4. InfoJobs Spain Hit By Credential Stuffing

The Spanish job portal InfoJobs suffered a cyberattack where hackers used credentials stolen from other breaches to access and steal information from candidate profiles in a large-scale “credential stuffing” attack. The company is now notifying affected users and has advised them to be vigilant for suspicious activity and fraudulent job offers that may use their stolen personal information to appear legitimate. The stolen data poses a significant identity theft risk, prompting Spanish authorities to advise victims to immediately contact their bank and file a police report if they suspect their information has been misused.

5. Hack Attempt Hits German Police Phone System

An attempted cyberattack on the servers controlling official smartphones for the Mecklenburg-Western Pomerania State Police in Germany has prompted an immediate investigation. As a precaution, data services for these “mPol” devices have been suspended, impacting patrol officers’ ability to conduct online inquiries for vehicle registrations and ID checks. While the smartphones can still make calls, officers must revert to older methods like radioing the station for information, which may lead to longer wait times. The State’s Data Protection Commissioner has been informed and has initiated a corresponding investigation, with services only to be restored once systems are certified as secure.

6. German Dog Rescue IG Hacked For Ransom

German animal welfare association Hunderettung Europa e.V. had its Instagram account with 132,000 followers hacked on May 31, with the attacker demanding a ransom for its return. Although the charity used security measures like 2FA, the hacker gained full control, and police advised against paying the extortion demand, leaving the account’s recovery in doubt. The attack has had “fatal consequences” as it has cut off the group’s primary channel for donations, which are essential to fund their operations. This loss of funding now jeopardizes the immediate rescue of around 50 dogs from a Romanian killing station scheduled for June 6, as the chairwoman stated the dogs will die without these donations.

7. Paula Stannard Named New HHS OCR Director

The U.S. Department of Health and Human Services has appointed attorney Paula Stannard, who served in prior Trump and Bush administrations, as the new director of its HIPAA enforcement agency, the Office for Civil Rights (OCR). Stannard takes charge of an agency facing a skyrocketing workload, with its case backlog more than doubling in less than a year due to a surge in health data breaches and HIPAA complaints. Simultaneously, the OCR is absorbing extreme staff and resource cuts as part of a broader HHS downsizing, even as it takes on new enforcement responsibilities for substance use disorder privacy regulations. While former colleagues praise Stannard’s expertise, industry experts express concern over how the under-resourced agency will handle its expanding mission and massive backlog under the new leadership and budget constraints.

8. FBI Warns Play Ransomware Victims Triple

The FBI, CISA, and Australian partners released an updated advisory stating the Play ransomware gang has now attacked approximately 900 organizations since emerging in 2022, tripling its previously reported victim count. The threat actors exploit vulnerabilities in tools like SimpleHelp for initial access and use aggressive tactics, including threatening phone calls, while also recompiling their ransomware for each attack to evade detection. Play was one of the most active ransomware groups in 2024, responsible for high-profile attacks on critical infrastructure and U.S. cities like Oakland, as well as entities in Europe and South America. Investigations also suggest a potential collaboration where North Korean state-sponsored actors gain initial network access before handing it off to Play ransomware operators for the final payload deployment.

9. Mind Raises $30M For On Device AI Security

Data security startup Mind, led by former Hexadite CEO Eran Barak, has raised $30 million in a Series A funding round led by Paladin Capital Group and Crosspoint Capital Partners. The company’s strategy focuses on proactive data breach prevention through lightweight agents on endpoints, a departure from security tools that only provide after-the-fact visibility. A key differentiator for Mind is its plan to use the new funds to push small language models to devices, enabling real-time, on-the-fly data classification without needing cloud analysis. This investment will also fuel the scaling of its go-to-market operations in North America and EMEA, expand email data loss prevention capabilities, and further its AI innovation.

Check your smart TVs and Android streaming devices.

The FBI warns that over one million Android-based IoT devices, including TVs and streaming boxes, are infected with BADBOX 2.0 malware. These devices are being used as hidden proxies by cybercriminals to hide malicious activities, commit ad fraud, and steal credentials.

✅ What you should do

• Avoid buying smart devices from unknown brands or sellers, especially if they run on Android.
• Do not install apps or firmware updates from unofficial app stores or websites.
• Keep all IoT devices updated with the latest software and security patches.
• Monitor your home internet for unusual data usage or slowdowns, which may indicate hidden background activity.
• If you suspect a device is compromised, disconnect it from your network and consult a security expert before reuse.

✅ Why this matters

Some devices come infected out of the box and can’t be cleaned with a factory reset. Once infected, your home internet can be hijacked to support cybercrime without your knowledge.