Kirsten Doyle

Kering, the French group behind Gucci, Balenciaga, and Alexander McQueen, has confirmed a cyberattack that exposed personal details of millions of its customers. The breach, carried out in April and claimed by the group known as ShinyHunters, included names, emails, phone numbers, home addresses, and records of how much individuals spent in luxury stores.  ShinyHunters claims it attempted to negotiate a ransom in Bitcoin, but Kering denies this claiming it did not pony up. The bad actors, who have a history of breaching major firms, are known to trick employees into giving up internal credentials to platforms such as Salesforce. …

In August, FortiGuard Labs uncovered a campaign using SEO poisoning to target Chinese-speaking users. Attackers manipulated search rankings with plugins, pushing fraudulent domains designed to mimic trusted software providers. The ruse was subtle. Small character swaps in domain names. Familiar branding. Language that looked legitimate. Once victims clicked, they landed on spoofed pages offering software installers, tainted with malware. The investigation centered on a site impersonating DeepL. The installer contained the real application but also embedded malicious files. Among them, a DLL named EnumW.dll, which ran a series of anti-analysis checks before triggering its payload. These checks helped the malware…

Samsung has fixed a critical flaw that was being used in attacks against its Android phones. The vulnerability, tracked as CVE-2025-21043, was reported by Meta and WhatsApp’s security teams on 13 August. It affects Samsung devices running Android 13 and later. The issue lies in libimagecodec.quram.so, a closed-source library built by Quramsoft. Its job is to process image files. The problem: an out-of-bounds write bug that lets attackers push malicious code onto vulnerable devices from a distance. Samsung’s advisory does not clarify if the zero-day was used only against WhatsApp users. Other apps that rely on the same library could…

Organisations faced an average of 1,994 cyberattacks per week in August. This was revealed by Check Point’s Global Threat Intelligence Report for August 2025. That’s slightly down from July, just 1%, but still 10% higher than a year ago.   The picture is clear: cyber threats remain persistent and intense. Industries Under Pressure Education remained the hardest hit. Schools and universities saw 4,178 attacks per week, a 13% rise year-on-year. The reasons are familiar. Digital expansion has widened the attack surface. Security budgets lag behind. Attackers know it.  Telecoms were next. Providers endured 2,992 weekly attacks, up 28% from last year.…

Security Operations Centers (SOCs) are drowning in noise. The average company now generates close to a thousand alerts a day. For very large enterprises, the number surges past 3,000. Close to half (40% never get fully investigated. Some turn out to be critical.  This is outlined in Prophet Security’s new report, “State of AI in Security Operations 2025”. Based on a survey of 282 security leaders at large organizations, the study maps out the rising pressure on SOCs, the limits of human-led operations, and the rapid adoption of artificial intelligence as a lifeline. The Alert Tsunami Organizations run on a…

Bad actors are stepping up. FortiGuard Labs has uncovered a phishing campaign that installs MostereRAT, a remote access trojan built to evade defenses and seize full control of a machine. The path is familiar. A phishing email lands in the inbox of a Japanese user. It looks like a business inquiry, routine and harmless. A click leads to a download. A Word document appears. Inside, a simple instruction: open the archive, run the file.  That file unlocks the rest. The malware unpacks encrypted tools, hides them in system directories, and uses a custom RPC client to bypass standard Windows controls.…

A newly disclosed vulnerability in SAP S/4HANA has been rated critical, with security researchers warning that exploitation is already underway. The flaw, tracked as CVE-2025-42957, carries a CVSS score of 9.9 and affects S/4HANA systems running S4CORE versions 102 through 108, both in private cloud and on-premise deployments. According to the official CVE record published by SAP SE, the issue stems from a function module exposed via Remote Function Call (RFC) that allows attackers with low-level user privileges to inject arbitrary ABAP code, bypassing authorization checks. In effect, it functions as a backdoor, exposing the confidentiality, integrity, and availability of…

Qantas has cut short-term bonuses for its top executives by 15% in response to a customer data breach, even as the airline reported a strong year of profits. CEO Vanessa Hudson saw her bonus reduced by about AUD 250,000 under the 2025 remuneration decisions, with the airline saying the adjustment reflected shared accountability across the leadership team. Despite the cut, Hudson’s total pay package rose to roughly AUD 6.3 million for the year, up from AUD 4.4 million in 2024, due to increases in base salary and other components. The bonus reductions follow a cyber incident in late June 2025,…

Bad actors are exploiting Grok AI to push malware through promoted ads on X, in a scheme researchers are calling “Grokking.”  The method, uncovered by Guardio Labs researcher Nati Tal, takes advantage of how Grok parses hidden fields in ads. Malvertisers post videos with adult content baits, but avoid direct links in the main body to bypass filters. Instead, the link is buried in the small “From:” metadata field under the video card, a spot the platform doesn’t scan for malicious content. Once the ad is live, the actors reply to their own post with a simple question for Grok:…

In July 2025, Darktrace researchers detected an attempted cryptojacking incident on a retail and e-commerce network.   A desktop device initiated an HTTP connection to a rare endpoint, 45.141.87[.]195 over port 8000. Embedded in the request was a PowerShell script, infect.ps1. The script’s behavior flagged an immediate anomaly: a new PowerShell user agent making an unusual outbound connection. Analysis revealed the script dropped an obfuscated AutoIt loader. The loader injected NBMiner into a legitimate Windows process, charmap.exe. The attack chain began with three encoded data blobs in the PowerShell script. The first blob, XOR’d with 97, produced an AutoIt executable stored…