In today’s cybersecurity news…
LG Uplus confirms cybersecurity incident
LG Uplus, one of South Korea’s largest telecoms, reported a suspected data breach to the country’s cybersecurity agency KISA, joining SK Telecom and KT Telecom as the third major carrier under investigation in six months. This may be linked to Chinese or North Korean hackers, who reportedly accessed data from around 9,000 LG Uplus servers. South Korea’s Ministry of Science and ICT told TechCrunch that its investigation into KT and LG Uplus is still ongoing. (TechCrunch)
10 million+ impacted by Conduent breach
Government contractor Conduent said a January cyberattack exposed data from more than 10 million people across multiple U.S. states, after hackers accessed its network for nearly three months. The SafePay ransomware group claimed the breach, saying it stole 8.5 TB of data tied to Conduent’s government contracts for Medicaid, child support, and other programs. Conduent said no stolen data has surfaced publicly. (The Record)
Russian hackers exploit tools against Ukrainian targets
Russian hackers likely tied to Sandworm breached Ukrainian organizations using “living-off-the-land” tactics and legitimate tools to steal data and maintain network access, according to Symantec and Carbon Black. The intrusions targeted a major business services firm and a local government from June to August 2025, using webshells like Localolive, credential dumping, and PowerShell backdoors. Researchers say the attacks bear Sandworm’s hallmarks but stopped short of formal attribution. (Security Affairs)
Npm malware uses invisible dependencies to infect packages
Researchers at Koi Security uncovered an ongoing npm malware campaign, dubbed PhantomRaven, active since August, infecting 126 packages with 20,000 downloads. The malware steals npm tokens, GitHub credentials, and CI/CD secrets, fetching malicious code from attacker-controlled servers at install time to evade detection. PhantomRaven also exploits AI “hallucinations” via typosquatted package names, tricking developers into installing compromised packages. At least 80 infected packages currently remain active. (InfoSecurity Magazine)
Huge thanks to our sponsor, Conveyor
AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls.
Breathe easier—check out Conveyor at www.conveyor.com.
Microsoft fixes cause Windows update failures
Microsoft has fixed a known issue causing certain Windows 11 updates to fail, linked to missing language packs and feature payloads removed during Automatic or Manual Component Repair. The latest preview update appears to resolve the problem. Administrators unable to install it can use an In-Place Upgrade via installation media or Windows Settings to reinstall missing components without affecting personal files or apps. (Bleeping Computer)
CyberRidge emerges with photonic encryption solution
Israeli cybersecurity startup CyberRidge emerged from stealth with $26 million in funding for its photonic encryption system, which transforms transmitted data into encrypted optical noise to prevent interception and quantum decryption. The system requires a constantly changing photonic key to access data, aiming to block “harvest now, decrypt later” attacks. Founded in 2021, CyberRidge already has deployments in defense, intelligence, and telecom sectors across Europe, Australia, Singapore, and Israel, and has 30 employees operating in Israel, Switzerland, and the U.S. (SecurityWeek)
Ex-L3Harris exec pleads guilty to selling zero-days to broker
Former L3Harris executive Peter Williams pleaded guilty to stealing and selling eight U.S. government zero-day exploits to a Russian broker, Operation Zero, for millions in cryptocurrency. Prosecutors say the theft caused $35 million in losses and could have given foreign actors advanced hacking tools. Williams faces up to 20 years in prison, with sentencing set for January. (CyberScoop)
Microsoft security change for Azure VMs creates pitfalls
Microsoft postponed a planned Azure network security change to March 2026 after feedback from customers concerned it could disrupt apps dependent on public internet access. The update will make private subnets the default for new virtual networks, blocking automatic outbound connections to the internet to align with zero-trust principles. Existing networks won’t be affected, but experts warn firms to prepare now or risk broken workloads once the change takes effect. (Dark Reading)