In today’s cybersecurity news…
Washington Post investigates hacking incident on journalists’ emails
A source speaking with Reuters has stated that there has been a “possible unauthorized targeted intrusion affecting a few journalists,” which The Wall Street Journal has said was “potentially the work of a foreign government.” Specifically, the reporters whose emails were targeted included “members of the national security and economic policy teams, including some who write about China,” the report added. Staffers at The Washington Post have been told “the intrusions compromised journalists’ Microsoft accounts and could have granted the intruder access to work emails.” Graham Cluley, posting on LinkedIn, stated that “in recent years, reporters at the Post have reportedly stopped using email for their most sensitive conversations and use encrypted messaging apps like Signal instead. Nonetheless, the Wash Post has wisely decided to force all employees to reset their login credentials.”
(Reuters and Graham Cluley via LinkedIn)
Anubis ransomware adds wiper to destroy files beyond recovery
Following up on a story we covered in April, the Anubis ransomware-as-a-service (RaaS) operation has now added a wiper module to its file-encrypting malware which will destroy a victim’s files, making recovery impossible even if the ransom is paid. Anubis, which is not to be confused with an Android ransomware malware with the same name, made headlines this spring for its aggressive affiliates program. Researchers from Trend Micro found the wiper in recent samples and they believe the feature was “introduced to increase the pressure on the victim to pay quicker instead of stalling negotiations or ignoring them altogether.”
Discord invite link hijacking campaign delivers infostealers
Researchers from Check Point are describing this campaign as one that exploits a weakness in Discord’s invitation system to deliver an information stealer called Skuld and the remote access trojan AsyncRAT. “Attackers hijacked the links through vanity link registration, allowing them to redirect users from trusted sources to malicious servers,” their report said. They then use the ClickFix phishing technique, along with multi-stage loaders, and time-based evasions to “stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets.”
Account takeover bug impacts over 46,000 Grafana instances
According to researchers at application security company OX Security more than 46,000 internet-facing instances of the data analytics and monitoring app remain unpatched and exposed to a client-side open redirect vulnerability that would allow for execution of a malicious plugin and account takeover. The flaw has a CVE number (CVE-2025-4123) and impacts multiple versions of the Grafana platform. Grafana Labs released a patch on May 21, after having been informed by a bug bounty hunter, but OX Security says, “more than a third of all Grafana instances reachable over the public internet have not been patched.”
Huge thanks to our sponsor, Adaptive Security
Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI-driven threats.
Learn more at adaptivesecurity.com.
Canadian airline WestJet is containing a cyberattack
Canada’s second largest airline is now “investigating a cybersecurity incident impacting some of its internal systems and mobile app, which has blocked access for several users.” The company is of course responding and working with law enforcement and stresses that flight operations remain safe and unaffected. No additional details are available as of this recording.
Danish government agency announced planned switch from Microsoft software
Denmark’s tech modernization agency plans to replace Microsoft products with open-source alternatives like LibreOffice to reduce reliance on U.S. tech firms and achieve “digital sovereignty.” Over half the staff will transition to LibreOffice next month, with full adoption expected by autumn, according to Digitalization Minister Caroline Stage Olsen. The move also aims to avoid costs tied to aging Windows 10 systems, which lose support in October. LibreOffice, developed by the Berlin-based Document Foundation, offers a full suite of office tools. Similar steps have been taken by Copenhagen and Aarhus, citing financial, political, and competitive concerns. Microsoft has not yet commented.
Crash records stolen from Texas DOT
Authorities at the Texas Department of Transportation have announced the discovery of unusual activity on May 12 involving its Crash Records Information System (CRIS). Their investigation states that a compromised account was “used to access and download almost 300,000 crash reports,” which the state is legally required to maintain. The records include PII but also information about insurance policies, injuries sustained during crashes as well as narratives of the incidents. It sent letters to victims to be vigilant for any communications related to past crashes.
UK woefully unprepared for undersea cable sabotage, says report
Following up on a story that we have been covering over the past few months, a report from the China Strategic Risks Institute (CSRI) showed that 10 out of 12 incidents of alleged undersea cable sabotage between January 2021 and April 2025, eight of the suspected vessels were directly linked to China or Russia through flag-state registration or company ownership. As described in The Guardian, “99% of intercontinental data transmission takes place through submarine cable systems, playing a vital role in civilian and defense infrastructure. Without these cables, much of the economy – from international banking and cloud computing to virtual communications and global logistics – would cease to function.” The report continues that “the UK’s defense infrastructure is woefully inadequate in protecting against such grey-zone tactics.”