Global Cyber Week: Breaches, Outages, and Insider Threats

This week’s cybersecurity updates spanned elections, telecom outages, AI vulnerabilities, ransomware outreach, and major legal actions. Moldova’s election websites faced large-scale attacks, Optus reported another emergency outage, and Google confirmed extortion emails from the Oracle incident. 

GreyNoise tracked scanning surges, and California’s attorney general filed a privacy lawsuit. 

Election Cyberattack in Moldova Blocks 4,000 Vote-Related Websites

Thousands of Moldova’s election-related websites went offline amid politically charged cyberattacks. Authorities said more than 4,000 sites linked to voting and election information were disrupted. The incident coincided with heightened political tensions as officials worked to restore access. 

Investigators traced coordinated traffic spikes targeting servers hosting voter data portals. Security teams deployed mitigation measures and strengthened infrastructure to stabilize services ahead of continued monitoring.

Optus Emergency-Call Outage Affects 4,500 Customers, Triggers Federal Probe

Optus reported another outage that prevented 4,500 customers from making emergency calls. The issue triggered an investigation by Australian authorities into the cause and impact. The company restored service within hours and apologized to affected users. 

Officials said the disruption raised questions about network redundancy and emergency-call reliability. Regulators requested detailed reports on the failure and the measures taken to ensure similar incidents do not recur.

Salesforce Introduces Trusted URL Controls to Contain AI Data Leaks

Salesforce announced a new security requirement enforcing trusted URLs for Agentforce and Einstein AI applications. The update mitigates risks from prompt injection attacks by limiting AI outputs to approved domains. Administrators must configure trusted URLs for integrated workflows. 

The company provided step-by-step instructions for setup and urged customers to validate their deployments. The change follows reports of indirect data exposure risks through unverified third-party endpoints.

Medusa Ransomware Group Tried to Recruit BBC Journalist for Insider Access

Thousands of election-related websites in Moldova were taken offline following a wave of cyberattacks. Authorities said more than 4,000 sites linked to voting and election information were disrupted. The incident coincided with heightened political tensions as officials worked to restore access. 

Investigators traced coordinated traffic spikes targeting servers hosting voter data portals. Security teams deployed mitigation measures and strengthened infrastructure to stabilize services ahead of continued monitoring.

Google Reports Extortion Emails Following Alleged Cl0p Oracle Hack

Google said executives received extortion emails referencing an alleged Cl0p-linked Oracle E-Business Suite compromise. The attackers threatened to release stolen data if demands were not met. The messages cited internal business details to appear credible. 

Google urged users to verify sender identities and report suspicious emails. The company recommended enforcing DMARC and related authentication controls to block impersonation attempts while investigations continue.

AI-Driven Cyber Incidents Strike 41% of Schools in the US and the UK

A new education-sector report found that 41 percent of schools in the US and UK experienced AI-related cyber incidents this year. Attacks included deepfake content, generative phishing, and unauthorized data scraping. Researchers cited weak controls around student AI use and a lack of staff training. 

Schools are adopting AI filters and expanding digital ethics programs as governments weigh tighter guardrails for classroom technology.

Kido Nursery Hackers Delete Children’s Data After Public Backlash

Hackers from the Radiant group said they deleted children’s data stolen from the UK-based Kido nursery chain after widespread criticism. The BBC reported that the group’s leak site no longer displayed the information. 

Kido confirmed it had followed law enforcement guidance and had not paid any ransom. The company continues to work with authorities and cybersecurity experts to verify permanent data deletion.

GreyNoise Detects 500% Surge in Palo Alto Scanning Activity

GreyNoise observed a 500 percent surge in IPs scanning Palo Alto Networks login portals, marking the highest level in 90 days. The research found over 1,300 unique IPs involved, with most classified as suspicious. 

Activity was concentrated in the United States and several European regions. Analysts are monitoring to confirm whether the scanning relates to vulnerabilities or reconnaissance.

California Attorney General Sues Police Over Flock Surveillance Misuse

California Attorney General Rob Bonta filed a lawsuit against the city of El Cajon and its police department, alleging violations of state law involving the Flock Safety license plate reader system. The complaint said officers ran database searches for agencies in 26 other states. 

The lawsuit seeks an injunction and legal clarification to stop the practice. The El Cajon Police Department has not yet commented on the filing.

Scattered LAPSUS$ Hunters Ransomware Group Launches New Leak Site, Lists Fresh Victims

The Scattered LAPSUS$ Hunters ransomware group has unveiled a new data-leak website after previous domains were taken offline. The group published details of new victims, including several organizations from Europe and South America. Screenshots of allegedly stolen files were posted as proof of compromise. 

Researchers state that the site resembles earlier LAPSUS$-linked portals. The group’s leak portal currently lists multiple organizations as victims, each accompanied by file samples and timestamps indicating recent uploads.

This Week in Focus

Cyber incidents cut across every sector — enterprise, politics, law enforcement, and education. Defense efforts continue to chase attack surfaces. Where a global outrage forced a hacker to retreat, the week’s cybersecurity incidents speak of a world still balancing detection, ethical limits, and digital accountability.