Number of victims invigilated using Pegasus spyware by country, published last week. It only includes data on the exploited vulnerability in WhatsApp, not all Pegasus victims in general. Entire document:
https://storage.courtlistener.com/recap/gov.uscourts.cand.350613/gov.uscourts.cand.350613.679.6.pdf
#Hertz says customers' personal data and driver's licenses stolen in data #breach | TechCrunch
Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver’s licenses.
The rental company, which also owns the #Dollar and #Thrifty brands, said in notices on its website that the breach relates to a #cyberattack on one of its vendors between October 2024 and December 2024.
#privacy #security
China Sort of Admits to Being Behind Volt Typhoon
The Wall Street Journal has the story:
... https://www.schneier.com/blog/archives/2025/04/china-sort-of-admits-to-being-behind-volt-typhoon.html
The number of reported attacks from Oracle's 151.106.160.0/19 (AS31898) has been steadily increasing since the beginning of April. Probably nothing to do with the leak that didn't happen 
Fourlis Group, a company operating IKEA stores in several European countries, said the hacker attack cost it tens of millions of dollars.
#IKEA #cybersecurity #cyberattack #ransomware #hack https://cybernews.com/security/black-friday-ikea-ransomware-attack-costs-millions/?utm_source=twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet&source=twitter&medium=social&campaign=cybernews&content=tweet
German authorities suspect that russian state-backed #hackers were behind a recent #cyberattack on a prominent Berlin-based research institute focused on Eastern Europe, the second such incident involving the organization in recent months.
https://therecord.media/germany-links-cyberattack-russian-hackers
Attackers claim they have their hands on a whopping 70 million lines of GrubHub's data, including millions of hashed passwords, phone numbers, and email addresses.
#cybersecurity #cyberattack #dataprivacy #datasecurity #GrubHub
Latest issue of my curated #cybersecurity and #infosec list of resources for week #13/2025 is out!
It includes the following and much more:
➝ DNA of 15 Million People for Sale in #23andMe Bankruptcy,
➝ #Trump administration accidentally texted a journalist its war plans,
➝ Critical Ingress #NGINX controller vulnerability allows RCE without authentication,
➝ #Cyberattack hits Ukraine's state railway,
➝ Troy Hunt's Mailchimp account was successfully phished,
➝ #OpenAI Offering $100K Bounties for Critical #Vulnerabilities,
➝ #Meta AI is now available in #WhatsApp for users in 41 European countries... and cannot be turned off
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end 
https://infosec-mashup.santolaria.net/p/infosec-mashup-13-2025
The cybercriminals from Hunters International published the stolen documents (208,508) from Megacentro.
In the files, personal data such as RUT (Chilean ID numbers), first names, last names, phone numbers, and addresses of employees can be observed.
https://www.security-chu.com/2025/03/cibercriminales-Hunters-exponen--documentos-MegaCentro.html
If you are an employee or customer of Megacentro, your personal data might be circulating on the dark web.
We recommend reviewing your accounts, updating your passwords immediately, and staying alert for any phone scam attempts.
#Cyberattack takes down Ukrainian state railway’s online services
The audacity of the RansomHub cybercriminal group:
"Our team attempted to contact Solventa S.A. de C.V. management regarding data protection for approximately a month.
The company ignored our messages and the information we provided over the phone.
Today we are making 141 GB of data leaks from Solventa S.A. de C.V. available for free."
https://www.security-chu.com/2025/03/RansomHub-ElSalvador-Solventa-centroamerica-atacada.html
liberated #Nadiya in #Luhansk oblast
Fire at 
#oil depot in #Krasnodar Krai continues for 5th day
In #Belgorod region, took control of #Demidovka, and destroyed 4 helicopters and a bridge in #Nadezhevka
Large fire in #Simferopol Airport, in occupied #Crimea
Fire at #Sudzha gas metering station continues in #Kursk
lost another 1,280 soldiers
railways system failure after a large-scale #cyberattack
#X hit with 3 outages in one day after hacking group Dark Storm Team claims responsibility for a #DDoS attack. Elon Musk suggests it could be a coordinated effort by a large group or even a nation. #X #Cyberattack #DarkStormTeam
https://www.timesnownews.com/world/who-are-the-dark-storm-team-hacking-group-claims-responsibility-for-cyberattackonx-article-118855760
What Really Happened With the DDoS Attacks That Took Down X
—@WIRED
「 Kevin Beaumont and other analysts see evidence that some X origin servers, which respond to web requests, weren't properly secured behind the company's Cloudflare DDoS protection and were publicly visible. As a result, attackers could target them directly. X has since secured the servers 」
"Nym today launched NymVPN, a groundbreaking decentralized Virtual Private Network (dVPN) that protects users from government and corporate surveillance, including AI-driven tracking. NymVPN is built on the world’s first Noise Generating Mixnet (NGM), which is designed to protect metadata and patterns of communication, circumvent censorship, guard against cyberattacks, and fill security gaps in crypto transactions and VPN technology."
"Chelsea Manning, privacy advocate and security advisor at Nym, said: “Even in democratic nations, people are faced with unrestricted data collection, hyper-narrow algorithmic feeds and normalized censorship tactics. NymVPN takes an infrastructure-based privacy approach to try to combat this increasingly uncertain and splintered internet.”
Oooooh, this is a good one! Check out #cyberattack news from Romania, Philippines, and the Dominican Republic. 
DATE: March 13, 2025 at 04:59PM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
#Radiology Clinic, #Hospital Among Latest #Rural #Cyberattack Victims https://t.co/cJOC3GIF0B
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Oh really it was Ukraine that took down X on March 10? Not so fast.
Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. https://www.wired.com/story/x-ddos-attack-march-2025/ #X #Musk #DDoS #cyberattack #cybersecurity #security #Ukraine #BotNet #Internet
Safepay has been very active in Latin America.
https://www.security-chu.com/2025/03/Safepay-activo-latinoamerica-ransomware.html
Among the files exposed by these cybercriminals:
Funeral Home cali.losolivos.co Among this multitude of files, we found one from customer service. An unsatisfied customer with the service expresses their dissatisfaction with the funeral home through an email sent on February 16, 2022. #databreach #PII
Medical Center JockeySalud.com.pe In the samples exposed by these cybercriminals, there are image files of endoscopy reports of their patients. #databreach #PHI #Safepay
️
