Several members of Germany's Bundestag have had their personal email accounts breached, CyberScoop says. The BfV and BSI security services have briefed the federal legislative body and contacted affected members. German officials have provided few details, but Tageschau reports that the compromise was the work of Ghostwriter (a threat actor associated with Russian interests) and that spearphishing was the attack vector. Der Spiegel is calling it a Russian operation.
Channel 9 Australia sustained a cyberattack yesterday that knocked some programming off the air. The Sydney Morning Herald describes the attack as "some kind of ransomware likely created by a state-based actor," with speculation suggesting either China or Russia as the responsible country. TVBlackBox calls the attack for Moscow, and says it appears to have been an attempt to disrupt broadcast of a Channel 9 investigative report on Russia's use of Novichok nerve agent against dissidents, spies, and undesirables.
Apple issued three patches late Friday. The vulnerability, found by Google's Project Zero, affects Webkit, the browser engine behind Safari. TechCrunch reports that the bug may be under active exploitation in the wild by unidentified actors.
Computing reports that lifestyle retailer FatFace has paid the Conti ransomware gang $2 million in Bitcoin (knocked down from an original ransom demand of $8 million; Conti's operators said they didn't want to bankrupt FatFace).
A flaw in new Scottish independence party Alba's website leaked personal data of some four-thousand people who'd registered for party-sponsored events. The exposure occurred within hours of Alba's formation, ITPro reports.