Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
The attack left 148 TfL systems inoperable and forced all 27,000 of the transport authority’s employees into an office to get their passwords reset in person. Both the NCA and the CPS put TfL’s losses and recovery
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the explanation.
Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research. Here’s the mess.
Legacy Systems, Real-World Impacts: The Reality of OT Security
Legacy systems, safety concerns, and critical infrastructure risks make OT vulnerability disclosure one of cybersecurity’s most challenging balancing acts.
The post Legacy Systems, Real-World Impacts: The Reality of OT Security appeared first on SecurityWeek.
AI Agents Broke the Security Playbook. Here’s What Replaces It.
23andMe to pay $18 million in new genetics data breach settlement
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never
Two Scattered Spider Hackers Sentenced to Jail in UK
Thalha Jubair and Owen Flowers were prosecuted over a 2024 cyberattack targeting Transport for London (TfL).
The post Two Scattered Spider Hackers Sentenced to Jail in UK appeared first on SecurityWeek.
AI Data Centers Are Being Built Faster Than They Can Be Secured
AI infrastructure introduces new security risks that traditional data center designs were never built to handle.
The post AI Data Centers Are Being Built Faster Than They Can Be Secured appeared first on SecurityWeek.
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
“The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the daily
