Today’s roundup
Sandworm hackers use data wipers to disrupt Ukraine's grain sector
Gootloader malware is back with new tricks after 7-month break
Hyundai AutoEver America data breach exposes SSNs, drivers licenses
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
APT 'Bronze Butler' Exploits Zero-Day to Root Japan Orgs
Risk 'Comparable' to SolarWinds Incident Lurks in Popular Software Update Tool
Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries
Cloudflare Scrubs Aisuru Botnet from Top Domains List
Japanese media giant Nikkei reports Slack breach exposing employee and partner records
Cyberattack ate up profits for first half of year, retailer M&S says
Summary
Russian state-backed APT Sandworm has deployed multiple data-wiping malware families against Ukraine's critical infrastructure, specifically targeting its education, government, and vital grain sectors. These attacks aim to disrupt the country's main revenue source.
The Gootloader malware operation has resurfaced after a seven-month hiatus, resuming its use of SEO poisoning tactics to direct users to fake websites distributing the malware. This re-emergence signals an ongoing threat from the sophisticated loader.
Hyundai AutoEver America is notifying individuals of a data breach where hackers accessed the company's IT environment, compromising personal information including Social Security Numbers and drivers' licenses. The scope of the breach is under investigation.
Cybersecurity researchers have identified a new set of seven vulnerabilities impacting OpenAI's GPT-4o and GPT-5 artificial intelligence models. These flaws could be exploited by attackers to steal personal information from users' memories and chat histories without their knowledge, posing significant privacy risks.
The China-sponsored advanced persistent threat (APT) group "Bronze Butler" has exploited a critical zero-day vulnerability (CVE-2025-61932) in a widely used endpoint manager. This enabled the group to gain root access and backdoor Japanese businesses, underscoring ongoing nation-state espionage activities.
A warning has been issued regarding a significant supply chain risk in a popular software update tool, with potential consequences comparable to the SolarWinds incident. This vulnerability could allow for malware introduction into major technology companies' software, though an easy fix is available.
Operation “Chargeback,” a global law enforcement initiative, has successfully dismantled widespread fraud networks responsible for misusing stolen card data from over 4.3 million victims across 193 countries. The scheme involved over €300 million in illicit gains.
Cloudflare has moved to redact and eventually hide domains associated with the massive Aisuru botnet from its public ranking of most requested websites. The botnet, composed of hundreds of thousands of hacked IoT devices, had artificially inflated its presence on the list and was simultaneously attacking Cloudflare's DNS service.
Japanese media conglomerate Nikkei has disclosed a security breach involving its internal Slack communication system. The incident led to unauthorized access and the potential exposure of data belonging to over 17,000 employees and business partners.
British retailer Marks & Spencer (M&S) has reported that a cyberattack earlier this year significantly impacted its financial performance, nearly wiping out the company's profits for the first half of the fiscal year. This highlights the substantial economic repercussions of major cyber incidents.
Want to dig deeper?
Vulnerabilities
Cyber Groups
Malware Families