Explore

Rapid Read Rapid Read
FBI Warns of Russia-Linked Extortion Gang Targeting U.S. Law Firms

FBI Warns of Russia-Linked Extortion Gang Targeting U.S. Law Firms

The FBI has issued a warning about the Silent Ransom Group (SRG), a Russia-linked extortion gang that has been infiltrating U.S. law firms to steal client data. The group, which emerged from the Conti ransomware syndicate in 2022, uses operatives to physically insert USB drives into computers at law firms. These drives are used to exfiltrate files via tools like WinSCP or Rclone, with data being staged on platforms such as Google Drive or Microsoft OneDrive. The SRG does not deploy ransomware but instead threatens to publish stolen files on its data leak site, pressuring victims for payment. The FBI advises organizations to disable external drive connections, block port 22, require phishing-resistant multifactor authentication, and verify IT support credentials.
Rapid Read Rapid Read
Trump Mobile Data Breach Exposes Customer Information

Trump Mobile Data Breach Exposes Customer Information

Trump Mobile has confirmed a data breach that exposed customer information, including names, addresses, email addresses, and phone numbers. The breach was attributed to a third-party platform provider responsible for the exposure. This incident is part of a broader cybersecurity landscape where vulnerabilities and breaches are increasingly common. The breach highlights the ongoing challenges companies face in securing customer data against unauthorized access and cyber threats.
Rapid Read Rapid Read
UK Visa Portal's Data Breach Sparks Legal and PR Response Instead of Immediate Fix

UK Visa Portal's Data Breach Sparks Legal and PR Response Instead of Immediate Fix

The UK Visa Portal, a non-governmental website, exposed thousands of passports and selfies of applicants who mistakenly used the site for UK visa applications. TechCrunch reported that the site stored over 100,000 sensitive documents in an unprotected Amazon cloud storage bucket. Despite the exposure, the company did not immediately address the security lapse but instead engaged lawyers and PR firms. The data was eventually secured, but the company's lack of direct response raises questions about its handling of the breach. The incident is part of a broader trend of companies exposing sensitive data due to misconfigurations rather than cyberattacks.
Rapid Read Rapid Read
Carnival Cruise Faces Data Breach Impacting 6 Million Customers

Carnival Cruise Faces Data Breach Impacting 6 Million Customers

Carnival Corporation, the parent company of Carnival Cruise, has experienced a significant cybersecurity breach affecting nearly 6 million customers. The breach, led by the hacker group ShinyHunters, resulted in the unauthorized access and copying of sensitive personal information, including names, addresses, email addresses, phone numbers, dates of birth, and passport numbers. The breach was identified on April 14, 2026, but customers were only notified over a month later. Carnival has faced criticism for the delay in notification and the limited offer of two years of complimentary credit monitoring as compensation. The company has a history of data breaches and technical glitches, raising concerns about its cybersecurity measures.
Trendline Trendline
Carnival Corporation Discloses Cybersecurity Breach Affecting Millions

Carnival Corporation Discloses Cybersecurity Breach Affecting Millions

Carnival Corporation Discloses Cybersecurity Breach Affecting Millions
Rapid Read Rapid Read
Pay Tel Security Lapse Exposes Over 300,000 Callers' Driver's Licenses

Pay Tel Security Lapse Exposes Over 300,000 Callers' Driver's Licenses

A significant security lapse at Pay Tel, a prison calling service, has resulted in the exposure of over 300,000 driver's licenses and other sensitive information. According to cybersecurity firm UpGuard, a Microsoft Azure-hosted storage server managed by Pay Tel was found to be publicly accessible without a password, allowing anyone on the internet to access the data. The exposed information includes scans of driver's licenses and other government-issued identity documents required for users to sign up for Pay Tel's services. Additionally, inmate communications such as text messages, handwritten notes, and financial records were also compromised. This incident marks the second known security breach for Pay Tel in recent years, following a ransomware attack in June 2025. Despite being alerted to the issue on May 7, Pay Tel has not publicly acknowledged the breach or indicated whether it will notify affected individuals or comply with U.S. state data breach notification laws.
Trendline Trendline
Carnival Corp Discloses Data Breach Affecting Personal Information

Carnival Corp Discloses Data Breach Affecting Personal Information

Carnival Corp Discloses Data Breach Affecting Personal Information
Rapid Read Rapid Read
FBI Warns of Silent Ransom Group's New Tactics Targeting Law Firms

FBI Warns of Silent Ransom Group's New Tactics Targeting Law Firms

The FBI has issued a warning about the Silent Ransom Group (SRG), an extortion gang that has been targeting U.S. law firms since at least 2023. The group employs sophisticated tactics, including impersonating IT support to gain access to sensitive data. SRG uses phishing emails and social engineering calls to trick employees into granting remote access to their systems. If these attempts fail, they send operatives in person to insert USB drives into computers, facilitating data exfiltration. The group then extorts victims by threatening to sell or publish the stolen data online. The FBI advises organizations to verify credentials, limit data access, and implement multi-factor authentication to prevent such attacks.
Rapid Read Rapid Read
UK Visa Portal Data Breach Exposes Thousands of Passport Details

UK Visa Portal Data Breach Exposes Thousands of Passport Details

The UK Visa Portal, a non-governmental website, has exposed thousands of passport details and selfies of visa applicants due to a misconfiguration in an Amazon cloud storage bucket. This breach, affecting at least 100,000 documents, was discovered by TechCrunch after being tipped off by an anonymous source. The website, often mistaken for an official UK government site, stored sensitive documents in an unprotected state, allowing anyone with the direct URL to access the files. Despite the exposure, the company has not fixed the issue but instead hired lawyers and PR firms to handle the situation. The breach highlights the risks associated with using unofficial portals for sensitive transactions.
Rapid Read Rapid Read
FBI Warns of Hackers Using In-Person Tactics to Steal Data from U.S. Law Firms

FBI Warns of Hackers Using In-Person Tactics to Steal Data from U.S. Law Firms

The FBI has issued a warning about the Silent Ransom Group (SRG), a cybercriminal organization that has been targeting U.S. law firms by impersonating IT support staff. The group uses phishing emails and social engineering tactics to gain access to sensitive data. If these attempts fail, they send operatives in person to insert USB drives into computers to exfiltrate data. The SRG has been active since at least 2022, and their recent campaigns have left few traces on compromised systems, making detection difficult. The FBI advises organizations to verify credentials, limit data access, and train employees to recognize phishing attempts.
Rapid Read Rapid Read
Fraudulent FIFA Domains Target 2026 World Cup Fans

Fraudulent FIFA Domains Target 2026 World Cup Fans

A significant fraud operation involving over 4,300 fake domains impersonating FIFA's official website has been identified, targeting fans of the 2026 FIFA World Cup. According to Group-IB, the operation involves six fraud schemes and four independent threat actors. The domains, many of which are dormant, are poised to activate as the World Cup approaches. The operation's central actor, Ghost Stadium, is described as a Chinese-speaking group using phishing domains to replicate FIFA's website. These sites use official FIFA logos and images to appear legitimate, with paid Facebook ads driving traffic to them.
Rapid Read Rapid Read
FBI Alerts Law Firms to Silent Ransom Group's Unique Data Theft Tactics

FBI Alerts Law Firms to Silent Ransom Group's Unique Data Theft Tactics

The FBI has issued a warning to U.S.-based law firms about the Silent Ransom Group, a cybercrime organization known for its unique approach to data theft. This group, believed to operate from Russia, targets law firms by impersonating IT support and, in some cases, physically visiting victims to gain access to computers. Unlike typical ransomware groups, Silent Ransom Group does not use encryption but relies on social engineering and in-person tactics to steal data. The group has been active since 2022 and has claimed responsibility for over 100 attacks, with a noticeable increase in activity recently.