Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. Since last week, the retailer has been notifying customers that their info was exposed in a data breach, first in South Korea, then in Turkey, and on Friday in the United Kingdom. READ MORE...
United Natural Foods, Inc.'s commercial operating capacity has returned to "normalized levels" as of this week following the cyberattack that temporarily brought down its online systems in June, the grocery distributor disclosed Wednesday. The company expects to lose between $350 million and $400 million in sales as a result of the attack, with the overall operational impact of the incident mostly limited to its current quarter. READ MORE...
Security researcher Jeremiah Fowler found a publicly accessible database online that contained highly personal information from an adoption agency. Jeremiah, who specializes in locating exposed cloud storage, is used to finding sensitive information exposed. However, because of the nature of the information, this one immediately raised his concern and he hurried to find out who owned the data. READ MORE...
An international law enforcement operation conducted this week targeted the members of and infrastructure used by NoName057(16), a pro-Russian hacktivist group that has conducted distributed denial-of-service (DDoS) attacks across Europe since early 2022. Operation Eastwood disrupted over 100 servers worldwide and resulted in two arrests, seven international arrest warrants, and 24 house searches across multiple jurisdictions. READ MORE...
Even hard-headed military types can fall victim to romance scams, it seems. A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app. David Slater was a retired colonel in the US army who took up work as a civilian at US Strategic Command, according to the Department of Justice. He spilled the beans on a foreign online dating app between February and April 2022. Russia invaded Ukraine in February 2022. READ MORE...
Oracle has released 309 new security patches as part of its July 2025 Critical Patch Update (CPU), including 127 fixes for vulnerabilities that are remotely exploitable without authentication. SecurityWeek has identified roughly 200 unique CVEs in Oracle's July 2025 CPU and counted nine patches that address critical-severity flaws. The same as in April, Oracle Communications received the largest number of security fixes. READ MORE...
Broadcom informed customers this week that several VMware product vulnerabilities disclosed earlier this year at the Pwn2Own hacking competition have been patched. Participants earned more than $1 million at the Pwn2Own Berlin 2025 competition organized by Trend Micro's Zero Day Initiative (ZDI). More than $340,000 was paid out for exploits targeting VMware products. The STARLabs SG team earned $150,000 for exploiting a single integer overflow bug to hack VMware ESXi. READ MORE...
An Armenian national is in federal custody and faces charges stemming from their alleged involvement in a spree of attacks in 2019 and 2020 involving Ryuk ransomware, the Justice Department said Wednesday. Karen Serobovich Vardanyan, 33, was extradited from Ukraine to the United States on June 18 and pleaded not guilty to the charges in his first appearance in federal court June 20. Vardanyan is awaiting a seven-day jury trial scheduled to begin Aug. 26. READ MORE...
Cyberattackers are using active spear-phishing and an upgraded malware-as-a-service (MaaS) loader to lubricate high-value ransomware infections. "Matanbuchus" is a 4-year-old luxury malware loader sold as a subscription model on the Dark Web. Its latest 3.0 version has been rewritten from scratch, with a suite of new features "taking into account the wishes of even the most fastidious clients," according to its developer. READ MORE...
To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. The outage occurred on July 14 and impacted most users of the service all over the world, rendering internet services unavailable in many cases. "The root cause was an internal configuration error and not the result of an attack or a BGP hijack," Cloudflare says in the announcement. READ MORE...
Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and secure access by mobile devices. The targeted devices are end of life, meaning they no longer receive regular updates for stability and security. Despite the status, many organizations continue to rely on them. READ MORE...