Hong Kong’s privacy watchdog has condemned the owner of an education platform for paying a ransom to hackers who stole individuals’ personal data across 9,000 institutions worldwide, arguing that the money should have been spent on strengthening cybersecurity. Privacy Commissioner for Personal Data Ada Chung Lai-ling on Friday also questioned whether the hackers had truly…
Canvas, the education platform hit by a global data breach affecting 72,571 Hongkongers, has reached an agreement with the hackers to return all compromised data. Instructure, the parent company of Canvas, has said it would hold a webinar for its leadership on Wednesday to provide details of the attack and discuss measures to “harden the…
A data breach at Yau Yat Chuen Garden City Club has compromised the personal information of more than 9,000 people, Hong Kong’s privacy watchdog has found, urging organisations to review security measures and update software to close loopholes. The Office of the Privacy Commissioner for Personal Data on Thursday also released a guide for parents…
Jan 16, 2026Ravie LakshmananZero-Day / Cyber Espionage A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based…
Dec 18, 2025Ravie LakshmananMalware / Cloud Security A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster…
Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems. “BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said….
Millions of AT&T customers can now file claims in a $177 million legal settlement related to two data breaches, which could provide up to $7,500 in compensation per person. The first data breach, announced in March 2024, affected 73 million current and former AT&T account holders whose information — including birth dates and Social Security numbers —…
French fashion house Chanel has been hit by a data breach following a sustained series of attacks targeting Salesforce users. The data breach was discovered on July 25 after unauthorized third parties gained access to a Chanel database managed by an external service provider. Only customers in the United States have been affected. The exposed…
The app “Tea,” designed for women to anonymously post comments about men they have dated, has suffered a data breach, leaking tens of thousands of user images in what appears to be a targeted effort by another online platform.The company behind Tea reported that 72,000 images were leaked online, including 13,000 selfies or forms of…