Remember the time when you would get virtual pets and spend all your free time on them? The same website suffered a humongous breach for the third time in a few years, putting tens of millions of users at risk. The education sector can’t get a break from cyberattacks. Threat actors hit a Canadian school district, leaving quite an impact. In other news, the Evilnum malware is back in a new campaign. Here’s more from the past 24 hours.

1. Neopets, a virtual pet website, suffered a data breach that resulted in the theft of its source code and a database containing the PII of over 69 million members.

2. A cyberattack against the Waterloo Region District School Board, Canada, disrupted its IT services and potentially affected the personal details of students, families, and staff. Investigation continues.

3. The DOJ seized around $500,000 from state-backed North Korean hackers who use the Maui ransomware in their attacks. The amount was returned to two healthcare providers who had paid the ransom to the gang.

4. An eerily realistic-seeming Google Search YouTube ad is redirecting visitors to tech support scams masquerading as security alerts from Windows Defender.

5. TA4563 is back to targeting European financial and investment entities, especially those involved with cryptocurrency, foreign exchanges, and DeFi, with the Evilnum malware.

6. A previously undetected malware, dubbed Lightning Framework, was found targeting Linux systems. It can also serve as a backdoor for infected devices using SSH and can deploy an array of rootkits.

7. A new strain of the free-to-use Redeemer ransomware builder is being promoted on hacker forums. The new version 2.0 is written in C++ and features support for Windows 11 and GUI tools, among others.

8. An uncommon piece of malware was found targeting a large software development firm in Ukraine. The malware is a moderately altered version of the open-source backdoor GoMet.

9. 09

10. Applus+ announced the acquisition of jtsec, a cybersecurity certification company, for an undisclosed amount. This acquisition aims to respond to the growing demand for cybersecurity generated by IoT devices.

11. Huntress, a Maryland-based cybersecurity firm, announced the acquisition of Curricula, a security training platform, for $22 million. This would enable the former to expand to small and mid-market businesses.

12. A technical problem at Tooele County School District, Utah, potentially exposed the personal information of 1,000 students. The state office is investigating the matter.

13. Western Australia’s biggest arts organizations—WA opera, WA ballet, Perth Festival, Black Swan State Theater Company, and others—fell victim to a data breach that impacted customers’ personal details.

14. Williams Company, a construction firm, suffered a data breach as an ex-employee stole the company’s bank account statements, tax returns, and 401(k) details including employees’ names, SSNs, and compensation.

15. A cyberattack against Ukrainian radio operator TAVR Media led to the broadcasting of a fake message, stating that the President is seriously ill. The attack also disrupted the operator's servers and networks.

16. The state of New York announced plans to provide resources and assistance to local governments to thwart ransomware and other cyberattacks under a $30 million share services program.

17. Avast reported that the DevilsTongue spyware developed by Candiru, an Israeli surveillance company, was leveraged against journalists in the Middle East.

18. Researchers discovered a potential attack network in the form of a ransomware C2 activity, with one of the hosts located in Ohio and two other Russian hosts containing a combination of Acunetix and DeimosC2.

19. The U.S. Cyber Command and the Security Service of Ukraine revealed 20 unique malware infection indicators, following the constant cyberattacks against Ukraine.

20. Miami-based Halborn, a blockchain security startup, raised $90 million in Series A funding, led by Summit Partners. The firm aims to broaden its audit and penetration testing capabilities.

21. IT MSP Adar announced the acquisition of cybersecurity firm Rigid Bits for an undisclosed amount. Adar aims to offer comprehensive and secure cloud-based solutions.