Global Crossing Airlines Group confirms cyberattack
According to a filing with the US Securities and Exchange Commission, the airline, also known as GlobalX, suffered a cyberattack on May 5, 2025. The attackers accessed “systems supporting portions of its business applications.” Over the weekend, the attackers contacted 404 Media, allegedly offering information about Global Crossing’s ICE deportation flights, including flight records and passenger lists. The airline said the attack did not disrupt operations and would not create a material effect on its finances.
Google settles privacy lawsuits
Back in 2022, attorneys general for Texas, Indiana, Washington state, and the District of Columbia filed lawsuits against Google, alleging that the search giant made it virtually impossible to opt out of location tracking. Texas Attorney General Ken Paxton followed this with an October 2022 lawsuit alleging Google collected biometric data without consent. Google settled both cases, agreeing to pay $1.375 billion and admitting no liability. The company also said it updated its products and practices to resolve the concerns brought in the lawsuits. Meta paid out a similar settlement to Texas for collecting biometric information back in July.
UK launches software security guidelines
The UK’s National Cyber Security Centre and Department of Science, Innovation, and Technology published a voluntary Software Security Code of Practice last week. This code includes 14 principles across themes like secure design and development, build environment, deployment and maintenance, and customer communication. This echoes CISA Secure by Design principles in the US in many ways. At launch, the program is entirely voluntary and has no regulatory oversight, but the NCSC could adopt a certification program based on the standards in the future.
Suspect arrested for Dutch ransomware attacks
Moldovan authorities arrested a 45-year-old man allegedly involved in ransomware attacks against Dutch companies back in 2021. These attacks include one against the Netherlands Organization for Scientific Research, which caused 4.5 million euros in damage and was tied to the DoppelPaymer group. Police say the suspect is internationally wanted for blackmail and money laundering in other cybercrime-related cases. Moldovan authorities began extraditing the individual to the Netherlands for trial.
Huge thanks to our sponsor, Vanta
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
Hacktivist attacks hide the real threat
Over the past several weeks, several hacktivist groups claimed over 100 successful attacks against prominent targets in India, including the Election Commission of India, the National Informatics Centre, and the Prime Minister’s Office. However an investigation by CloudSEK found that most of these attacks seemed largely symbolic, with DDoS’s that led to barely noticed downtime, website defacings that lasted minutes, and supposedly exfiltrated data made up of mostly publicly available data. These attacks appeared mostly hyped by Pakistan-linked accounts on X, which linked them back to supposedly ongoing operations. The researchers instead say organizations should be on the lookout for attacks from the Pakistan-linked APT36, which launched a phishing campaign against Indian government targets. These use emotionally charged lures to deploy Crimson RAT using malicious PDF and PowerPoint attachments.
Physical security company discloses data breach
Andy Frain provides physical security services to venues, businesses, and airports. In a notice to Maine’s attorney general, the firm disclosed that it had discovered a cyberattack in October 2024, impacting over 100,000 people. The ransomware group Black Basta previously took credit for the attack back in November, claiming to have stolen about 750 gigabytes of data. No word on what data was stolen, but the firm is offering victims up to 24 months of credit and identity monitoring. No word if Andy Frain paid a ransom. Since the attack, Black Basta has gone mostly dark, seemingly over internal conflicts.
IoT devices turned into proxy-for-rent service
Researchers at Lumen’s Black Lotus Labs worked with the US DoJ, FBI, and the Dutch National Police to track a campaign based out of Turkey that targeted Internet of Things and end-of-life SOHO devices to create a botnet. Based out of Turkey, the network spread over 80 countries, with most botnet devices based in the US, Ecuador, and Canada. The operators claim the network contained over 7,000 active proxies per day, but researchers found this number closer to 1,000. The operators sold out network access for ad fraud, DDoS attacks, and credential stuffing. Lumen worked with law enforcement to disrupt the network by routing traffic through Lumen’s backbone.
Responses to DNS blocking orders
TorrentFreak’s Ernesto Van der Sar put together a look at how DNS resolvers like OpenDNS, Google, and Cloudflare responded to orders from EU courts to block DNS queries tied to piracy. In response to blockage orders in France and Belgium, Cisco’s OpenDNS left those markets entirely. Cloudflare maintains that it did not block content through its public 1.1.1.1 DNS Resolver, but instead “identified alternate mechanisms to comply with relevant court orders.” Court-ordered sites now show an HTTP 451 error as a result. Google’s DNS resolver simply refuses the DNS query entirely, not linking the lookup to any IP address. This doesn’t give any context for why the lookup failed, and also appears to go against the advice of the Belgian court, which required a redirect to an explanation for the block.