A hacktivist group has claimed to have broken into systems belonging to the US Department of Homeland Security (DHS) and exposed sensitive files online.
The group, with the self-awarded name “The Department of Peace”, stole data from the Office of Industry Partnership that contained contracts between DHS, Immigration and Customs Enforcement (ICE), and over 6,000 private companies. Among the companies contracted to work alongside DHS and ICE were Anduril, L3Harris, Raytheon, Palantir, Microsoft, and Oracle.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing
October 16, 2025
In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware. This sudden drop appears to align with a targeted underground exposure campaign that has ...
- The Rising Threat of Insider Recruitment in Ransomware Campaigns
October 15, 2025
In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a different route: persuading someone on the inside to hand over the keys. ...
- UK: Outsourcing firm Capita fined £14m after millions had data stolen
October 15, 2025
The UK’s data watchdog has fined outsourcing firm Capita £14m after the personal data of 6.6 million people was stolen in a cyber-attack. The Information Commissioner’s Office (ICO) said Capita “failed to ensure the security of processing of personal data which left it at significant risk”. The fine was originally set at £45m but reduced after ...
- Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
October 15, 2025
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...
- Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
October 15, 2025
TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...
- 23 million records leaked in Vietnam Airlines–linked data breach
October 14, 2025
Vietnam Airlines has confirmed that some customers’ personal information, including full names, email addresses and phone numbers, was exposed in a recent data breach linked to its technology partner’s online customer service platform. In an email sent to customers on Oct. 14, the national carrier said it was alerted after hackers uploaded 23 million customer records ...