Phishing attacks rank among the top attack vectors and the recent incident at a top university in Australia manifests it. A hacker group obtained the account credentials of a university staff member and could access the personal data of tens of thousands of students.

Moreover, cybercriminals are dropping phishing kits on WordPress sites to extract login data, personal information, and payment card data. In other headlines, scammers were found sitting on a PoS system at a Cleveland hotel and stealing card data of customers for over 7 months. Continue reading for the top cybersecurity highlights for the day. Mismanagement of sensitive information in your hands can lead to grave repercussions, as in the case of a healthcare provider that was found exposing confidential information for over a decade. Threat actors once again pounced on the job market by targeting a recruitment agency. In another vein, the newly discovered Malibot trojan has become a prolific threat in the Android malware landscape.

1. Deakin University, Australia, suffered a cyberattack, affecting the PII of nearly 47,000 current and former students. Nearly 10,000 students reportedly received phishing messages requesting their credit card data.

2. An unauthorized third party accessed data stored by a subcontractor associated with Colorado Springs Utilities. The storage blob contained information of close to 200,000 customers.

3. Trellix discovered an attack campaign—touching political topics—aimed at the government agencies of Afghanistan, Italy, Poland, India, and the U.S. since 2021.

4. Hilton Garden Inn Cleveland Downtown disclosed a breach event that impacted the payment data of customers who used the food and beverage area of the hotel between September 24, 2021, to May 5, 2022.

5. Proofpoint released a report highlighting targeted attacks on journalists and media by various nation-backed actors, such as China, Iran, Turkey, and Noth Korea.

6. Akamai unveiled a malicious operation that brute-forces WordPress sites to deploy phishing kits. These kits redirect users to fake PayPal pages and harvest sensitive data including users’ banking information and email passwords.

7. Cyble uncovered a new ransomware operation by a group dubbed Lilith. The C/C++ console-based ransomware has listed its first victim on its leak site for double-extortion attacks.

8. Autolycos, a new malware threat, was found infecting nearly 3 million users via at least eight Android apps. The malware quietly subscribes users to premium services.

9. The U.S. House Appropriations committee set aside $15.6 billion for cybersecurity efforts across federal departments and agencies. About $11.2 billion has been dedicated to the Defense Department, while $2.9 billion will reach the CISA.

10. Cybersecurity start-up Bishop Fox bagged $75 million in Series B funding from Carrick Capital Partners, a growth-oriented investment firm.

11. The Virginia Commonwealth University Health System (VCU) has been exposing the personal details, including SSNs, lab results, and medical records, of almost 4,500 transplant patients since at least 2006.

12. British recruitment agency Morgan Hunt suffered a cybersecurity breach impacting the personal information—names, DOB, identity documents, and National Insurance numbers—of some of its freelancers.

13. The BrianLian ransomware group claimed to have hacked the Mooresville Consolidated School Corp. and stolen the SSNs, phone numbers, and email records of 4,200 students.

14. Microsoft attributed the Holy Ghost ransomware operation to North Korean hackers. Tracked as DEV-0530, the group has been targeting small businesses worldwide for over a year.

1. A malware researcher developed and published a decryption tool for the Hive ransomware on GitHub. This key decrypts Hive version 5.0.

2. A Check Point report ranked Malibot third among the most prolific forms of Android malware. It is preceded by AlienBot MaaS and Anubis banking trojan.

3. The huge 26 million rps HTTPS-based DDoS attack thwarted by Cloudflare last month has been assigned the name Mantis. It is an evolved version of the Meris botnet.

4. Researchers from the New Jersey Institute of Technology warned against a unique tactic that can be used by threat actors to de-anonymize website visitors and link them to potential personal data.

5. Sophos published the State of Ransomware in Education 2022, which finds that ransomware attacks against the education sector have increased by 56% in lower education and 64% in higher education in 2021.

6. A massive campaign was found scanning 1.6 million WordPress sites to find a vulnerable plugin, dubbed Kaswara Modern WPBakery Page Builder, that allows uploading files without authentication.