Here’s a must-read post, especially if you read and repeated claims that DragonForce, Qilin, and LockBit have formed some kind of cartel. Marco A. De Felice writes on SuspectFile: In the recently published “Threat Spotlight: Ransomware and Cyber Extortion in Q3 2025” by ReliaQuest, one particular section drew significant attention: the claim of an alleged “alliance” between three ransomware...

Source

Greg Otto reports: F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what it’s calling a “highly sophisticated” cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of...

Source

In a special edition of “No need to hack when it’s leaking,” DataBreaches reports on a software vendor that, despite multiple attempts by multiple parties, continues to expose confidential and sealed court records.  Overview As a matter of policy, DataBreaches does not publish unredacted stolen or leaked data if it would expose personally identifiable or...

Source

Harvey Cashore, Eva Uguen-Csenge,  and Mark Kelley report: Kelowna nurse Ashley Stone sits down at her kitchen table, opens a bulky blue folder containing a paper trail of 10 years of multiple frauds committed in her name by imposters and gets right to the point. “It’s just been a nightmare.” She says she’s had to...

Source

As predicted a few days ago, BreachForums was seized. The splash page is now up. It does not have any cute avatars with characters in handcuffs and no text about all the entities that cooperated. It simply says, “This Domain Has Been Seized,” and shows four shields: Department of Justice, FBI, BL2C, and JUNALCO. The latter...

Source

Waqas reports: In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for...

Source

Heads up to entities doing business in California: your breach notification obligations are changing.  Joseph Lazzarotti of JacksonLewis explains: Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney General when personal information of California residents has been...

Source

Veronica P. Adams and Andrea DeField of Hunton Andrews Kurth write: Last month, Ace American Insurance Company filed a subrogation action against its insured’s cybersecurity and technology vendors, alleging missteps by the technology companies. See Ace American Insurance Company v. Congruity 360, Trustwave Holdings, Case No. 2:25-cv-15657 (D.N.J. Sep. 15, 2025). Ace seeks to recover the $500,000...

Source

I am guessing that the breachforums[.]hn leak site for ScatteredLAPSUS$Hunters is in the process of being seized. A whois lookup now shows that the name servers have been changed to hans.ns.cloudflare.com and surina.ns.cloudflare.com, which I am guessing are government accounts. The onion site appears intact. This post will be updated as the situation evolves.

Source

In July, DataBreaches reported that Qantas had obtained a preliminary injunction prohibiting the publication of any customer data stolen from it in a cyberattack by “persons unknown.”  Those defendants were served with the injunction via email and online means. Although Qantas did not reveal who signed the ransom note, ShinyHunters and Scattered Spider didn’t hesitate...

Source

Christopher Brown reports: Flagstar Bank NA agreed to pay $31.5 million to settle allegations it failed to protect the personal information of nearly 2.2 million people in data breaches linked to Accellion Inc.’s file-transfer software. Class members would be eligible for up to $25,000 in documented monetary losses, three years of credit monitoring services, and...

Source

Lawrence Abrams reports: Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on...

Source

Joe Tidy reports: Hackers who attempted to extort a nursery chain by posting stolen images and data about children on the darknet have removed the posts and claim to have deleted the information. The criminals began posting profiles of the children to their website last Thursday, adding another 10 children days later and vowing to continue until Kido Schools...

Source

This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices. CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA). The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated...

Source

Mikael Thalen reports: An app for anonymously reporting individuals accused of speaking ill against conservative activist Charlie Kirk leaked personal data about its users. The app, known as “Cancel the Hate,” was taken offline on Thursday amid an investigation into the data leak by Straight Arrow News. Launched in the wake of Kirk’s assassination on Sept. 10,...

Source

Sabine Siebold, Christoph Steitz and Muvija M report: A cyberattack on a provider of check-in and boarding systems has disrupted operations at several major European airports including London’s Heathrow, the continent’s busiest, causing flight delays and cancellations on Saturday. Collins Aerospace, which provides systems for several airlines at airports globally, is experiencing a technical issue...

Source

Corey Levitan reports: A teenage boy suspected of involvement in the 2023 cyberattacks that disrupted the two largest Las Vegas casino companies has surrendered to authorities, according to the Las Vegas Metropolitan Police Department (LVMPD). The suspect, whose name has not been released due to his status as a minor, is currently being held at...

Source

Lawrence Abrams reports: The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. For the past year, the threat actors have been targeting Salesforce customers in data theft attacks using social engineering and malicious OAuth applications to breach Salesforce instances and download data. The stolen data...

Source

Conor Brian Fitzpatrick, aka “Pompompurin” was re-sentenced today in federal court in Virginia. The government had sought a prison sentence of at least 188 months for the former owner of the original BreachForums, while the defense sought probation with weekend jail time for a year. Judge Leonie Brinkema, who had previously sentenced Fitzpatrick to time...

Source

Paul Kunert reports: Beijing will soon expect Chinese network operators to ‘fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet. From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of rules that tighten...

Source