Telefonica breach exposes internal data and employee credentials
A massive breach for telco giant Telefonica as hackers with the Hellcat ransomware group were able to steal over 236,000 lines of customer data, 469,000 lines of internal Jira ticketing data, and 24,000 employee emails. The group leveraged infostealer malware to compromise credentials from 15 employees, including two with admini strative privileges, resulting in an estimated 2.3GB of data stolen. One cybersecurity vendor called the breach “imminent,” noting that 531 employee computers were infected by infostealers last year.
(Dark Reading), (Infosecurity Magazine)
New ransomware group leverages AI
Emerging ransomware group FunkSec has claimed responsibility for over 80 attacks in December 2024, using Rust-based ransomware likely created with AI by inexperienced threat actors. Operating under a ransomware-as-a-service model, the group engages in double extortion and sells stolen data at discounted prices. FunkSec has also launched a data leak site featuring custom tools, including a DDoS utility and an AI chatbot, aligning its operations with hacktivist campaigns like the Free Palestine movement. While the group recycles data from prior attacks, its low ransom demands and Tor-based operations have already garnered attention in cybercrime forums.
Allstate accused of selling consumer driving data
Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its subsidiary Arity, accusing them of illegally collecting, using, and selling cell phone location and movement data from over 45 million Americans without their knowledge. Harvested through embedded software in mobile apps, was used to create a massive driving behavior database that insurers accessed to adjust premiums and price quotes. The collection of the data violates Texas’ new Data Privacy and Security Act and this legal action marks the first state-level enforcement of a comprehensive data privacy law, with automakers and popular mobile apps also implicated in the alleged scheme.
Nominet confirms breach using Ivanti zero-day
Nominet, the .UK domain registry managing over 11 million domains, has confirmed a breach exploiting an Ivanti VPN zero-day vulnerability (CVE-2025-0282). According to a statement to Bleeping Computer “the entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely.” While no data theft or backdoors have been identified, Nominet is the first organization to publicly confirm an attack using this specific exploit.
(The Register), (Bleeping Computer)
Huge thanks to our sponsor, Dropzone AI
One Blood confirms sensitive data stolen
You’ve likely seen the big red bus at your company’s office or even local movie theater, asking you to give blood to save lives. Well, now the company is confirming that some gave more than just their blood. The major blood supplier confirmed that donor names and Social Security numbers were stolen during a ransomware attack in July 2024. The breach, lasting from July 14 to July 29, caused critical blood shortages, and OneBlood is now offering one year of free credit monitoring to affected individuals. While the organization has notified victims as promised, there was a six-month delay in the notification process.
Codefinger ransomware campaign targets AWS
A ransomware group named “Codefinger” is encrypting Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C), leaving victims unable to recover data without the attacker’s decryption key. The threat actors leverage compromised AWS credentials to encrypt data and demand Bitcoin ransoms, threatening to delete files if negotiations fail.
New WordPress skimmer campaign
A warning for WordPress e-commerce sites about a new credit card skimmer that injects malicious JavaScript into database entries, stealing payment details on checkout pages. The skimmer hides in the wp_options table, avoiding detection while mimicking legitimate payment processors like Stripe to capture sensitive user data. In a related trend, attackers are exploiting transaction simulation features in Web3 wallets to drain funds, while PayPal users are being targeted by phishing emails that hijack accounts through legitimate-looking payment requests.
Microsoft sues to stop malicious AI misuse
Microsoft is taking legal action to stop cybercriminals exploiting generative AI services to create malicious tools. According to a lawsuit filed in Virginia, the attackers used stolen credentials to alter AI capabilities, reselling access and providing instructions for generating harmful content. Microsoft has since revoked the group’s access and released a statement saying “With this action, we are sending a clear message: the weaponization of our AI technology by online actors will not be tolerated.”