Hazy Hawk hijacked CDC and Deloitte subdomains via DNS flaws, flooding users with scams and malware.

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.
The malicious activity has been codenamed RedisRaider by Datadog Security Labs.
“RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,” security researchers Matt Muir and Frederic Baguelin said.
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.
SK Telecom is the largest mobile network operator in South Korea, holding roughly half of the national market.
On April 19, 2025, the company detected malware on its networks and responded by isolating the equipment suspected of being hacked.
While the documents refer to the education company only as “Victim-2” and the U.S. attorney’s office declined to name the victim, a person familiar with the matter told NBC News that it is PowerSchool. The hack of PowerSchool last year is believed to be the largest breach of American children’s sensitive data to date.
According to his plea agreement, Lane admitted obtaining information from a protected computer and aggravated identity theft and agreed not to challenge a prison sentence shorter than nine years and four months. He got access simply by trying an employee’s stolen username and password combination, the complaint says, echoing a private third-party assessment of the incident previously reported by NBC News.
A top 100 US bank just disclosed a data breach affecting the personal and confidential information of thousands of customers.
In a filing with the Office of the Maine Attorney General, Arkansas-based Arvest Bank says it’s warning 7,537 people after a technical glitch enabled unauthorized account access.
Japan on Friday enacted a new law that would permit the country’s authorities to preemptively engage with adversaries through offensive cyber operations to ensure threats are suppressed before they cause significant damage.
The new law, which was first mooted in 2022, is intended to help Japan strengthen its cyber defense “to a level equal to major Western powers” and marks a break from the country’s traditional approach to cyber defense, which had tracked closely to its Article 9 constitutional commitment to pacifism.
The new Active Cyberdefense Law mirrors recent reinterpretations of Article 9, providing Japan’s Self-Defence Forces with the right to provide material support to allies under the justification that failing to do so could endanger the whole of the country.
“Space weather can impact systems that use IT for critical functions and everyday processes,” James Spann, a senior scientist at the Office of Space Weather Observations at the U.S. National Oceanic and Atmospheric Administration’s (NOAA) National Environmental Satellite, Data, and Information Service (NESDIS) department, told Space.com in an email. “These space weather impacts can have the same symptoms as a cyberattack, where systems will be brought down, or lockup, or transmit erroneous information.”
NESDIS oversaw a tabletop space weather exercise conducted in May 2024, the first such drill testing the U.S. preparedness for a major solar storm. Results of the exercise, which brought together 35 US government agencies, were published in a report in April.
In one of the simulations during the exercise, NOAA and the U.S. Air Force reported a severe solar flare and radio burst, but another federal department or agency “reported contradictory information, suggesting that the radio and communications disruptions were possibly the result of a cyberattack,” according to the report. Above all, it showed the need for effective communication following such events.
Introducing Codex: a cloud-based software engineering agent that can work on many tasks in parallel, powered by codex-1. With Codex, developers can simultaneously deploy multiple agents to independently handle coding tasks such as writing features, answering questions about your codebase, fixing bugs, and proposing pull requests for review.