Romania’s National Oil Pipeline Joins a Growing Cyberattack list Romania’s national oil pipeline operator, Conpet, has disclosed that it suffered a cyberattack that disrupted its corporate IT systems and temporarily knocked its website offline, adding to a growing series of digital incidents affecting the country’s critical infrastructure.  In a statement issued on Wednesday, the company said the attack affected its business information systems but did not interfere with pipeline operations or its ability to meet contractual obligations.  Conpet operates almost 4,000 kilometres of pipelines, transporting domestically produced and imported crude oil, gasoline and other petroleum derivatives to refineries across Romania, making it a key component of the country’s energy infrastructure.  The firm sought to reassure customers and authorities that its core operational technologies were not compromised. Systems responsible for supervising and controlling pipeline flows, as well as telecommunications networks, continued to function normally throughout the incident.  As a result, the transport of crude oil and fuel through the national pipeline system was not disrupted. Conpet’s public website, however, remained inaccessible as recovery efforts were under way.  Conpet said it is investigating the breach in cooperation with national cybersecurity authorities and has notified Romania’s Directorate for Investigating Organised Crime and Terrorism, filing a formal criminal complaint.  The company has not provided details on how the attackers gained access or the specific techniques used, citing the ongoing investigation. Despite this lack of official confirmation, the ransomware group Qilin has claimed responsibility for the attack.  The group has listed Conpet on its dark web leak site and alleges it exfiltrated close to one terabyte of data from the company’s systems.  To support its claim, Qilin published a selection of images said to show internal documents, including financial information and scans of passports. Qilin emerged in 2022 as a ransomware-as-a-service operation, initially operating under the name Agenda.  Since then, it has built a long list of alleged victims across the world, targeting private companies and public institutions alike. Such groups typically combine data theft with extortion, threatening to publish stolen material unless a ransom is paid.  The attack on Conpet follows a spate of ransomware incidents in Romania over the past year. Water authorities, major energy producers, electricity distributors and dozens of hospitals have all reported disruptive cyberattacks.  Together, these cases underline a persistent weakness in the corporate IT systems that support essential services, even when industrial control networks are kept separate. 

Romania’s National Oil Pipeline Joins a Growing Cyberattack list #CybersecurityAttack #datathreat #RomaniaNationalOilPipeline

Zscaler Confirms Data Breach Linked to Salesloft Drift Supply-Chain Attack  Cybersecurity firm Zscaler has revealed it suffered a data breach after attackers exploited a compromise in Salesloft Drift, an AI-driven Salesforce integration tool. The incident is part of a larger supply-chain attack in which stolen OAuth and refresh tokens were leveraged to gain unauthorized access to Salesforce environments across multiple organizations.  Zscaler confirmed that its Salesforce instance was one of the targets, resulting in the exposure of sensitive customer details. According to the company, the information accessed by threat actors included customer names, job titles, business email addresses, phone numbers, and geographic details. In addition, data related to Zscaler product licensing, commercial agreements, and content from certain support cases was also stolen.  While Zscaler has not disclosed the number of affected customers, it emphasized that the breach was limited to its Salesforce system and did not compromise any of its products, services, or underlying infrastructure.  The company stated that the unauthorized data access primarily took place between August 13 and 16, 2025, with some attempts occurring earlier. Although Zscaler has not detected any misuse of the stolen data, it has urged its customers to remain cautious of phishing emails and social engineering campaigns that could exploit the compromised information.  In response to the incident, Zscaler has taken several steps to mitigate risks, including revoking all Salesloft Drift integrations with Salesforce, rotating API tokens across its systems, and implementing stricter customer authentication protocols when handling support requests.  An internal investigation into the full scope of the breach is ongoing. The attack has been linked to a campaign attributed to the threat group UNC6395, which was previously flagged by Google Threat Intelligence. This group is believed to have targeted Salesforce support cases to collect highly sensitive credentials such as AWS access keys, passwords, and Snowflake tokens.  Google researchers also noted that the attackers attempted to cover their tracks by deleting query jobs, although audit logs remained available for review. The compromise of Salesloft Drift has had wide-reaching consequences across the SaaS ecosystem, impacting companies including Google, Cisco, Workday, Adidas, Qantas, Allianz Life, and LVMH subsidiaries.  In many of these cases, attackers used vishing tactics to trick employees into authorizing malicious OAuth applications, enabling large-scale data theft later exploited in extortion schemes.  Both Google and Salesforce have since suspended their Drift integrations while investigations continue. Security experts warn that this incident highlights the growing risks of supply-chain attacks and the urgent need for stronger oversight of third-party integrations.

Zscaler Confirms Data Breach Linked to Salesloft Drift Supply-Chain Attack #CybersecurityAttack #DataBreach #DataTheft

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing XinXin gang (also known as Black Technology) read more about Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing.

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing reconbee.com/lucid-phaas-...

#Lucid #PhaaS #imessage #RCSsmishing #cyberattack #CyberSecurity #CybersecurityAttack #CyberSec

Pennsylvania Education Union Alerts Over 500,000 Individuals of Data Breach   The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying more than half a million individuals that their personal data was compromised in a cybersecurity breach that occurred in July 2024. Representing over 178,000 education professionals—including teachers, support staff, higher education employees, nurses, retirees, and future educators—PSEA disclosed the breach in letters sent to 517,487 affected individuals. "PSEA experienced a security incident on or about July 6, 2024, that impacted our network environment," the organization stated in its notification. "Through a thorough investigation and extensive review of impacted data, which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network." Types of Stolen Data The stolen information varies by individual and includes sensitive personal, financial, and health-related details. This may include: * Driver’s license or state ID numbers * Social Security numbers * Account PINs and security codes * Payment card details * Passport information * Taxpayer identification numbers * Online credentials * Health insurance and medical records In response to the breach, PSEA is offering free credit monitoring and identity restoration services through IDX for those whose Social Security numbers were affected. Eligible individuals must enroll by June 17, 2025. The union also advised affected individuals to monitor their financial statements, review credit reports for suspicious activity, and consider placing a fraud alert or security freeze on their credit files. Although PSEA has not directly attributed the attack to a specific threat group, the Rhysida ransomware gang took responsibility for the breach on September 9, 2024. The cybercriminals reportedly demanded a 20 BTC ransom and threatened to leak stolen data if their demands were not met. While it remains unclear if PSEA complied with the ransom request, Rhysida has since removed the stolen data from its dark web leak site. Rhysida, a ransomware-as-a-service (RaaS) group, first emerged in May 2023 and has been linked to several high-profile cyberattacks. Notable incidents include breaches at the British Library, the Chilean Army, and Sony subsidiary Insomniac Games. In November 2023, the group leaked 1.67 TB of documents after Insomniac refused to pay a $2 million ransom. More recently, Rhysida affiliates targeted Lurie Children’s Hospital in Chicago in February 2024, attempting to sell stolen data for 60 BTC (approximately $3.7 million at the time). Other victims include the Singing River Health System, which suffered a data breach affecting 900,000 individuals in August 2023, and the City of Columbus, Ohio, where 500,000 residents’ data was compromised in July 2024. Cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, have warned that Rhysida ransomware affiliates continue to launch opportunistic attacks across various industry sectors. Additionally, the U.S. Department of Health and Human Services (HHS) has linked the group to multiple cyberattacks targeting healthcare institutions.

Pennsylvania Education Union Alerts Over 500,000 Individuals of Data Breach #CybersecurityAttack #DataBreach

SSuite Office - Software Made Simple and Free We provide safe and trusted free software and office suites for daily use. Get Our Free Office Suites and Productivity Software for download now. Free downloads with no strings attached. No Java or D...

~

Kicking Ass and Taking Names... 🔥🕵️‍♂️🦹

Stopping the bad guys with Cloudflare:

433,319 malicious requests blocked or challenged in the last month against our website! 🥳 🤨 😏

www.ssuiteoffice.com

#cloudflare #CyberSecurity #CybersecurityAttack #CyberSec #NewsUpdate #News #EntertainmentNews

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip.  The group has been active since at least 2012, targeting government,…

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations #cyberattackstrendingnews #CybersecurityAttack #malware

Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone Linux kernel was made available read more about Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone reconbee.com/amnesty-find...

#amnesty #androidphone #serbian #ZeroDay #CyberSecurity #CybersecurityAttack #cybersec

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language such data to assist you in navigating read more about Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language reconbee.com/mozilla-upda...

#mozilla #mozillafirefox #backlash #CybersecurityAttack #CyberSecurity #CyberSec

Lending App Data Breach Leaves Sensitive Customer Information Unprotected  A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue…

Lending App Data Breach Leaves Sensitive Customer Information Unprotected #CyberSecurity #CyberThreats #CybersecurityAttack

Beware of Fake Viral Video Links Spreading Malware  McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content.  Once a user…

Beware of Fake Viral Video Links Spreading Malware #CybersecurityAttack #malware #News

Botnet targets Basic Auth in Microsoft 365 password spray attacks sign-in monitoring are unaware of these threats read more about Botnet targets Basic Auth in Microsoft 365 password spray attacks

Botnet targets Basic Auth in Microsoft 365 password spray attacks reconbee.com/botnet-targe...

#botnet #Microsoft #microsoft365 #passwordsprayattacks #password #cybersecurity #CybersecurityAttack

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer Base64-encoded C2 domain on a certain page read more about New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer reconbee.com/new-malware-...

#malware #malwarecampaign #Lumma #ACRstealer #cyberattack #CybersecurityAttack

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack unspecified address read more about Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack reconbee.com/bybit-confir...

#Bybit #BybitHacker #CryptoScam #cryptocurrency #CryptoTrading #cybersecurity #CybersecurityAttack

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication malicious exploitation read more about Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication reconbee.com/juniper-sess...

#Juniper #smartrouters #vulnerability #bypassauthentication #bypass #CyberSecurityAwareness #CybersecurityAttack

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks creating a SQL injection using read more about PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks reconbee.com/postgresql-v...

#PostgreSQL #vulnerabilities #zeroday #cyberattack
#vulnerability #CybersecurityAttack