Mango has become the latest retailer to face a cyber-attack, where “limited” shopper data was stolen from one of its external marketing services.
The fashion chain, which recently reported a sales boost, told customers that data “accessed” by hackers was limited to personal contact details used in its marketing campaigns. This included email addresses, country, first names, telephone numbers and postal addresses. It added that unauthorised access was made via a third-party supplier, based in Spain.
Read more…
Source: Retail Gazette News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- React2Shell RCE flaw exploited by Chinese hackers hours after disclosure
December 8, 2025
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for the Chinese government. Late last week, the React team published a security advisory detailing a pre-authentication ...
- AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
December 8, 2025
Hunting high-impact, advanced malware is a difficult task. It becomes even harder and more time-consuming when defenders focus on low-detection or zero-detection samples. Every day, a huge number of files are sent to platforms like VirusTotal, and the relevant ones often get lost in all that noise. Identifying malware with low or no detections is ...
- How phishers hide banking scams behind free Cloudflare Pages
December 8, 2025
During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don’t just grab a username and password–they also ask for answers to secret questions and other “backup” data that attackers can use to bypass multi-factor ...
- Poland detains three Ukrainians over possession of hacking equipment
December 8, 2025
A Polish court has ordered three Ukrainian nationals held on charges of computer fraud and possessing hardware and software designed to commit crimes, including a suspected attempt to damage IT data deemed crucial to national defence. The three men, aged 43, 42 and 39, were detained after a roadside check in Warsaw, Polish state news agency ...
- New Prompt Injection Attack Vectors Through MCP Sampling
December 5, 2025
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. We show that, without proper safeguards, malicious MCP servers can exploit the sampling feature for ...
- International takedown of cryptocurrency fraud network laundering over EUR 700 million
December 4, 2025
The final actions in a sweeping international operation have successfully dismantled a large-scale cryptocurrency fraud and money laundering network that had laundered over EUR 700 million. Coordinated across multiple jurisdictions, these actions, carried out last month and earlier this week, mark the culmination of years of investigation and the effective disruption of a criminal operation ...