Kirsten Doyle

The Play ransomware group is back, and sharper than ever. A newly updated joint advisory from the FBI, CISA, and Australia’s ASD confirms the group is refining its tactics, expanding its reach, and leaving behind a trail of encrypted chaos across critical infrastructure and enterprises alike.  As of May 2025, nearly 900 entities have been compromised globally. Victims span North and South America, Europe, and Australia. Many didn’t see it coming. And when they did, it was already too late. A Familiar Threat, Evolved First detected in June 2022, Play (also known as PlayCrypt) rose to infamy with its “no-frills”…

Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements.  The change will come in Google Chrome version 139, which is scheduled for release on 1 August this year. They cite ongoing compliance failures, broken improvement commitments, and lack of measurable progress as the reasons behind this decision. In its blog, Google says the Chrome Root Program Policy says: “Certification Authority (CA) certificates included in the Chrome Root Store have to provide value to Chrome end users…

A new player in the Android malware arena is making waves, and not in a good way. First detected in March this year by the Mobile Threat Intelligence Team, the Crocodilus banking Trojan has quickly evolved from limited test campaigns to a full-fledged, global threat. What began as isolated activity, primarily targeting users in Turkey, has now escalated into an expansive operation reaching users across Europe and South America, with increasingly sophisticated capabilities in its arsenal.  From Test Campaigns to Targeted Attacks Initial sightings of Crocodilus showed signs of experimentation. The Trojan’s early samples appeared in test campaigns, scattered and…

Technical details for a critical Cisco IOS XE Wireless LAN Controller (WLC) vulnerability, tracked as CVE-2025-20188, have now been publicly disclosed. The flaw, which allows arbitrary file upload, poses a maximum severity risk to affected systems. Originally announced in early May 2025, this vulnerability impacts Cisco’s IOS XE-based WLC devices, widely used to manage enterprise Wi-Fi networks. By exploiting the flaw, attackers can upload malicious files to the controller, potentially leading to unauthorized code execution, network compromise, or disruption of wireless services. Cisco had issued an advisory urging users to apply available patches promptly. However, the recent public release of…

Cartier has become the latest high-end fashion house to fall victim to a data breach, joining a growing list of fashion brands grappling with digital threats. In breach notification letters sent to affected individuals (and now circulating on social media) Cartier confirmed that threat actors managed to breach its systems and access customer data. “We are writing to inform you that an unauthorized party gained temporary access to our system and obtained limited client information,” the company stated. While the incident was reportedly contained swiftly, the breach still exposed personal information including customer names, email addresses, and their countries of…

The cybercrime landscape has entered a new era, one where a $2 stolen password can trigger a multimillion-dollar breach. According to ReliaQuest’s latest report, The Infostealer Pipeline: How Russian Market Fuels Credential-Based Attacks, the underground economy of stolen credentials is thriving, industrialized, and alarmingly easy to access. For organizations today, this isn’t just a threat—it’s a crisis of compromise. A $2 Price Tag on Your Network? At the heart of this ecosystem sits Russian Market, a dark web Automated Vending Cart (AVC) where threat actors can buy infostealer logs for less than the cost of a coffee. These logs contain…

Cybersecurity researchers from Cybernews have uncovered two misconfigured Azure Blob Storage containers containing more than 1.6 million files, primarily shipping email confirmations. The vast majority of the leaked data appears to belong to American customers, though some affected individuals are located in Canada and Australia. The emails were linked to purchases from Etsy, TikTok shops, Poshmark, and a vendor called Embroly. Most exposed files were HTML versions of shipping confirmations, containing sensitive customer information such as full names, home addresses, email addresses, and shipping order details. While it’s unclear who owns the storage buckets, metadata suggests the orders originated from…

On 21 May, a major international law enforcement coalition, including Europol, the FBI, and Microsoft, announced a coordinated operation targeting the notorious Lumma infostealer, a malware-as-a-service platform responsible for widespread credential theft. The operation, which began on 15 May, confiscated a whopping 2,500 domains associated with Lumma and wiped its main server and backups through a vulnerability in Integrated Dell Remote Access Controller (iDRAC). Lumma, one of the most prolific infostealers, has been leveraged by both common cybercrooks and elite threat groups such as Scattered Spider, Angry Likho, and CoralRaider. The takedown’s immediate impact was evident as Lumma customers flooded…

Recent data breaches at luxury brands under LVMH, the world’s largest luxury conglomerate, have raised concerns over the group’s data security practices, particularly among consumers. The most recent incident involved Tiffany & Company, which revealed on 9 May that personal data from its Korea-based customers, including names, addresses, phone numbers, email addresses, and sales information, had been compromised. The breach happened on 8 April but wasn’t identified until a month later. The company has said no financial information, such as payment card details, was involved, but its response was limited to notifying affected individuals via email. Similar concerns have been…

A newly uncovered flaw in Microsoft’s OneDrive File Picker could be putting millions of users at risk of unintended data exposure, says new research from cybersecurity firm Oasis Security.   The issue allows websites to access an entire user’s OneDrive, rather than just the specific files selected for upload, due to a combination of excessive permissions and vague consent prompts. The flaw affects hundreds of popular applications that integrate with OneDrive File Picker, including widely used platforms like ChatGPT, Slack, Trello, and ClickUp. As a result, millions of users may have inadvertently granted these services full access to their cloud storage,…