Commentaries and Analyses – Page 9

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape (1)

Posted on October 8, 2025October 16, 2025 by Dissent

Update of October 16, 2025: The claims by ReliaQuest, reported below by Security Affairs, have been challenged by SuspectFile. Read the criticism with a statement from Qilin at SuspectFile. Pierluigi Paganini reports: Ransomware groups DragonForce, LockBit, and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools…

Qantas says ‘legal protections in place’ as ScatteredLAPSUS$Hunters group threatens to release personal data

Posted on October 8, 2025October 8, 2025 by Dissent

NOTE from DataBreaches.net: The injunction Qantas obtained is limited in terms of who it covers. It does NOT cover all journalists and media. It only covers those who are under the jurisdiction of the NSW Supreme Court. Most journalists and media are not covered by the injunction, such as DataBreaches, and many may decide to…

I called American Income Life Insurance to alert them to a data breach involving 150,000 customers. Here’s why they didn’t find out.

Posted on October 6, 2025 by Dissent

Paging the Federal Trade Commission to Aisle 5…. The Federal Trade Commission has repeatedly emphasized the importance of having a mechanism in place to receive data security alerts or concerns. American Income Life Insurance (“AILife”), headquartered in Waco, Texas, does not provide such information on its home page or anywhere else on the site that…

Update on the emerging CL0P extortion campaign targeting Oracle E-Business Suite

Posted on October 6, 2025October 5, 2025 by Dissent

UPDATE: On the emerging CL0P extortion campaign targeting Oracle E-Business Suite (EBS) customers, we can now confirm the actor likely exploited a zero-day vulnerability (CVE-2025-61882) to steal data. Here are the critical updates: ➡️ Confirmed Data Exfiltration: We’ve confirmed the actor successfully exfiltrated large volumes of data from victim environments in August 2025. During negotiations,…

PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom

Posted on October 4, 2025October 4, 2025 by Dissent

As noted on Reddit, PowerSchool appears to have been one of many victims of the Salesloft Drift/Salesforce campaign by Scattered LAPSUS$ Hunters. Like many other victims, PowerSchool did not disclose the incident publicly, but they did, however, post a notice in their closed users group. The notice was removed shortly thereafter, and several people have…

Judge throws out lawsuit against Columbus over data breach

Posted on October 2, 2025 by Dissent

Fox28 reports: A Franklin County judge dismissed a lawsuit against the city of Columbus, which claimed it failed to follow industry standards and federal guidelines for data security. The lawsuit was filed last year after the ransomware group Rhysida claimed it stole over 6 terabytes of city data and posted it for sale. The incident caused the city to shut down multiple systems…