"Glazed and confused:  Hole lotta highly sensitive data nicked from Krispy Kreme."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 21 June 2025, 1709 UTC.

Content and Source provided by email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

97K followers31 articles per week

#security#tech

44

Most popular

Glazed and confused: Hole lotta highly sensitive data nicked from Krispy Kreme

4 TTPs

•

100+by Connor Jones / 2d

•

Krispy Kreme data breach affects 160K

Experts note 'major red flags' in donut giant's security as 161,676 staff and families informed of attack details Krispy Kreme finally revealed the number of people affected by its November cyberattack, and it's easy to see why analyzing the incident took the well-resourced company several months.…

Salesforce study finds LLM agents flunk CRM and confidentiality tests

Salesforce benchmark reveals AI limitations

•

23by Lindsay Clark / 5d

6-in-10 success rate for single-step tasks A new benchmark developed by academics shows that LLM-based AI agents perform below par on standard CRM tests and fail to understand the need for customer confidentiality.…

Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack

20by Jessica Lyons / 3d

Meanwhile, next-gen script kiddies are levelling up faster thanks to agentic AI Interview Iran's state-sponsored cyber operatives and hacktivists have all increased their activities since the military conflict with Israel erupted last week – but not necessarily in the way that Amazon chief information security officer CJ Moses expected.…

Yesterday

Netflix, Apple, BofA websites hijacked with fake help-desk numbers

Scammers exploit brand trust online

•

by Jessica Lyons / 19h

Don’t trust mystery digits popping up in your search bar Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.…

Looks like Aflac is the latest insurance giant snagged in Scattered Spider’s web

Aflac reports customer data breach

•

by Jessica Lyons / 23h

If it looks like a duck and walks like a duck... Aflac is the latest insurance company to disclose a security breach following a string of others earlier this week, all of which appear to be part of Scattered Spider's most recent data theft campaign.…

Qilin ransomware top dogs treat their minions to on-call lawyers for fierier negotiations

4 TTPs

•

by Connor Jones / 23h

•

Qilin ransomware rises amid chaos

It's a marketing move to lure more affiliates, says infosec veteran The latest marketing ploy from the ransomware crooks behind the Qilin operation involves offering affiliates access to a crack team of lawyers to ramp up pressure in ransom negotiations.…

Attack on Oxford City Council exposes 21 years of election worker data

2 TTPs

•

by Connor Jones / 1d

•

UK council cyber breaches surge

Services coming back online after legacy systems compromised Oxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised.…

Jun 19, 2025

Boffins devise voice-altering tech to jam 'vishing' schemes

by Thomas Claburn / 1d

To stop AI scam callers, break automatic speech recognition systems Researchers based in Israel and India have developed a defense against automated call scams.…

Uncle Sam seeks time in tower dump data grab case after judge calls it 'unconstitutional'

by Connor Jones / 2d

Feds told they can't demand a haystack to find a needle The United States is requesting [PDF] a month-long extension to the deadline for its final decision regarding an appeal against a judge's ruling that obtaining tower dumps is unconstitutional.…

UK gov asks university boffins to pinpoint cyber growth areas where it should splash cash

UK launches Cyber Growth Action Plan

•

by Connor Jones / 2d

Good to see government that values its academics (cough cough). Plus: New board criticized for lacking 'ops' people Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government's request, to identify future growth opportunities as it looks to grow the industry that's core to the country's Industrial Strategy.…

Jun 18, 2025

Sneaky Serpentine#Cloud slithers through Cloudflare tunnels to inject orgs with Python-based malware

25 TTPs

•

by Jessica Lyons / 2d

•

SerpentineCloud malware uses Cloudflare tunnels

Phishing, Python and RATs, oh my A sneaky malware campaign slithers through Cloudflare tunnel subdomains to execute in-memory malicious code and give unknown attackers long-term access to pwned machines.…

Iran’s internet goes offline for hours amid claims of ‘enemy abuse’

Iran experiences widespread internet shutdown

•

by Simon Sharwood / 2d

Bank and crypto outfits hit after Israeli commander mentioned attacks expanding to ‘other areas’ The government of Iran appears to have shut down the internet within its borders, perhaps in response to Israel-linked cyberattacks.…

Minecraft cheaters never win ... but they may get malware

13 TTPs

•

by Jessica Lyons / 2d

•

Stargazers network targets Minecraft players

Infostealers posing as popular cheat tools are cropping up on GitHub Trojanized Minecraft cheat tools hosted on GitHub have secretly installed stealers that siphon credentials, crypto wallets, and other sensitive data when executed by players.…

Asana's cutting-edge AI feature ran into a little data leakage problem

Asana MCP bug exposed user data

•

by Jessica Lyons / 2d

New MCP server was shut down for nearly two weeks Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations' data, and the experimental feature is back up and running after nearly two weeks of downtime to fix the issue.…

Veeam patches third critical RCE bug in Backup & Replication in space of a year

2 TTPs

•

by Connor Jones / 3d

Version 13 can’t come soon enough Veeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.…

Jun 17, 2025

How to bridge the MFA gap

by Robin Birtstone / 3d

If a credential is worth protecting, it's worth protecting well. Sponsored feature What do flossing and multi-factor authentication (MFA) have in common? Each is highly beneficial, yet far too few people do them consistently. MFA helps protect organizations from credential-based attacks, but according to the Cyber Readiness Institute , only 35% of businesses globally bother with it.…

Trump administration set to waive TikTok sell-or-die deadline for a third time

US TikTok ban extension expected

•

by Simon Sharwood / 3d

Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’ The Trump administration is set to again waive the 2024 law that requires the made-in-China social network TikTok to either sell its US operations to a local company or stop operating on US soil.…

AWS locks down cloud security, hits 100% MFA enforcement for root users

by Jessica Lyons / 3d

Plus adds a ton more security capabilities for cloud customers at re:Inforce Amazon Web Services hit a major multi-factor authentication milestone, achieving 100 percent MFA enforcement for root users across all types of AWS accounts.…

Sitecore CMS flaw let attackers brute-force 'b' for backdoor

5 TTPs

•

by Connor Jones / 4d

Hardcoded passwords and path traversals keeping bug hunters in work Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.…

Redefining identity security in the age of agentic AI

by Art Gilliland, CEO at Delinea / 4d

Now AI agents have identity, too. Here's how to handle it Partner content The rise of agentic AI systems is rewriting the rules of cybersecurity. Unlike generative AI, which relies on predefined instructions or prompts, AI agents operate autonomously, learn continuously, and act with minimal oversight. They collaborate across systems and adapt to dynamic environments. As enterprises scale their A

23andMe hit with £2.3M fine after exposing genetic data of millions

23andMe fined for data breach

•

by Connor Jones / 4d

Penalty follows year-long probe into flaws that allowed attack to affect so many The UK's data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach.…

Jun 16, 2025

Scattered Spider has moved from retail to insurance

3 TTPs

•

by Jessica Lyons / 4d

•

Scattered Spider targets US insurance

Google threat analysts warn the team behind the Marks & Spencer break-in has moved on Cyber-crime crew Scattered Spider has infected US insurance companies following a series of ransomware attacks against American and British retailers, according to Google, which urged this sector to be on "high alert."…

Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare

3 TTPs

•

by Jessica Lyons / 4d

•

Freedman HealthCare targeted by ransomware

The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos UPDATED An extortion gang claims to have breached Freedman HealthCare, a data and analytics firm whose customers include state agencies, health providers, and insurance companies, and is threatening to dump tens of thousands of sensitive files early Tuesday morning.…

Canada's WestJet says 'expect interruptions' online as it navigates cybersecurity turbulence

Account Manipulation (Enterprise T1098)

•

by Connor Jones / 5d

•

WestJet faces cybersecurity incident

Flights still flying - just don't count on the app or website working smoothly updated Canadian airline WestJet is warning of "intermittent interruptions or errors" on its app and website as it investigates a cybersecurity incident.…

Eurocops arrest suspected Archetyp admin, shut down mega dark web drug shop

Archetyp Market dismantled by police

•

by Connor Jones / 5d

Marketplace as big as Silk Road had more than 600k users and turnover of 'at least' €250M Operation Deep Sentinel is the latest international law enforcement collaboration against cybercrime, shutting down Archetyp – one of the largest dark web drug marketplaces.…

Microsoft adds export option to Windows Recall in Europe

Microsoft tests AI agent in Settings

•

by Richard Speed / 5d

But lose your code and it's gone for good Updated Windows 11 users in the European Economic Area will shortly receive a new Recall Export feature, allowing Recall snapshots to be shared with third-party apps and websites.…

Spy school dropout: GCHQ intern jailed for swiping classified data

by Connor Jones / 5d

Student 'believed he could finish' software dev 'project alone and therefore that the rules did not apply to him' A former GCHQ intern was jailed for seven-and-a-half years for stealing top-secret files during a year-long placement at the British intelligence agency.…