Cyber Security News
Start. Stay. Grow.
Curated daily. The latest hacks, breaches, and cyber trends—humanized.
Daily cyber brief
Hacking Editorial Brief — June 25, 2026
Scattered Spider Members Plead Guilty to TfL and U.S. Healthcare Breaches
Two British hackers affiliated with the Scattered Spider threat group have pleaded guilty to cyberattacks on Transport for London (TfL), with one member also admitting to breaching two U.S. healthcare organizations—SSM Health Care and Sutter Health. The guilty pleas represent the first confirmed prosecutions of Scattered Spider members, a group known for sophisticated social engineering tactics and high-profile intrusions targeting critical infrastructure and healthcare systems. The TfL attack disrupted London's public transportation network, while the healthcare breaches compromised patient data across multiple facilities. Separately, Madison Square Garden suffered a significant breach by the ShinyHunters threat group, resulting in the leak of facial recognition records tied to millions of venue visitors, including celebrities and customers. The compromise reportedly began with a single social engineering attack that granted initial access to MSG's biometric database systems, validating longstanding warnings about the security risks of centralized biometric data collection.
New iPhone Boot Exploit and FIFA World Cup Phishing Campaign
Security researchers disclosed Usbliter8, a USB-based exploit chain targeting Apple devices with A12 and A13 chips, including iPhone XS, XR, 11, and Apple Watch S4-S5 models. The exploit bypasses Apple's boot security defenses by chaining controller and firmware vulnerabilities, potentially affecting millions of devices still in active use. Meanwhile, Chinese-origin threat actors have deployed sophisticated phishing infrastructure targeting FIFA World Cup 2026 attendees, using pixel-perfect clones of legitimate ticketing sites and man-in-the-middle attacks to bypass two-factor authentication. The campaign includes card-skimming capabilities designed to harvest payment credentials from users attempting to purchase World Cup tickets or merchandise through fraudulent sites that mirror official FIFA platforms.
Sources: HIPAA Journal · Yahoo · Inc · SecurityWeek · CloudSEK
Around the Web
Last Updated: N/A
Hacks + Heists
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
... Hacker News. "The same pairs also appear in the actor's input target list EU.txt (the file their Go scanner reloads and re-validates every cycle ....
Read more →Five Eyes cybersecurity agencies warn of new AI models impact on cyber risks - CBC
Cutting-edge artificial intelligence technology is poised to supercharge offensive hacking ... Hacking concerns. The Monday statement from the Five ....
Read more →How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack
Around the same time, Change Healthcare in the US was hacked, leading to widespread disruption. The company paid a $22m (£16m) ransom to hackers.
Read more →North Korean Hackers Poison Mastra AI Framework - GovInfoSecurity
Open-source artificial intelligence framework Mastra has been compromised by North Korean hackers who planted infostealers, adding yet another ...
Read more →'Five Eyes' intelligence alliance warns that new AI models pose urgent cyber risk
By Raphael Satter WASHINGTON, June 22 (Reuters) - Cutting-edge artificial intelligence technology is poised to supercharge offensive hacking ...
Read more →
Big Cyber
87% of cybersecurity managers say quick compliance programs are actually increasing risk ...
Speed-focused compliance programs could help businesses get cybersecurity certifications quicker, but security professionals are skeptical if the ...
Read more →White House PQC order 'lights a fire' under post-quantum transition | Federal News Network
Cybersecurity experts are particularly concerned that U.S. adversaries could steal data today and decrypt using a quantum computer in the future ...
Read more →N.S.A. Lost Access to Powerful A.I. Model Amid Anthropic Dispute - The New York Times
A recent episode underscored the Trump administration's increasing reliance on advanced A.I. systems for cybersecurity even as it battles a ...
Read more →Dragos launches EmberAI to bring OT-native AI to industrial cybersecurity operations
Threat activity against critical infrastructure is accelerating. The OT cybersecurity skills needed to address these complex tactics and techniques .....
Read more →
Hard Tech
React2Shell (CVE-2025-55182)
A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically f...
Read more →Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer
We discovered three vulnerabilities that when chained together, allow for complete remote compromise:
Read more →Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This ...
Read more →Backdoor in XZ Utils allows RCE: everything you need to know - CVE-2024-3094
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgentl...
Read more →Loading...
The Cybersecurity Chronicles
‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.
Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.
Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.
Stay Updated with Cyber Security News
Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.
Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.