Human error causes alarming rise in cybersecurity breaches in SA

Human error is the leading cause of cybersecurity breaches in South Africa, with at least 34.5 million accounts breached in the first quarter of 2024. Experts emphasize the importance of creating a culture of cyber awareness, strengthening IT infrastructure, and maintaining stringent internal governance to mitigate risk. Small businesses, particularly vulnerable to attacks due to limited resources, are urged to prioritize cybersecurity basics and educate employees about evolving threats.

Blue Shield Leaked Millions of Patient Info to Google for Years

Blue Shield of California exposed the health data of 4.7 million members to Google for nearly three years due to a misconfigured Google Analytics setup. The exposed information included insurance plan details, search terms, and medical service information, but not sensitive personal data like SSNs. Blue Shield halted the connection and is reviewing security procedures to prevent similar incidents.

Hackers Claim TikTok Breach, Leak Over 900,000 Usernames and Passwords

A hacker collective, R00TK1T, claims to have breached TikTok’s user database, leaking login information for over 900,000 users and deleting accounts. TikTok is investigating the claims but has not found evidence of a breach. Cybersecurity analysts urge caution, as R00TK1T has a history of exaggerating their exploits.

‘Data leak fatigue’ may cause decreased awareness of data breaches

Frequent data breaches may lead to “data leak fatigue,” causing people to ignore warnings. Experts advise assuming data has been compromised and taking proactive steps to protect oneself, such as rethinking shared information, using multi-factor authentication, and verifying communication from organizations.

European manufacturing data breaches up 90% - report - The Manufacturer

European manufacturers experienced a 90% increase in data breaches over the past year, with espionage-motivated actors responsible for 20% of breaches. The report highlights the need for smaller companies to prioritize cyber risk, as 90% of breached organizations were SMBs.

AI impact on data breach outcomes remains ‘limited’: Verizon | Cybersecurity Dive

Despite the doubling of AI-generated text in malicious emails, the rate of successful phishing breaches remains stable, according to Verizon’s Data Breach Investigations Report. While traditional attacks like exploiting software vulnerabilities are more prevalent, IT leaders should adapt protocols and upskill teams to address AI’s risks.

Microsoft Purges Millions of Cloud Tenants After Storm-0558

Microsoft is enhancing Entra ID and MSA security as part of its Secure Future Initiative (SFI), launched after a breach by the Chinese APT Storm-0558. The company has removed millions of inactive Azure cloud tenants, migrated resources to Azure Resource Manager, and inventoried 99% of its network assets. While progress is being made, security experts note that more needs to be done to fully implement SFI and protect against future threats.

DeepSeek Breach Opens Floodgates to Dark Web

The DeepSeek security breach exposed sensitive user data and proprietary information, highlighting vulnerabilities in AI systems. The exposed data, including chat histories and API keys, is highly valuable on the Dark Web, posing risks of identity theft, fraud, and competitive advantage for attackers. Organizations must prioritize AI security, focusing on external exposures, comprehensive discovery, continuous testing, and risk-based prioritization to protect against the growing threat landscape.

All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack - SecurityWeek

A new attack technique, Policy Puppetry, can bypass the safety guardrails of major generative AI models. By crafting prompts as policy files, attackers can override instructions and produce harmful outputs. The technique was successfully tested against various AI models, highlighting the need for additional security tools.

A new version of Triada spreads embedded in the firmware of Android devices | Securelist

The Triada Trojan has evolved to embed a sophisticated multi-stage loader directly into Android device firmware, enabling it to infect the Zygote process and compromise every application. The Trojan’s modular architecture allows attackers to tailor functionality to specific applications, including cryptocurrency wallet address modification, link replacement, text message interception, and credential theft. The infection chain involves a malicious dependency in the boot-framework.oat, which loads three modules, including an auxiliary module, a backdoor, and a crypto stealer or dropper, depending on the running application.

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells, enabling unauthorized file uploads and code execution. The vulnerability, tracked as CVE-2025-31324, allows attackers to upload malicious files without authorization. This follows previous warnings about active exploitation of other high-severity NetWeaver flaws.

South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days - SecurityWeek

At least six South Korean organizations across various industries were targeted in a recent campaign by the North Korean APT Lazarus, dubbed Operation SyncHole. The campaign combined watering hole attacks with the exploitation of vulnerabilities in software commonly used by South Korean companies, including Cross EX and Innorix Agent. Kaspersky identified the malware used in the attacks and notified KrCERT, leading to the release of patches for the exploited bugs.

Phishing Kit Darcula Gets Lethal AI Upgrade

The Darcula phishing-as-a-service platform, which powers global SMS-based smishing attacks, has recently added artificial intelligence capabilities. This upgrade makes it easier for even novice hackers to create customized smishing scams, targeting niche and regional brands that were previously ignored. The platform’s user-friendly interface and AI-generated phishing forms in any language pose a significant threat, making it crucial for organizations to adopt dynamic, behavior-based approaches to detect these attacks.

Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy - SecurityWeek

The 2025 Verizon Data Breach Investigations Report (DBIR) reveals a mature cyber threat economy, with infostealers and ransomware operating as part of a coordinated threat supply chain. Vulnerability exploitation, particularly of edge and VPN devices, is on the rise, fueled by automation and rapid weaponization of zero-days. Third-party involvement in breaches has doubled, underscoring the fragility of modern supply chains and the blurred lines of accountability.

Vehicles Face 45% More Attacks, 4 Times More Hackers

Security incidents in the automotive and mobility industries rose nearly 50% in Q1 2025, with ransomware attacks against OEMs and compromised electric vehicle chargers being the primary concerns. The number of threat actors targeting this industry has quadrupled in the past year, highlighting the growing potential for cyber threats.

The Good, the Bad and the Ugly in Cybersecurity - Week 17

AI is helping security teams detect and respond to sophisticated intrusions in real time. Russia-linked actors are exploiting Microsoft OAuth to target Ukrainian allies, compromising Microsoft 365 accounts through phishing URLs disguised as meeting links. The FBI reports cybercrime losses reached $16.6 billion in 2024, with cyber-based fraud accounting for almost 83% of all damages.

Hacks Targeting Cloud single Sign-On Rose in 2024

Hacks targeting cloud infrastructure rose significantly in 2024, with attackers exploiting misconfigurations and single sign-on features to deploy info stealers for data and credential theft. The rise in attacks is attributed to companies migrating to hybrid cloud environments without adequate security measures. Data theft was the primary objective in two-thirds of cloud incidents, with financial theft being the motive in 38% of attacks.

North Korean Hackers Use Russian IP Infrastructure

North Korean hackers, specifically those associated with the Void Dokkaebi intrusion set, are utilizing Russian IP addresses to carry out cybercrime activities. These activities include social engineering, malware deployment, and cryptocurrency theft, with the stolen funds supporting the North Korean regime and its weapons development. The FBI seized the domain of a front company used by the hackers, BlockNovas, as part of an international crackdown on North Korean cyberactors.

Yale New Haven Health Notifying 5.5 Million of March Hack

Yale New Haven Health System is notifying over 5.5 million patients of a March hack that compromised personal information, including Social Security numbers. The incident, the largest health data breach reported to the feds this year, did not impact patient care or involve financial information. The health system is offering complimentary credit monitoring and identity protection services.

55% of threat groups active in 2024 were financially motivated | Security Magazine

Mandiant’s latest report highlights a growing trend in financially motivated cyberattacks, with 55% of tracked threat groups in 2024 driven by profit—up from 52% in 2023. Exploits remained the top initial attack vector (33%) for the fifth straight year, while stolen credentials surged to second place (16%) for the first time. Other notable vectors included phishing (14%) and web compromises (9%). The most targeted sectors were financial services, business services, high tech, government, and healthcare. Alarmingly, 57% of breaches were first detected by external parties, including law enforcement, vendors, or the attackers themselves.

Zoom attack tricks victims into allowing remote access to install malware and steal money | Malwarebytes

A crime group called ELUSIVE COMET targets victims through Zoom video calls, tricking them into allowing remote control of their systems to install malware and steal assets. The group disguises remote control requests as coming from Zoom itself, exploiting rushed or distracted victims. To stay safe, avoid installing the Zoom app and use it in the browser, limiting its functionality.

FBI confirms $16.6 billion losses to cyber-crime in 2024 - Cybersecurity Insiders

The FBI’s 2024 Internet Crime Report reveals $16.6 billion in cybercrime losses, with fraud and ransomware being the primary threats. The elderly are particularly vulnerable due to limited digital literacy, making them targets for scams and phishing schemes. Experts urge increased awareness and proactive cyber hygiene, including skepticism of unsolicited links, protecting personal information, and enhancing account security.

Kelly Benefits Notifying Nearly 264,000 of Data Theft Hack

A data breach at Maryland-based Kelly Benefits has significantly expanded in scope, now affecting nearly 264,000 individuals—up from the 32,000 initially reported earlier this month. The December 2024 hack led to unauthorized access and exfiltration of sensitive personal data, including Social Security numbers, medical and financial information. The breach impacts clients such as CareFirst BlueCross BlueShield and Guardian Life, among others. Kelly Benefits has notified the FBI and is reviewing its security posture, while a federal class action lawsuit has been filed, alleging negligence and ongoing risks of identity fraud.

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

In Q1 2025, 159 CVEs were exploited in the wild, with 28.3% exploited within 24 hours of disclosure. The majority of exploited vulnerabilities were found in content management systems, network edge devices, and operating systems. Despite attackers’ efforts, defenders are improving at identifying compromises, with the global median dwell time decreasing to 11 days.

Third-party data breaches rise almost 50 percent | Prevalent

A new study from Prevalent shows a 49% increase in third-party data breaches year-over-year, with 61% of companies experiencing a breach in 2022. The report highlights the urgent need for improved third-party security, as companies rely on multiple tools and lack coordination, leaving supply chains vulnerable.