Clorox Sues Cognizant Over Cyberattack Negligence; Multiple Data Breaches Reported
Friday, November 28, 2025
Top 5 Cybersecurity Stories You Should Know
-
Clorox Sues Cognizant Over Cyberattack Negligence; Multiple Data Breaches Reported — tl;dr: Clorox has filed a $380 million lawsuit against IT company Cognizant, alleging negligence in handling a cyberattack that disrupted its operations in August 2023. The lawsuit claims Cognizant failed to properly verify a hacker's identity before resetting their password, leading to significant business losses. In related news, several organizations, including AMEOS Group and CoinDCX, reported data breaches affecting personal information. Affected individuals are advised to monitor their accounts for suspicious activity and remain vigilant against phishing attempts.
↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-30-2025 -
Nippon Steel Solutions Data Breach Linked to Zero-Day Vulnerability — tl;dr: Nippon Steel Solutions, a subsidiary of Nippon Steel Corporation, has experienced a critical data breach due to a zero-day attack, allowing unauthorized access to sensitive internal systems. This incident highlights the risks associated with unknown vulnerabilities, particularly in the steel manufacturing sector. European organizations, especially those linked to Nippon Steel, face potential secondary risks, including supply chain compromises and data theft. To mitigate these threats, companies should enhance threat detection, implement advanced security measures, and update incident response plans to address zero-day vulnerabilities effectively.
↪ https://radar.offseq.com/threat/nippon-steel-solutions-suffered-a-data-breach-foll-368a681e -
Security Vulnerabilities in Wireless Devices and Protocols Explored — tl;dr: Recent research highlights numerous security vulnerabilities in wireless devices and protocols, including risks associated with GSM networks, Bluetooth devices, and IoT systems. Notable findings include the MouseJack vulnerability, which allows remote injection attacks on wireless mice and keyboards, and various exploits targeting SCADA systems and industrial control devices. Organizations and individuals using these technologies should assess their security measures, implement robust encryption, and stay informed about ongoing vulnerabilities to mitigate potential threats. Continuous monitoring and timely updates are crucial in protecting against these emerging risks.
↪ https://ntoskrnl.win/notetree/noteleaf/Some-security-articles -
Google Fixes Chrome Zero-Day CVE-2023-6345 Exploited in the Wild — tl;dr: Google has addressed a critical zero-day vulnerability in Chrome, identified as CVE-2023-6345, which was actively exploited in the wild. This integer overflow flaw in the Skia graphics library poses risks such as arbitrary code execution and crashes. Users are urged to update their Chrome browsers to version 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows, to mitigate these threats. The update also resolves five additional high-severity vulnerabilities, underscoring the importance of maintaining up-to-date software for security.
↪ https://blog.deurainfosec.com/chrome-zero-day-vulnerability-that-exploited-in-the-wild/ -
WK Kellogg Reports Data Breach Tied to Clop Ransomware via Cleo Software Exploit — tl;dr: WK Kellogg Co has disclosed a data breach involving the Clop ransomware gang, linked to vulnerabilities in Cleo's managed file transfer software (CVE-2024-50623 and CVE-2024-55956). The breach, which occurred on December 7, 2024, exposed sensitive employee data, including names and social security numbers. Affected individuals have been notified and offered a year of identity monitoring services through Kroll. As the latest victim of Clop's attacks, Kellogg emphasizes its collaboration with Cleo to enhance security measures and prevent future incidents.
↪ https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/
Featured LufSec Resource
Consulting (First Session Free) — Build your security & AI risk program right.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
