IT Security Newsletter - 7/28/2025
US spy satellite agency breached, but insists no classified secrets spilled
A computer intrusion hit the US spy satellite agency, but officials insist no classified secrets were lost - just some unclassified ones, apparently. The National Reconnaissance Office (NRO) confirmed to The Register that attackers gained limited access to its networks, but no classified data was exposed. It would not answer whether the attack was linked to the SharePoint vulnerability that was used to break into other government agencies, such as the US National Nuclear Security Administration. READ MORE...
NASCAR Confirms Personal Information Stolen in Ransomware Attack
The National Association for Stock Car Auto Racing (NASCAR) is notifying an unknown number of individuals that their personal information was stolen in an April 2025 cyberattack. The incident, the company says, was identified on April 3 and involved unauthorized access to systems on its network. NASCAR immediately activated its response plan, retained a cybersecurity firm to help it investigate, and notified law enforcement. READ MORE...
Allianz Life discloses massive data breach linked to supply-chain attack
Allianz Life Insurance Company of North America on Friday disclosed a massive data breach affecting most of the firm's 1.4 million U.S. customers, professionals and select employees. In a statement, the Minneapolis-based insurance provider said a hacker used social engineering to breach one of its cloud vendors on July 16 and steal most of its customers' personally identifiable information. The company said it discovered the intrusion the next day. READ MORE...
Aeroflot aeroflops over 'IT issues' after attackers claim year-long compromise
Russia's largest airline, Aeroflot, canceled numerous flights on Monday morning following what it says was a failure in its IT systems - something hacktivists are claiming responsiblity for. Several flights departing from and arriving at Moscow's Sheremetyevo Airport were either delayed or canceled entirely, with passengers told to pay attention to announcements made at affected airports. READ MORE...
French submarine secrets surface after cyber attack
European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers. Naval Group builds and maintains an array of ships and submarines for the French navy, including aircraft carriers and nuclear submarines. It counts several foreign navies amongst its customers including India and Brazil. READ MORE...
FBI alerts tie together threats of cybercrime, physical violence from The Com
The FBI released a trove of research on The Com last week, warning that the sprawling cybercriminal network of minors and young adults is growing rapidly and splintering into three primary subsets described by officials as Hacker Com, In Real Life Com and Extortion Com. The warnings lay out how The Com's thousands of members, typically between 11 and 25 years old, pose a rising threat, especially to youth online, the FBI said. READ MORE...
'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
A suspected Chinese nation-state threat group is conducting an extensive cyberespionage campaign that takes advantage of vulnerable VMware ESXi and vCenter environments. Since early 2025, researchers at Sygnia have responded to multiple incidents tied to a cyberespionage campaign they track as "Fire Ant." According to research published Thursday, Fire Ant actors are establishing initial access in organizations' VMware systems, which have become popular targets for attackers in recent years. READ MORE...
Supply-chain attacks on open source software are getting out of hand
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users. The latest target, according to security firm Socket, is JavaScript code available on repository npm. A total of 10 packages available from the npm page belonging to global talent agency Toptal contained malware. READ MORE...
Steam games abused to deliver malware once again
A cybercriminal known as EncryptHub (aka Larva-208) has reportedly abused the online game platform Steam to distribute information stealers. EncryptHub managed to sneak malicious files into the Chemia game files hosted on Steam. Chemia is an adventurous survival type of game that puts the player in a world ravaged by a catastrophic natural disaster… which is nothing compared to the real-world disasters that can be caused by information stealers. READ MORE...
Microsoft's software licensing playbook is a national security risk
News of two major Microsoft security events in as many weeks should concern every federal agency, not just because of the breaches themselves, but because of what they reveal about how the company does business. First, ProPublica uncovered that Microsoft allowed Chinese engineers to work on sensitive U.S. military cloud projects under the supervision of underqualified subcontractors. READ MORE...
- ...in 1866, English children's writer and illustrator Beatrix Potter ("The Tale of Peter Rabbit") is born in London.
- ...in 1868, the 14th Amendment to the U.S. Constitution is adopted, granting citizenship to all persons born in the U.S., as well as due process and equal protection under the law.
- ...in 1929, First Lady and publishing editor Jacqueline Kennedy Onassis (nee Jacqueline Bouvier) is born in Southampton, NY.
- ...in 1984, the 23rd Summer Olympics officially opens in Los Angeles.