University System of Georgia (USG) is starting to notify 800,000 individuals that their personal and financial information was compromised in the May 2023 MOVEit hack. The data breach occurred after the Russia-linked Cl0p ransomware group exploited a vulnerability in Progress Software's MOVEit Transfer managed file transfer (MFT) software and stole data from organizations using it. USG used MOVEit to "transfer and store sensitive data" and is the latest education entity to disclose the attack's impact.

Philadelphia-based real estate company Brandywine Realty Trust recently fell victim to a ransomware attack that disrupted some of its business applications. In a filing with the US Securities and Exchange Commission (SEC) on Monday, the real estate investment trust revealed that the incident occurred on May 1 and involved unauthorized access to portions of its IT environment.

It has recently been revealed that sensitive personal and financial information belonging to UK military personnel has been compromised in a significant state-sponsored data breach. The defense secretary, Grant Schapps, is expected to make a statement in the House of Commons detailing exactly what happened. According to reports, on the morning of May 7 the hackers successfully targeted a third-party payroll provider, with mainly names and bank details exposed.

A Russian national has recently pleaded guilty to his role in a major money laundering conspiracy tied to the infamous BTC-e cryptocurrency exchange. According to the Department of Justice (DoJ), Alexander Vinnik, 44, was one of the operators of the exchange from its launch in 2011 to when law enforcers shut it down in 2017. The DoJ noted that during that time, it processed over $9bn-worth of transactions and served over one million users worldwide, many of whom were cybercriminals looking to clean the proceeds of their illegal activity.

The FBI, UK National Crime Agency, and Europol have recently unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time. According to the Department of Justice (DoJ), the LockBit ransomware operator known as "LockBitSupp" has been confirmed to be a Russian national named Dmitry Yuryevich Khoroshev, who reportedly earned $100 million as part of the gang's activities.

In the wake of a scathing US government report that condemned Microsoft's weak cybersecurity practices and lax corporate culture, security chief Charlie Bell has announced that he is pledging significant reforms and a strategic shift to prioritize security above all other product features. Bell announced plans to add Deputy CISOs into each product team and link a portion of senior leaders' paychecks to progress on security milestones and goals.

The City of Wichita, Kansas, recently announced that it has shut down its computer network after falling victim to a ransomware attack. The incident occurred on May 5, when malware encrypted data on certain systems, prompting Wichita to turn off some of its systems as a containment measure, which affected certain online services. The city says it is unclear whether personal information was compromised in the attack, but Wichita said details on the matter will be provided as the investigation into the incident advances.

As part of the Intelligence Advanced Research Project Activity (IARPA) program called "Reimagining Security with Cyberpsychology-Informed Network Defense" (ReSCIND), researchers at George Mason University (GMU) will build defensive tools that first identify hackers' human flaws and then use them to defend against an attack. IARPA has turned its attention to exploiting the human factor, the weakest link in cyberattacks. Under the new IARPA program, researchers hope to gain further insight into hackers' cognitive vulnerabilities and decision-making biases to stop future attacks.