Top news stories this week
- Signal leak. US national security leaders accidentally leak classified military plans.
- Denied. Malaysia rejects $10 million ransom demand after airport breach.
- Don’t trust and verify. Oracle deny breach despite threat actor claims and external technical reviews.
- Gene-solvent. Customers advised to delete data after 23andMe declares bankruptcy.
- Intercepted. Thai Authorities seize Starlink devices allegedly intended for Myanmar scam networks.
- Crackdown Authorities arrest cybercriminals across Africa as Snowflake hacker consents to US extradition.
1. US national security leaders accidentally leak classified military plans
Editor in Chief of The Atlantic, Jeffrey Goldberg, revealed that senior US national security advisors accidentally included him in a private Signal chat allowing him to view classified military plans for strikes against targets in Yemen. The Signal chat discussed operational details such as target locations and timing of the operation raising significant concerns about how national defence information is shared among senior decision makers.
So what?
Robust data handling policies promote accountability across an organisation and provide detailed processes for mitigating organisational risk.
[Researcher: Clay Palmer]
2. Malaysia rejects $10 million ransom demand after airport breach
Malaysian Prime Minister Anwar Ibrahim revealed this week that outages at Kuala Lumpur International Airport were due to a cyber attack. Attackers targeted the company that runs most of the country’s airports, and demanded USD 10 million. Investigations into the incident are ongoing, though it has been reported that Anwar immediately shut down any possibility of acquiescing to the ransom demand.
So what?
The Malaysian government’s response to the ransom demand aligns with S-RM’s findings in our 2025 Cyber Incident Insights Report. We observed a 48% decrease in extortion incidents that resulted in a ransom payment. However, this is not a reduction in ransomware – rather, a higher proportion of ransomware incidents resolved without payment. Therefore, organisations should remain vigilant and ensure their defences remain up to date.
[Researcher: Lester Lim]
3. IT giant Oracle deny veracity of data breach despite threat actor claims and technical evidence
A threat actor with the alias “rose87168” claimed to have allegedly stolen over 6 million records from Oracle Cloud’s SSO platform by exploiting a software vulnerability in the cloud provider's single-sign-on (SSO) login servers, impacting over 1,500 organisations. Oracle has denied the data breach despite security researchers providing technical evidence suggesting the incident and threat actor claims are authentic.
So what?
While the authenticity of the data breach is unconfirmed, organisations are advised to exercise caution and to rotate potentially affected credentials and to proactively hunt for suspicious activities on the affected systems.
[Researcher: Milda Petraityte]
4. Customers urged to delete data following 23andMe bankruptcy
The genetic testing firm 23andMe has declared bankruptcy and plans to liquidate its assets after enduring prolonged financial challenges, including those sustained following a data breach in 2023 (which resulted in several class-action lawsuits against the company). As its assets go up for sale, California’s attorney general and privacy experts have urged customers to delete their genetic data before it is sold.
SO WHAT?
Privacy laws in the US and regulations such as GDPR can enable individuals to request the permanent deletion of their personal data from organisations. Concerned individuals should consider submitting requests to have personal data erased.
[Researcher: Aditya Ganjam Mahesh]
5. Thai authorities intercept Starlink devices fuelling Myanmar scam networks
Thai law enforcement has reportedly intercepted 38 Starlink satellite dishes allegedly intended for scam compounds in Myanmar, enabling access to high-speed, untraceable internet in remote areas. The news comes after Thai authorities seized 10 Starlink transmitters, also intended for Myanmar, in early March.
So What?
As scam networks grow more sophisticated, governments and tech companies must coordinate efforts to enforce stricter due diligence on device sales and monitor illicit use, while users should remain vigilant as criminals continue to exploit new technologies to facilitate their operations.
[Researcher: Houren Lee]
6. African authorities arrest 306 cybercriminals; Snowflake hacker consents to US extradition
Authorities from seven African countries including Nigeria, South Africa and Zambia arrested 306 suspects and seized 1842 devices of cybercriminals involved in scams that affected over 5,000 victims. The operation, which was dubbed Operation Red Card, was coordinated by Interpol.
Separately, hacker Connor Riley Moucka has consented to being extradited to the US following his earlier arrest in Canada in October 2024 over alleged involvement in the Snowflake data breach, which resulted in over one billion records being stolen from 165 companies.
SO WHAT?
Authorities around the world continue to collaborate in attempts to find and arrest cybercriminals.
[Researcher: Denisa Greconici]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
