurity conference. READ MORE...
'Librarian Ghouls' Cyberattackers Strike at Night
A newly uncovered cyber campaign by an advanced persistent threat (APT) group known as "Librarian Ghouls" is targeting organizations in Russia with stealthy nighttime attacks to steal sensitive data and deploy cryptocurrency miners on victim systems. According to Kaspersky researchers tracking the campaign, the initial infection vector involves targeted phishing emails carrying password-protected archive files that contain executable payloads. READ MORE...
Scattered Spider targeting MSPs, IT vendors in social engineering campaigns
Scattered Spider, the collective cyber-threat group suspected in the hacks of multiple retail brands in the United Kingdom, Europe and the U.S., is now targeting managed service providers and IT vendors as part of a sophisticated campaign to infiltrate customers of those companies, according to a report released on Friday from Reliaquest. The threat group has used social engineering techniques to trick workers into providing access to these various organizations. READ MORE...
Critical Vulnerability Patched in SAP NetWeaver
Enterprise software maker SAP on Tuesday announced the release of 14 new security patches as part of its June 2025 Security Patch Day, including a note addressing a critical-severity vulnerability in NetWeaver. Tracked as CVE-2025-42989 (CVSS score of 9.6), the critical bug is described as a missing authorization check in the NetWeaver application server for ABAP. According to software security firm Onapsis, the issue allows attackers to bypass authorization checks and elevate their privileges. READ MORE...
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
Two malicious npm packages disguised as legitimate developer utilities on the npm registry contain backdoors that could wipe out entire production systems, posing a threat to the software supply chain. Researchers from Socket Security's Threat Research Team discovered the packages, express-api-sync and system-health-sync-api, which both secretly register hidden endpoints through backdoors lurking within. READ MORE...
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what's possible. Supporting the bulletin issued by the Department of Homeland Security (DHS) earlier this year, which warned of exposed cameras potentially being used in Chinese espionage campaigns, the team at Bitsight was able to tap into feeds of sensitive locations. READ MORE...
- ...in 1776, The Continental Congress appoints a committee to write a Declaration of Independence.
- ...in 1920, The Republican Party convention in Chicago endorses women's suffrage.
- ...in 1940, Italy declares war on France and Great Britain.
- ...in 1944, Cincinnati Reds pitcher Joe Nuxhall makes his major league baseball debut and becomes the youngest player in history at the age of 15.
