Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Checkpoint Research, Malwarebytes Labs
TL;DR
This week saw significant corporate data breaches at Starbucks and Telus Digital, alongside the emergence of AI-generated Slopoly malware used in ransomware attacks. Critical vulnerabilities in Veeam backup software and an Android lock screen bypass vulnerability highlight ongoing infrastructure security challenges.
Multiple critical RCE vulnerabilities in Veeam backup software combined with large-scale corporate breaches affecting hundreds of thousands of users warrants high severity classification.
Starbucks disclosed a data breach affecting hundreds of employees after threat actors gained unauthorized access to Starbucks Partner Central accounts. The incident compromised employee personal information stored within the partner portal system. The coffee giant has initiated security measures and is working with affected employees to secure their accounts.
Canadian retail giant Loblaw notified customers of a security incident that prompted the company to automatically log out all users from their digital accounts. As a precautionary measure, customers must re-authenticate to access Loblaw's digital services. The company has not disclosed the full scope of potentially compromised data.
England Hockey confirmed it is investigating a potential data breach after the AiLock ransomware group listed the organization as a victim on its leak site. The governing body for field hockey in England has not yet confirmed the extent of any data compromise or operational impact.
Researchers identified a new malware strain dubbed Slopoly, believed to be generated using AI tools, deployed in an Interlock ransomware attack. The malware allowed threat actors to maintain persistence on a compromised server for over a week, facilitating data exfiltration before encryption. This represents an evolution in AI-assisted malware development.
Veeam Software addressed multiple critical vulnerabilities in its Backup & Replication solution, including four remote code execution flaws. The vulnerabilities could allow attackers to compromise backup infrastructure, potentially disrupting recovery operations. Organizations using Veeam products should prioritize applying the available patches.
U.S. and European law enforcement agencies disrupted the SocksEscort cybercrime proxy network, which leveraged compromised Linux edge devices infected with AVRecon malware. The network provided proxy services to cybercriminals for various malicious activities. The operation demonstrates continued international cooperation in dismantling cybercrime infrastructure.
Google's Vulnerability Reward Program paid out over $17 million to 747 security researchers in 2025, highlighting the continued value of coordinated vulnerability disclosure programs. The substantial payouts reflect both the volume and severity of security issues identified in Google's products and services.
Telus Digital confirmed a security incident after threat actors claimed to have stolen nearly 1 petabyte of data during a multi-month breach. The Canadian business process outsourcing company is investigating the scope and impact of the compromise, which could affect numerous client organizations.
Flare research revealed how cybercriminals monetize stolen airline miles and loyalty points, converting them into discounted travel bookings for resale. The underground market treats loyalty program credentials as tradable commodities, highlighting the broader value of seemingly non-financial account credentials.
Security researchers documented account takeover attacks against Signal users, particularly targeting government officials and journalists. The attacks exploit social engineering tactics rather than platform vulnerabilities, emphasizing the importance of user awareness in maintaining secure communications.
Check Point Research published detailed analysis of Handala Hack (Void Manticore), an Iranian threat actor conducting destructive wiping attacks combined with hack-and-leak operations. The group maintains multiple online personas, with Homeland Justice being the most prominent since mid-2022.
Malwarebytes Labs identified a campaign using fake $TEMU cryptocurrency airdrops to distribute malware via ClickFix social engineering techniques. Victims are tricked into executing malicious code that installs a remote access backdoor, demonstrating continued evolution in cryptocurrency-themed lures.
Researchers demonstrated an Android vulnerability allowing lock screen bypass in under 60 seconds. The attack enables extraction of encryption keys, PIN recovery, and access to sensitive device data. The technique affects certain Android configurations and highlights mobile security implementation challenges.
Cisco Talos published commentary on allyship in cybersecurity, emphasizing awareness as the first step in addressing industry challenges. The piece discusses the importance of recognizing and addressing systemic issues within the security community.
Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Checkpoint Research, Malwarebytes Labs