MathWorks confirms ransomware attack, Adidas has data breach, Dutch intelligence warns of cyberattack
Today on CISO Series...
In today’s cybersecurity news…
MathWorks, Creator of MATLAB, Confirms Ransomware Attack
MathWorks confirmed a ransomware attack that disrupted its IT systems and multiple customer-facing applications, including MATLAB Mobile and Cloud Center. The company hasn’t disclosed which group was behind the attack or whether any data was stolen, but says it’s working with cybersecurity experts and law enforcement. Some services have been restored, others remain offline.
Adidas warns of data breach after customer service provider hack
Adidas disclosed a data breach after attackers accessed customer contact information via a hacked third-party customer service provider. The company says no payment data or passwords were stolen and is notifying affected customers and authorities. Details such as the provider’s name and scope of impact remain undisclosed.
Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack
Dutch intelligence agencies say a Kremlin-linked hacking group, dubbed “Laundry Bear,” stole Dutch police data in a 2023 cyberattack and is actively targeting EU and NATO nations supporting Ukraine. The group reportedly seeks intelligence on Western weapons production and deliveries to Kyiv. The breach exposed work contact details for all Dutch police officers. The Netherlands joins the U.S. and France in attributing recent cyberattacks to Russian military-linked hackers.
Researchers detail an exploit in GitHub’s official MCP server that lets hackers trick an LLM agent into leaking private information about the MCP user
Security researchers Marco Milanta and Luca Beurer-Kellner discovered a prompt injection exploit in GitHub’s Model Context Protocol that lets LLMs access and leak private repository data. The attack involves submitting a malicious issue to a public repo, tricking the LLM into exposing private repo names from a pull request. Because GitHub’s MCP grants LLMs access to private data, with read/write issues, and ability to submit PRs, it combines all elements needed for a successful exfiltration attack. Researcher Simon Willison warns users to approach MCP with caution.
Huge thanks to our sponsor, ThreatLocker
Mandiant flags fake AI video generators laced with malware
Mandiant and Google Cloud have identified a Vietnam-linked group, UNC6032, running a large-scale malware campaign by posing as providers of AI video generation tools like Luma AI and Canva Dream Lab. Since mid-2024, the group has reportedly used fake ads and websites to lure victims on Facebook and LinkedIn, then deploy infostealers and backdoors. Targets include creators and small businesses enticed by the AI video trend. Meta assisted the investigation, which found thousands of fake ads tied to over 30 malicious sites. UNC6032’s operations show no clear state affiliation.
Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years
An Iranian national, Sina Gholinejad (aka “Sina Ghaaf”), pleaded guilty to deploying RobbinHood ransomware between 2019 and 2024, targeting U.S. cities, hospitals, and nonprofits. Victims included Baltimore, Greenville, and Meridian Medical Group. The group used stolen admin credentials, VPNs, and a vulnerable Gigabyte driver to disable antivirus software. Then demanded Bitcoin ransoms via Tor and escalated to data theft for added pressure. Gholinejad faces up to 30 years in prison for conspiracy, computer intrusion, extortion, and money laundering.
Google researchers found that cracking RSA encryption—the same tech that secures crypto wallets—needs way fewer quantum resources than anyone thought.
Google says it’s figured out how to crack RSA encryption with a quantum computer using 20x fewer resources than previously estimated. In a new paper, researcher Craig Gidney claims a 2048-bit RSA key—used in banking and crypto wallets—could be broken in under a week using fewer than a million noisy qubits. Bitcoin still relies on similar cryptography. Google credits algorithm and error correction improvements.
(Decrypt)
Memo: nearly all of CISA’s top leaders, including heads of five of its six operational divisions and six of 10 regional offices, have left or are leaving in May
Several senior officials at CISA have recently left or are planning to leave, according to The Washington Post. The departures follow a rocky period under the Trump administration, which included efforts to shut down election security initiatives and nearly allowing the CVE vulnerability program to lapse.
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, YouTube, RSS link, Amazon Music, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.