ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.
Digital forensics is shifting from reactive to strategic. Join CyberWire Daily host Dave Bittner on Wednesday, June 11 at 1:00pm ET for a live discussion with experts from Magnet Forensics on key insights from the State of Enterprise DFIR Report. Learn how top teams are evolving their tools, workflows, and talent to reduce risk and respond faster to complex incidents. Register now to join live or access it on-demand.
Law enforcement agencies in the US, Europe, and Japan have disrupted the Lumma Stealer malware operation, seizing the infostealer's infrastructure, domains, and marketplaces. Europol calls Lumma "the world’s largest infostealer," noting that "[s]tolen credentials, financial data, and personal information were harvested and sold through a dedicated marketplace, making Lumma a central tool for identity theft and fraud worldwide."
Microsoft, which assisted in the takedown, stated, "Between March 16, 2025, and May 16, 2025, Microsoft identified over 394,000 Windows computers globally infected by the Luma malware. Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims. Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes."
British retailer Marks & Spencer (M&S) expects the cyberattack the company sustained last month to cause losses of around £300 million ($402 million), nearly one-third of the company's annual profits, CNBC reports. The retailer doesn't expect to fully recover from the incident until July.
M&S's CEO Stuart Machin disclosed that the hackers gained access through a third-party contractor, stating, "Unable to get into our systems by breaking through our digital defences, the attackers did try another route resorting to social engineering and entering through a third party rather than a system weakness." Reuters cites a source as saying this contractor was Tata Consulting Services, which M&S uses for helpdesk support.
BleepingComputer says the incident was a ransomware attack in which "threat actors used a DragonForce encryptor to encrypt virtual machines on VMware ESXi hosts."
Sophos has published a report on the DragonForce ransomware-as-a-service operation, noting that the gang is attacking rival ransomware groups in an attempt to claim dominance in the ransomware ecosystem. The gang defaced leak sites belonging to the BlackLock and Mamona ransomware groups, and appears to have conducted a hostile takeover of the RansomHub gang.
Sophos explains, "When DragonForce emerged in August 2023, it offered a traditional RaaS scheme. On March 19, 2025, the group announced a rebrand as a ‘cartel’ to expand its reach, hoping to emulate the success of LockBit and other mature ransomware-as-a-service (RaaS) groups. In practice, it isn’t a cartel operation but an offering that gives affiliates the flexibility to leverage DragonForce’s infrastructure and ransomware tools while operating under their own brands."
Today's issue includes events affecting Japan, the United Kingdom, and the United States.
Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government (Reuters) Hacker intercepted communications data from more than 60 government officials
CyCognito Report Reveals 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets (Cision PR Newswire) /PRNewswire/ -- CyCognito today released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three...
Cloudera Delivers AI-Powered Unified Data Visualization in On-Premises Data Centers (GlobeNewswire News Room) Available across multi-cloud and hybrid environments, Cloudera Data Visualization includes integrated AI visualization and natural language querying for...
Phone companies failed to warn senators about surveillance, Wyden says (POLITICO) Government surveillance of lawmakers, though legal, raises concerns that members of Congress cannot effectively legislate when they are being spied on.
ESET takes part in global operation to disrupt Lumma Stealer (ESET) Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation
For a complete running list of events, please visit the Event Tracker.
CyberWiseCon Europe 2025 (Vilnius and virtual, Lithuania, May 21 - 23, 2025) CyberWiseCon is a premier IT security conference that brings together cybersecurity experts, industry leaders, and IT professionals from around the Europe.
NICE Conference (Denver, Colorado, USA, Jun 1 - 4, 2025) The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. This event provides an opportunity to share best practices from around the world and across sectors in order to build the workforce we need to confront cybersecurity risks today and in years to come.
2025 Space Regulatory Bootcamp (Albuquerque and Virtual, New Mexico, USA, Jun 10 - 11, 2025) ACSP's Bootcamps educate new and established space professionals on must-know fundamentals and arm them for success. The 2025 Space Regulatory Bootcamp, hosted in Albuquerque, New Mexico, is a two day comprehensive industry deep dive with advanced training and meaningful networking. Learn directly from leading subject matter experts on topics including space law, export controls, space telecommunications, government contracting, and more.
AWS re:Inforce 2025 (Philadelphia, Pennsylvania, USA, Jun 16 - 18, 2025) AWS re:Inforce is our annual, immersive, cloud-security learning event delivering hands-on training and collaboration with AWS experts. It’s your opportunity to learn about the latest AWS security innovations, get direct access to the AWS teams and partners who build the security tools you rely on, and connect with cloud security peers from around the world. You’ll leave with actionable next steps to raise your security posture.
