IT Security News reports: Telstra, one of Australia’s leading telecommunications companies, has denied claims made by the hacker group Scattered Spider that it suffered a massive data breach compromising nearly 19 million personal records. The company issued a statement clarifying that its internal systems remain secure and that the data in question was scraped from…
Category: Hack
SonicWall Says All Firewall Backups Were Accessed by Hackers
Waqas reports: In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for…
Discord Confirms 70,000 Government IDs Exposed in Third-Party Breach
Divya reports: The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
U.K.: Two arrested over cyber attack which stole thousands of nursery children’s data (1)
There’s been an arrest in the Kido school cyberattack incident. itvX reports: Two people have been arrested after hackers stole information about thousands of children from a nursery chain. Two men aged 17 and 22 were arrested in Bishop’s Stortford, Hertfordshire, on suspicion of computer misuse and blackmail, the Metropolitan Police said. They remain in…
Update on the emerging CL0P extortion campaign targeting Oracle E-Business Suite
UPDATE: On the emerging CL0P extortion campaign targeting Oracle E-Business Suite (EBS) customers, we can now confirm the actor likely exploited a zero-day vulnerability (CVE-2025-61882) to steal data. Here are the critical updates: ➡️ Confirmed Data Exfiltration: We’ve confirmed the actor successfully exfiltrated large volumes of data from victim environments in August 2025. During negotiations,…
PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom
As noted on Reddit, PowerSchool appears to have been one of many victims of the Salesloft Drift/Salesforce campaign by Scattered LAPSUS$ Hunters. Like many other victims, PowerSchool did not disclose the incident publicly, but they did, however, post a notice in their closed users group. The notice was removed shortly thereafter, and several people have…