VulnHub

Real-time Cybersecurity News

700,000 Records Compromised in Askul Ransomware Attack

SecurityWeek
Actively Exploited
RansomwareData Breach

Overview

Askul, a company specializing in e-commerce and logistics, suffered a significant data breach when the RansomHouse ransomware group targeted it in October. Around 700,000 records were compromised during this attack, raising concerns about the exposure of sensitive customer and business information. The incident highlights the ongoing risks faced by online retailers and logistics providers in today's digital landscape. Organizations like Askul must bolster their cybersecurity measures to protect against such threats and safeguard customer trust. The breach serves as a reminder for all businesses to remain vigilant and proactive in their security practices.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: 700,000 customer and business records from Askul
  • Action Required: Companies should enhance their cybersecurity protocols, including regular data backups, employee training on phishing, and implementation of multi-factor authentication.
  • Timeline: Disclosed in October 2023

Original Article Summary

The e-commerce and logistics company was targeted by the RansomHouse ransomware group in October. The post 700,000 Records Compromised in Askul Ransomware Attack appeared first on SecurityWeek.

Impact

700,000 customer and business records from Askul

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed in October 2023

Remediation

Companies should enhance their cybersecurity protocols, including regular data backups, employee training on phishing, and implementation of multi-factor authentication.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Data Breach.

Read Original Article

Related Coverage

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

Infosecurity Magazine

Hackers believed to be linked to China have targeted the Indian branch of a major global manufacturer using a new type of malware called TencShell. This malware is based on an open-source offensive toolkit, which suggests that the attackers are utilizing publicly available resources to carry out their operations. The implications of this attack are significant, as it not only affects the manufacturer but also raises concerns about the security of global supply chains. Companies operating in similar sectors should be vigilant, as this incident could indicate a broader trend of targeting multinational firms. The incident underscores the need for enhanced cybersecurity measures across industries to protect against sophisticated attacks.

May 15, 2026

Chrome 148 Update Patches Critical Vulnerabilities

SecurityWeek

Google's latest Chrome update, version 148, addresses several critical vulnerabilities, including a serious use-after-free issue affecting various browser components. This type of vulnerability can allow attackers to execute arbitrary code, potentially leading to unauthorized access or data breaches. Users of Chrome should update to the latest version to ensure their browsers are secure. Keeping browsers up to date is crucial, as these vulnerabilities can be exploited if left unpatched. The update underscores the ongoing need for vigilance in cybersecurity, especially given the frequency of browser-based attacks.

May 15, 2026

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

SecurityWeek

Cisco has released a patch for a newly discovered zero-day vulnerability, identified as CVE-2026-20182, which has been actively exploited in targeted attacks. This vulnerability affects Cisco’s SD-WAN products and has been linked to a sophisticated threat actor known as UAT-8616. The exploitation of this flaw marks the sixth zero-day incident involving Cisco in 2026, raising concerns about the security of their products. Companies using Cisco SD-WAN solutions should prioritize applying the latest patches to protect against potential breaches. The ongoing exploitation of this vulnerability highlights the need for vigilance in cybersecurity practices.

May 15, 2026

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

May 15, 2026

Zombie linkages are keeping expired domains trusted for years

Help Net Security

Researchers from USC and the University of Twente have identified a significant issue with expired domains, which can continue to hold trust long after they have changed hands. This phenomenon, referred to as 'zombie linkages,' occurs in systems like Web PKI, Maven Central, and Ethereum Name Service. When a domain expires and is transferred to a new owner, the systems still recognize and trust the previous owner, potentially allowing malicious actors to exploit this trust. This lingering trust can create security risks, as users may unknowingly interact with compromised or malicious domains. Addressing this problem is crucial for maintaining the integrity of online systems and protecting users from potential fraud or exploitation.

May 15, 2026

You're not going to patch your way out of this - PSW #926

SCM feed for Latest

A recent cybersecurity article warns about a significant vulnerability that cannot simply be fixed by applying patches. The issue affects multiple software systems and could leave users exposed if not addressed comprehensively. Researchers emphasize that traditional patch management strategies may not suffice, as attackers could exploit underlying flaws. This situation puts organizations at risk of data breaches and financial losses. The need for a more thorough approach to security is critical for companies relying on these systems.

May 14, 2026