What's Hot
What happened? Initial investigation indicates that approximately 6–7% of registered users — estimated at about 108,000 to 126,000 people — may have been affected by this breach. Data at risk Response and investigation Extortion and threat activity
The beginning of a new year brings a major shift in digital activity. New accounts are created, old ones are closed, systems are updated, access rights change, and people start using new devices and services. This transition period changes how digital risks appear and how protection systems respond. Understanding this shift helps explain why the first weeks of a new year are important for digital security. 1. What Changes Digitally at the Start of a New Year At the start of a new year: This creates a lot of legitimate system changes — which makes it harder to distinguish between…
Two former cybersecurity professionals in the United States have pleaded guilty in a federal court to conspiring with a ransomware group involved in cyber extortion attacks against American companies. The individuals admitted to participating in activities that helped deploy ransomware, encrypt victim networks, and demand ransom payments from targeted organizations. As part of the criminal case, both individuals now face potential prison sentences of up to 20 years each under U.S. federal law. Sentencing is scheduled to take place in 2026. The case is being treated as a significant enforcement action against individuals involved in cybercrime, particularly due to the…
The Delhi High Court has issued a directive making electronic Know Your Customer (e-KYC) verification mandatory for all domain name registrations in India. The court ordered that domain registrars must verify the identity of every registrant before activating a domain name and must not allow anonymous or unverified registrations. The directive also states that privacy masking of domain ownership details cannot be enabled by default and may only be applied after identity verification has been completed. Registrars have been instructed to maintain accurate and verified registrant data and to share updated records with the National Internet Exchange of India on…
The European Space Agency (ESA) has publicly confirmed a cybersecurity breach that affected a limited number of servers outside its core corporate network, marking one of the most significant data security incidents in the aerospace sector this year. According to official statements released by ESA and corroborated by independent cybersecurity reporting, an unauthorized actor gained access to servers supporting collaborative science projects. The agency clarified that the affected systems were not part of mission-critical infrastructure and that there is no current indication of impact on active space missions. Preliminary forensic analysis suggests that the breach was detected following unusual activity…
As digital systems continue to grow in complexity, having the right cybersecurity resources becomes essential. Whether you are a security professional, a system administrator, or a business owner, access to reliable tools and reference frameworks helps improve security posture and response readiness. This resource guide lists key categories of cybersecurity tools and knowledge areas that are relevant at the end of 2025. 1. Network and Infrastructure Security These tools focus on visibility and protection of networks and servers. These resources help detect abnormal activity, misconfigurations, and potential intrusions. 2. Endpoint and Device Protection Endpoints are one of the most targeted…
India has notified the Digital Personal Data Protection Rules, 2025, bringing into force the enforcement and penalty framework under the Digital Personal Data Protection Act, 2023. The Rules empower the Data Protection Board of India to examine violations of the Act and impose financial penalties on entities that fail to comply with legal obligations related to personal data protection. Serious violations — including failure to implement required security safeguards, failure to report data breaches, or violation of core compliance requirements — can attract penalties of up to ₹250 crore. Other categories of non-compliance, such as procedural failures related to consent,…
At the end of the year, digital activity increases sharply across the world. People shop online, send holiday messages, reset passwords, update systems, and close business accounts. This high level of online movement creates patterns that cybercriminals often try to exploit. Understanding how attacks happen and how systems protect themselves helps individuals and organizations reduce risk. This article explains the most common year-end cyber attack patterns and the protection mechanisms used to stop them. 1. Why Year-End Periods Attract Cyber Attacks The final weeks of the year involve: This creates noise and urgency, which attackers rely on. Attackers do not…
New York State has enacted a new cybersecurity-focused procurement law that restricts the technology products state and local government agencies are allowed to purchase. The law requires the State Chief Information Officer to create and maintain a list of technology products and vendors that government agencies are prohibited from buying due to cybersecurity and national security risks. The restrictions primarily apply to technology supplied by companies that may be subject to foreign government control or data-sharing obligations, which lawmakers said could pose risks to sensitive government information. Under the law, state and municipal agencies must avoid purchasing any product placed…
A data breach affecting a subcontractor linked to South Korean airline Korean Air has been disclosed, involving unauthorized access to internal employee records. According to company statements and regulatory disclosures, the incident occurred after attackers exploited vulnerabilities in systems operated by KC&D Service, a former in-flight catering subsidiary now owned by a private equity firm. Preliminary investigations indicate that approximately 30,000 employee records were accessed, including names, bank account details, and internal employment identifiers. Korean Air said that no customer data was affected and the exposure was limited to internal employee information. The airline confirmed that cybersecurity specialists and forensic…