Qilin ransomware claims it stole internal data from the Church of Scientology, sharing 22 screenshots as proof. The breach remains unconfirmed by the organization.

LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures.

Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover.

Everest ransomware group claims it breached ASUS, stealing over 1TB of data including camera source code. ASUS has been given 21 hours to respond via Qtox.

Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns.

More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey.

Learn to elevate your cloud security strategy & overcome complexity with Vision One™.

Swiss and German police shut down Cryptomixer, seizing servers, domains and 28M dollars in Bitcoin during an Europol backed action targeting crypto laundering.

An Australian man who used fake “evil‑twin” Wi‑Fi networks at airports and on flights to steal travellers’ data has been jailed for 7 years and 4 months.

Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.

Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents from accessing frontline services and raising fears of data exposure, according to reports.

While details remain limited, the incident is already prompting renewed warnings from cybersecurity experts about structural weaknesses across the UK public sector, particularly where councils rely on shared platforms, legacy systems, and under-resourced IT teams.

Simon Pamplin, CTO at Certes Networks, said the attacks underscore how deeply such incidents can affect everyday life.  “These suspected cyberattacks on several of London’s borough councils really drive home the point that when systems holding sensitive information are hit, it’s not just the council that suffers. It spills out into the lives of residents and the whole network of services they depend on,” he explained.

Pamplin stressed that cyber resilience can no longer be treated as optional for organisations serving the public.

“When it comes to something as critical as local government, having rock-solid cyber resilience and data security isn’t a nice-to-have, it’s absolutely essential. It’s a bit like heading off on holiday, you wouldn’t dream of leaving the front door unlocked. In the same way, businesses and local authorities need to make sure every last digital door is properly secured, no exceptions, especially when the public is the one at risk.”

Darren Guccione, CEO and co-founder of Keeper Security, echoed those concerns, calling the incident a “serious wake-up call” for public-sector bodies still depending on outdated or interconnected infrastructure.

“Local councils are not only service providers, they’re custodians of highly sensitive personal data,” Guccione said. “When public services rely on shared or under-protected IT infrastructure, disruption is immediate and the consequences are far-reaching.”

He warned that structural vulnerabilities, legacy systems, limited budgets, and reactive security practices create conditions where a single breach can cascade across multiple essential services.

“Once an attacker gains access, the impact can spread rapidly across systems used for social care, housing, payments and citizen communications,” he noted.

Guccione urged councils to prioritise network segmentation, strict identity and access controls, and secure credential management, alongside continuous monitoring across both modern and legacy systems. He added that well-practiced incident response and business continuity plans are just as critical: “If cybersecurity is not embedded into core governance today, councils will continue defending ageing systems against rapidly evolving threats. That is not a sustainable position, and the stakes for citizens are simply too high.”

Other experts agree that the attack bears many hallmarks of a sophisticated ransomware operation. Rebecca Moody, Head of Data Research at Comparitech, said the combination of operational disruption and potential data theft fits the common playbook of modern ransomware groups seeking dual ransoms for decryption and data deletion.

“Governments are a key target… hackers can cause widespread disruption and access highly sensitive data,” she said, noting that Comparitech has tracked 174 confirmed attacks against government bodies worldwide so far this year, with average ransom demands approaching $2.5 million.

With investigations still underway, Moody urged residents and council employees to remain vigilant for phishing attempts or unusual account activity: “If this is a ransomware attack and ransom negotiations fail, it’s likely we’ll see a group coming forward to claim the attack and data theft in the coming days or weeks.”

Rik Ferguson, VP of Security Intelligence at Forescout, highlighted the shared-risk nature of modern IT ecosystems, noting that attackers increasingly exploit the interconnectedness between organisations.

“Attackers are learning that the fastest way to profit isn’t always by encrypting or publicly leaking data, it’s by holding entire enterprise ecosystems hostage,” he said. “Supply-chain and shared-services models create single points of failure.”

Ian Nicholson, Head of Incident Response at Pentest People, warned that the situation illustrates how quickly compromises can propagate across tightly connected public-sector systems.

“Again and again we see attackers exploiting legacy systems, slow patching, and under-funded, under-staffed IT teams,” he said. “Local authorities sit on highly sensitive information, and incidents like this really do impact those much-needed frontline services.”

Dray Agha, senior manager of security operations at Huntress, warned the incident exposes the fragility of shared public-sector infrastructure.

“This coordinated incident highlights a critical vulnerability in modern public services: the double-edged sword of shared IT infrastructure. While such systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents. It underscores an urgent need to move beyond simple cost-saving IT models and invest in resilient, segmented networks that can contain such threats and protect vital public services.”

As London councils work to restore systems, the attack marks yet another reminder that cybersecurity weaknesses in shared public infrastructure can carry real-world consequences, disrupting essential services and potentially exposing citizens’ most sensitive data.

The post Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems appeared first on IT Security Guru.

Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer.

Everest claims large breaches at Iberia and Air Miles España with major data taken from both travel platforms placing millions of users at risk.

Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files.

CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers.

In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control.

The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.

Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files.

A massive data leak reportedly at Chinese firm Knownsec (Chuangyu) exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data.

Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet.

💾