November 2025

PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…

Brit telco Brsk confirms breach as bidding begins for 230K+ customer records

Crims claim to know which customers are marked 'vulnerable' British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.…

GrapheneOS bails on OVHcloud over France’s privacy stance

Project cites fears of state access as cloud sovereignty row deepens French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy.…

TryHackMe races to add women to Christmas cyber challenge roster after backlash

Training outfit scrambles to fix all-male lineup before December kickoff Cybersecurity training provider TryHackMe is scrambling to recruit women infosec pros to help with its Christmas challenge following backlash concerning a lack of gender diversity.…

OBR drags in cyber bigwig after Budget leak blunder

Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the…

Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites

ReliaQuest finds fresh crop of phishing domains and toxic tickets Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.…

OpenAI cuts off Mixpanel after analytics leak exposes API users

ChatGPT maker places other vendors under review following breach OpenAI says API users may be affected by a recent breach at its former data analytics provider, Mixpanel.…

FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover

Agency flags hijacks of insecure studio-to-transmitter gear after attackers pipe in fake alerts and vulgar audio Malicious intruders have hijacked US radio gear to turn emergency broadcast tones into a profanity-laced alarm system.…

Asahi admits ransomware gang may have spilled almost 2M people’s data

Brewer finally tallies fallout from September attack as it pushes earnings into 2026 Asahi has finally done the sums on September's ransomware attack in Japan, conceding the crooks may have helped themselves to personal data tied to almost 2 million people.…

Scottish council still rebuilding systems two years after ransomware attack

Audit sympathetic toward Comhairle nan Eilean Siar as staff stretched to capacity trying to recover Auditors remain concerned about the cyber resilience of a Scottish council as some systems are yet to be fully rebuilt following a ransomware attack in November 2023.…

Copyright © 2026 Lugapel