Author: Staff Writer

Quick Takeaways Discovery of ShadowLeak: Radware uncovered a zero-click vulnerability in ChatGPT’s Deep Research agent, allowing attackers to steal sensitive data without user interaction or any visible signs. Unprecedented Attack Method: The exploit is triggered remotely via email, extracting confidential data without the recipient needing to open the message, marking it as the first server-side zero-click attack of this nature. Challenges in Detection: ShadowLeak leaves no trace at the network layer, making it nearly impossible for enterprises to detect, highlighting the limitations of traditional security tools in the face of advanced AI-driven threats. Broader Implications for AI Security: Increased AI…

Fast Facts GOLD SALEM, also known as Warlock Group, has targeted 60 organizations globally since March 2025, deploying sophisticated custom ransomware and employing advanced evasion and security bypass techniques. The group operates through a double-extortion model, using Tor-based leak sites to publish stolen data if ransom demands are unmet, and claims to have sold data from nearly half of its victims. They utilize complex exploit chains, including vulnerable SharePoint servers (CVE-2025-49704, CVE-2025-53770), web shells, and Bring Your Own Vulnerable Driver (BYOVD) techniques for persistent access and evasion. GOLD SALEM’s operational sophistication includes targeted victim selection, professional presentation of leaked data,…

Essential Insights New Ownership Structure: A consortium of US companies, including Oracle and venture capital firms, aims to gain 80% control of TikTok’s US operations, addressing cybersecurity concerns over data privacy and management. Majority US-Based Entity: The deal proposes a new US entity with a predominantly US board, including a government-designated member, to enhance oversight and reduce foreign access to user data. Ongoing Risks: Despite the proposed changes, TikTok remains a high-risk platform for organizations due to its data-intensive nature, requiring continued vigilance against potential data leaks and social engineering risks. Algorithm Transparency Needed: Concerns over TikTok’s recommendation algorithms persist,…

Summary Points The number of healthcare organizations losing over $200,000 to cyberattacks has quadrupled in 2025 compared to 2024, with nearly half experiencing at least one intrusion within a year. 12% of healthcare organizations faced cyberattack-related losses exceeding $500,000, up from just 2% in 2024, highlighting a significant increase in high-value breaches. Healthcare remains a prime target for hackers due to the high value of patient records, with threats including AI-powered attacks and account compromise being major concerns. To combat these threats, experts emphasize the importance of implementing zero-trust security models focused on protecting identities and critical data. Key Challenge…

Fast Facts OT systems are increasingly targeted by cyber threats, with 73% of incidents in 2024 impacting operational technology, emphasizing the need for cybersecurity embedded in system design rather than added afterward. Critical infrastructure like hospitals, power grids, and water facilities face daily vulnerabilities and ransomware risks, with consequences ranging from delayed care to widespread operational disruptions. Addressing OT security requires comprehensive visibility, segmentation, tailored detection, and resilient response strategies, supported by strong governance, standards, and industry collaboration. The industry faces a talent and service gap, with limited expertise in OT cybersecurity, and an urgent need for investment in secure…

Summary Points Two UK teenagers, Thalha Jubair and Owen Flowers, were arrested for their involvement in major cyberattacks linked to the criminal group The Com and its offshoot, Scattered Spider, which targets critical infrastructure and extorts victims globally. Jubair is accused of participating in over 120 cyberattacks from May 2022 to September 2025, including attacks on U.S. organizations, with ransom payments totaling at least $115 million. Authorities seized cryptocurrency wallets connected to Jubair, valued at around $36 million, with about $8.4 million transferred from victims’ funds. He faces up to 95 years in prison in the U.S. on multiple charges.…

Quick Takeaways Phishing is the most common entry point for ransomware in K-12 schools, with 82% experiencing cybersecurity incidents and an average recovery cost just under $1 million globally. Increased school connectivity, reliance on third-party vendors, BYOD policies, and digital administrative systems heighten vulnerabilities and attack surfaces. Young students are particularly at risk of falling victim to phishing, with their email accounts and social media use expanding the threat beyond email-based scams. To mitigate risks, schools should adopt layered security measures, implement strong user authentication, unify cybersecurity strategies, partner for incident response, and develop proactive incident response plans. Problem Explained…

Top Highlights Arrests Made: British authorities arrested two young men, Thalha Jubair (19) and Owen Flowers (18), for allegedly hacking Transport for London, marking a significant move against the cybercrime gang Scattered Spider. Extensive Cybercrime: Flowers, previously arrested for the TfL hack, faces additional charges for participating in cyberattacks against U.S. healthcare companies, including SSM Health and Sutter Health. Massive Ransom Payments: Jubair is charged with a hacking spree that impacted at least 47 U.S. victims, including critical infrastructure, resulting in over $115 million in ransom payments. Global Crackdown: The arrests reflect a broader international effort to combat Scattered Spider’s…

Essential Insights Two UK teenagers linked to the August 2024 cyberattack on Transport for London, believed to be part of the Scattered Spider hacking group, have been arrested, with one previously questioned by authorities. Owen Flowers faces charges for the TfL breach and further links to cyberattacks on US healthcare companies, amidst evidence of impactful damages to critical infrastructure. Thalha Jubair, also charged, is accused of conspiracy, money laundering, and extortion, having allegedly received over $115 million from victims in global cybercrimes. The TfL attack caused system disruptions and data compromise affecting over 8.4 million Londoners, with prior breaches involving…

Summary Points SonicWall experienced a security breach where threat actors accessed cloud backup files containing encrypted credentials and firewall preferences, impacting less than 5% of customers. The breach involved brute-force attacks targeting cloud backups, not a ransomware event, with no evidence of files being leaked online. Customers are advised to verify backups, limit WAN access, reset passwords and TOTP, and import new randomized preference files provided by SonicWall to mitigate risks. Ongoing attacks exploit a known flaw (CVE-2024-40766) and compromised recovery codes, emphasizing the importance of updating security measures and safeguarding recovery codes like privileged passwords. What’s the Problem? Recently,…