Latest Security News Collection
ADT Investigates Cyberattack After Hacker Claims Major Customer Data Breach
Section titled “ADT Investigates Cyberattack After Hacker Claims Major Customer Data Breach”#CyberSecurity #DataBreach #ADT #CyberAttack #DataExtortion #IncidentResponse #CustomerData #ThreatIntelligence #InfoSec #CyberCrime
US home security provider ADT is investigating a cyberattack after a threat actor claimed to have stolen a large volume of customer data, according to The Record. The company confirmed that it detected unauthorised access to parts of its network and quickly activated its incident response procedures, including shutting down the intrusion and engaging external cybersecurity experts. ADT stated that the compromised information was limited and mainly involved customer and prospective customer contact details, stressing that no payment data or security systems were affected. However, the attacker alleges a much larger data theft and is attempting to extort the company with threats of a public leak. Law enforcement has been notified and affected individuals are being informed. The incident highlights the ongoing risk faced by high‑profile consumer service providers and reflects a broader trend in which attackers use data extortion, rather than system disruption alone, to pressure organisations.
→ Read more on therecord.media
Fast16: Researchers Uncover a Pre‑Stuxnet Cyber Sabotage Tool from 2005
Section titled “Fast16: Researchers Uncover a Pre‑Stuxnet Cyber Sabotage Tool from 2005”#CyberSecurity #CyberWarfare #Fast16 #Stuxnet #MalwareResearch #APT #CyberSabotage #ICSecurity #ThreatIntelligence #InfoSec
Security researchers have uncovered fast16, a previously unknown malware framework that predates the Stuxnet worm by several years, reshaping the early history of cyber warfare. According to The Hacker News, the Lua‑based malware dates back to 2005 and was designed to subtly sabotage high‑precision engineering and calculation software rather than directly destroying systems. Discovered by SentinelOne analysts, fast16 embedded a Lua virtual machine inside Windows malware – a first at the time – and included a kernel driver capable of intercepting and altering executable code as it was loaded. Instead of loud disruption, the design focused on introducing inaccurate calculations across targeted environments, potentially causing long‑term industrial or scientific damage. The discovery suggests that sophisticated, state‑level cyber sabotage techniques were developed years earlier than previously believed, indicating a longer and more deliberate evolution of offensive cyber capabilities that later culminated in Stuxnet.
→ Read more on thehackernews.com
Rituals Reveals Data Breach Affecting Millions of Loyalty Programme Members
Section titled “Rituals Reveals Data Breach Affecting Millions of Loyalty Programme Members”#CyberSecurity #DataBreach #Rituals #CustomerData #Privacy #LoyaltyPrograms #CyberCrime #PhishingRisk #DataProtection #InfoSec
Dutch cosmetics retailer Rituals has disclosed a data breach affecting its “My Rituals” loyalty programme, exposing personal information of an undisclosed number of members, according to Security Affairs. The company confirmed that attackers gained unauthorised access earlier in April and downloaded customer data before the activity was detected and contained. The compromised information may include names, home and email addresses, phone numbers, dates of birth and gender, but Rituals stressed that no passwords or payment details were accessed. Authorities have been notified and a forensic investigation is underway to determine how the breach occurred. Impacted customers are being informed directly and advised to remain alert for phishing attempts. While no extortion group has publicly claimed responsibility and no leaked data has been observed so far, the incident highlights the growing risk to customer databases and loyalty programmes, which remain attractive targets for cybercriminals seeking valuable personal data for fraud and social engineering.
→ Read more on securityaffairs.com
AI‑Driven Phishing Reclaims Top Spot as Hackers’ Preferred Entry Point
Section titled “AI‑Driven Phishing Reclaims Top Spot as Hackers’ Preferred Entry Point”#CyberSecurity #Phishing #ArtificialIntelligence #InitialAccess #Cisco #ThreatIntelligence #CyberCrime #EmailSecurity #MFA #InfoSec
Phishing has once again become the most common initial access method used by cybercriminals, with attackers increasingly leveraging AI tools to boost the speed and effectiveness of their campaigns, according to a new report from Cisco Talos cited by Cybersecurity Dive. In the first quarter of 2026, phishing overtook other intrusion techniques after nearly a year, while ransomware‑related early‑stage activity accounted for a smaller share of incidents than in 2025. Researchers documented the first confirmed use of a specific AI platform, Softr, to build convincing Microsoft Outlook Web Access phishing pages without writing any code. These tools allow attackers to automate credential harvesting and rapidly scale operations, lowering the barrier to entry for less skilled actors. Government and healthcare organisations were the most targeted sectors, with misconfigured or missing multi‑factor authentication remaining the most common weakness enabling successful intrusions.
→ Read more on cybersecuritydive.com
ShinyHunters Claims Massive Carnival Data Breach as Millions of Emails Surface
Section titled “ShinyHunters Claims Massive Carnival Data Breach as Millions of Emails Surface”#CyberSecurity #SupplyChainAttack #GlassWorm #npm #GitHub #VSCode #Malware #DevSecOps #OpenSource #InfoSec
Security researchers have uncovered GlassWorm, a highly sophisticated software supply‑chain attack that compromises multiple developer ecosystems at once. According to Security‑Insider, attackers infiltrated at least 151 GitHub repositories and distributed malicious code through npm packages, the VS Code Marketplace and Open VSX in a coordinated campaign. The malware hides payloads using invisible Unicode characters, allowing infected code to appear empty during reviews while executing malicious logic at runtime. Once inside a development environment, GlassWorm can steal credentials, propagate itself using compromised developer accounts and silently spread further through trusted CI/CD pipelines. Analysts warn that this technique represents a new level of stealth and automation in supply‑chain compromise, building on earlier attacks but dramatically expanding scale and reach. The incident demonstrates how attackers increasingly target developer trust relationships and tooling, turning routine updates into an effective infection vector with global impact on the software ecosystem.
→ Read more on theregister.com
GlassWorm Supply‑Chain Attack Exposes a New Era of Stealth Malware in Developer Ecosystems
Section titled “GlassWorm Supply‑Chain Attack Exposes a New Era of Stealth Malware in Developer Ecosystems”#CyberSecurity #SupplyChainAttack #GlassWorm #OpenSource #npm #GitHub #VSCode #Malware #DevSecOps #InfoSec
A sophisticated GlassWorm supply‑chain attack is threatening the global software ecosystem by abusing trusted developer platforms, according to Security‑Insider. Within a single week, attackers compromised 151 GitHub repositories and distributed malicious code simultaneously via npm packages, the VS Code Marketplace, and Open VSX. What makes GlassWorm particularly dangerous is its use of invisible Unicode characters, allowing attackers to hide fully functional malware payloads in code that appears empty during reviews. The malicious logic only reveals itself at runtime, bypassing both manual inspection and many automated security tools. Researchers warn that the campaign represents a paradigm shift in supply‑chain attacks, as GlassWorm exploits developer identities and CI/CD trust relationships to self‑propagate across ecosystems. The findings highlight how routine updates and popular extensions can become infection vectors, putting thousands of developers – and their downstream users – at risk.
→ Read more on security-insider.de
Pre‑Stuxnet Malware Discovery Suggests Earlier Cyber Sabotage of Iran’s Nuclear Programme
Section titled “Pre‑Stuxnet Malware Discovery Suggests Earlier Cyber Sabotage of Iran’s Nuclear Programme”#CyberSecurity #CyberWarfare #PreStuxnet #Fast16 #IranNuclearProgram #CyberSabotage #NationStateThreats #MalwareResearch #ThreatIntelligence #InfoSec
Researchers have uncovered compelling evidence of a previously unknown cyber sabotage tool that may have targeted Iran’s nuclear programme years before Stuxnet, challenging long‑held assumptions about the origins of cyber warfare. According to Cybernews, the malware framework, dubbed fast16, dates back to 2005 and was likely designed to covertly disrupt scientific and engineering calculations rather than directly damage physical infrastructure. Analysts from SentinelLabs believe fast16 manipulated high‑precision simulation software, subtly altering results to undermine research, design and decision‑making processes without obvious signs of compromise. This approach could have caused costly errors and degraded systems over time, making detection extremely difficult. Technical analysis revealed encrypted Lua code and a kernel driver linked to fast16, with references appearing in later intelligence leaks, suggesting nation‑state involvement. The discovery pushes the timeline of sophisticated cyber sabotage earlier than thought and highlights the long evolution of covert, state‑level cyber operations.
→ Read more on cybernews.com
German Court Rules Bank Customers Not Reckless in Sophisticated Phishing Scam
Section titled “German Court Rules Bank Customers Not Reckless in Sophisticated Phishing Scam”#CyberSecurity #Phishing #SocialEngineering #OnlineBanking #ConsumerProtection #FraudPrevention #CyberCrime #ITLaw #DigitalSecurity#InfoSec
A landmark ruling by the Higher Regional Court (OLG) of Koblenz has strengthened consumer protection in cases of highly convincing banking phishing attacks, reports heise online. The court decided that even when customers click on links or enter transaction codes during a professionally executed scam, this does not automatically amount to gross negligence. In the case, criminals used call‑ID spoofing to impersonate a real bank number and posed as technical support staff, persuading a customer to switch authentication methods. Although significant sums were transferred abroad, the court ruled that the customer could not reasonably have detected the fraud, particularly given the attackers’ technical sophistication and prior knowledge of personal details. An independent IT expert confirmed that the bank’s technical assumptions were flawed. The judgment obliges the bank to reimburse the losses and sets an important precedent, recognising that modern social‑engineering attacks can deceive even cautious users.
→ Read more on heise.de
Industrial Cyber Attacks Surge Worldwide as Critical Infrastructure Faces Growing Risk
Section titled “Industrial Cyber Attacks Surge Worldwide as Critical Infrastructure Faces Growing Risk”#CyberSecurity #IndustrialControlSystems #CriticalInfrastructure #OTSecurity #Modbus #CyberAttacks #InfrastructureProtection #ThreatLandscape #CyberRisk #InfoSec
Cyber attacks on industrial control systems are escalating globally, placing critical infrastructure at increasing risk, according to an analysis published by it‑daily.net. Security researchers from Cato Networks identified a coordinated wave of attacks targeting industrial controllers across 70 countries, with more than 14,000 affected IP addresses observed in just three months. A key weakness lies in the widely used Modbus protocol, which was designed decades ago without built‑in security features such as authentication or encryption. When exposed to the internet, Modbus‑enabled systems can be remotely accessed and manipulated by attackers with minimal effort. Researchers demonstrated how such vulnerabilities could allow remote control of critical assets, including dams and industrial facilities, leading to potentially severe real‑world consequences. The findings underscore the urgent need for better segmentation, monitoring and protection of OT and ICS environments, as increasingly professional attackers continue to exploit legacy technologies.
→ Read more on it-daily.net
Cybercrime Escalates in 2026 as Ransomware, Fraud and Nation‑State Threats Converge
Section titled “Cybercrime Escalates in 2026 as Ransomware, Fraud and Nation‑State Threats Converge”#CyberCrime #CyberSecurity #Ransomware #DataBreaches #FinancialCrime #NationStateThreats #ThreatIntelligence #LawEnforcement #DigitalRisk #InfoSec
The Cybercrime section of SecurityWeek highlights a rapidly evolving threat landscape in 2026, marked by the growing professionalisation and diversification of cybercriminal activity. Recent reporting shows ransomware gangs expanding their operations, individuals being prosecuted for supporting organised cybercrime, and nation‑state-linked actors engaging in financially motivated attacks. High‑profile cases include large‑scale credential theft, cryptocurrency heists, DDoS attacks against social platforms and insiders assisting ransomware groups. Law enforcement actions against hackers and facilitators underline increased international cooperation, yet the steady flow of incidents demonstrates how resilient and adaptive cybercrime ecosystems have become. Attacks now combine technical sophistication, social engineering and financial crime, blurring the line between traditional cybercrime and geopolitical operations. The coverage underscores the need for stronger security controls, improved threat intelligence sharing and continued focus on disrupting both attackers and their support networks.
→ Read more on securityweek.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.