Hackers, dubbed “Scattered Spider”, are targeting insurance and financial enterprises with cloud service attacks to steal data and demand ransom. The hackers’ methods include searching services like GitHub for cloud access tokens accidentally left in source code by programmers. The stolen data is exfiltrated and a ransom demanded for its return. Admins can protect against such attacks by enabling multi-factor authentication (MFA) and ensuring staff can recognise phishing attempts.

Bitdefender GravityZone Console Flaw Let Attackers Execute Arbitrary Commands
A critical vulnerability (CVE-2025-2244) in Bitdefender GravityZone Console, with a CVSS score of 9.5, allows remote attackers to execute arbitrary commands due to insecure PHP