In today’s cybersecurity news…
France fines unemployment agency over data breach
The French data protection authority has fined the country’s national employment agency France Travail (formerly known as Pôle Emploi) a sum of €5 million for “failing to secure job seekers’ data, which allowed hackers to steal the personal information of 43 million people.” This follows a data breach that occurred in early 2024 and which exposed job seekers’ personal information spanning 20 years, including standard PII. Bank details and account passwords were not affected, nor were job-seeker files taken. This latter category is important because job-seeker files tend to contain sensitive health data.
Microsoft Teams addition will allow for suspicious calls to be reported
This new feature is intended to be released to Targeted Release customers by mid-March. Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts. Named “Report a Call,” the function will be enabled by default, but can be disabled by admins via a toggle inside the “Calling settings.” When users manually flag a call, some metadata including timestamps, duration, caller ID information, and participant Teams IDs will be shared with both user’s organization and Microsoft. General availability worldwide is expected for late April.
UK leaders warned about absorbing cyberattacks without offensive deterrence
During a UK parliamentary hearing on national security ministers were warned that Britain “risks leaving itself exposed to cyberattacks and hybrid forms of warfare unless it exercises an ability to impose costs on hostile states.” Former national security adviser Lord Sedwill, who is now a member of the Joint Committee on the National Security Strategy, added that “resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure, and disinformation campaigns against the United Kingdom.” His comments echo those made by the former head of the British Army, who previously urged the government to get on the “forward foot” with ransomware instead of just “absorbing the punches.”
ShinyHunters steals 10M records in alleged dating app heist
The records were allegedly stolen from Match Group, a U.S. based firm that “owns some of the world’s most widely used swipe-based dating platforms,” including Hinge, Match.com, and OkCupid. ShinyHunters representatives say they made off with user data as well as hundreds of internal documents. They identify “AppsFlyer, a marketing analytics provider, as the apparent source of the exposure.” The company itself has declined to say what types of data were accessed, how many customers were affected, or whether a ransom was involved.
Huge thanks to our sponsor, Conveyor
An infosec manager found out that their sales rep had filled in a customer security questionnaire themselves and sent it back to the customer without review.
Which led to dozens of follow up questions.
With Conveyor’s Trust Center AI Agent, you can avoid all of that.
The Agent lives in your Conveyor hosted Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way.
Learn more at Conveyor.com
North Korea threat group splits into 3 distinct operations
According to a report released by CrowdStrike yesterday, the group Labyrinth Chollima has spawned two additional groups, Golden Chollima and Pressure Chollima. These spin-offs, which have been operating since 2020, “allow Labyrinth Chollima to narrow its focus on espionage, targeting victims in the manufacturing, logistics, defense and aerospace industries,” while Golden Chollima and Pressure Chollima focused on stealing cryptocurrency for funding North Korea’s cyber operations. The groups all have grown out of the Lazarus Group, sharing some tools and infrastructure, which “indicates centralized coordination in concert with their specialized individual capabilities.
SolarWinds fixes critical web help desk flaws
The security updates seek to address “multiple security vulnerabilities impacting SolarWinds Web Help Desk,” including four that could result in authentication bypass and remote code execution (RCE). There are six vulnerabilities involved in this update series, four of which have CVSS ratings of 9.8. A link to an article providing CVE numbers and details on these flaws is available in the show notes to this episode.
Aisuru botnet outdoes itself with 31.4 Tbps DDoS attack
This attack targeted multiple companies, mostly in the telecommunications sector, “and was detected and mitigated by Cloudflare on December 19. It was launched by the Aisuru/Kimwolf and peaked at 31.4 Tbps and 200 million requests per second, surpassing its own previous DDoS record that reached 29.7 Tbps. Despite the scale of these hyper-volumetric attacks, Cloudflare says “they were detected and mitigated automatically and didn’t trigger any internal alerts.” Cloudflare added in its report, Aisuru generally uses compromised IoT devices and routers as its botnet, but in the December 19 attack, it used Android TVs.
Latvia identifies Russia as its top cyber threat as attacks hit record high
“In its annual report released this week, Latvia’s national security service, SAB, said 2025 marked an all-time high in registered cyber threats targeting the country, with activity surging significantly past levels seen before Russia’s invasion of Ukraine in 2022.” The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national security. The methods included intrusion attempts, malware distribution, equipment compromise and DDoS attacks. The agency adds that the campaign shows no sign of slowing, “even though most incidents so far have failed to cause serious disruption.”