Zendesk Instances Exploited in Widespread Spam Campaign A surge of spam emails originating from legitimate Zendesk domains has raised concerns among cybersecurity experts and affected organizations. Multiple users reported receiving unsolicited messages often disguised as legal notices, bogus lawsuits, or government alerts from Zendesk instances tied to major companies, including Live Nation, Capcom, Tinder, and AI research firm ElevenLabs. The attacks appear to stem from two potential vectors: attackers abusing help desk systems to relay spam by impersonating users, or misconfigurations in Zendesk’s email infrastructure. Some emails bypassed spam filters, including iCloud’s, while others targeted users who had never interacted with the services in question. The goal, as with most spam campaigns, is to harvest credentials, gain initial access, or extort payments. Zendesk acknowledged the issue but clarified that it was not the result of a software vulnerability or breach. The company advised users to ignore or delete suspicious emails and recommended customers adjust first-reply triggers and restrict ticket submissions to authorized users. Security researchers noted similarities between the spam tactics and past activity linked to the threat group Scattered Lapsus$ Hunters, though Zendesk denied any direct connection. The scale of the campaign remains unclear, with no official response from Zendesk on the number of affected organizations or users. Social media and Reddit threads, however, indicate widespread disruption, with some companies reporting "mass spam attacks" on their ticketing systems. ElevenLabs confirmed it was working with Zendesk to resolve the issue, while other impacted firms have yet to publicly address the matter. The incident highlights the risks of misconfigured help desk systems and the challenges of defending against relay-based spam attacks. As investigations continue, the full extent of the campaign and whether it represents a coordinated effort or opportunistic exploitation remains under scrutiny.

Ransomware Data Breaches Surge: A Systemic Crisis Targeting U.S. Governments and Enterprises (2024–2026) Ransomware attacks have evolved into a dual threat: not only do they encrypt critical systems, but they also exfiltrate sensitive data, turning operational disruptions into full-scale data breaches. This "double-extortion" model where attackers demand payment to both unlock systems and suppress stolen data has become the dominant tactic among ransomware groups, forcing victims into a no-win scenario. The consequences are particularly severe for U.S. government entities, which now account for a disproportionate share of confirmed incidents globally, according to the Cybersecurity and Infrastructure Security Agency (CISA). ### The Anatomy of a Ransomware Data Breach Modern ransomware attacks follow a predictable pattern: 1. Initial Access: Attackers gain entry via phishing, exposed Remote Desktop Protocol (RDP) ports, or unpatched VPN vulnerabilities tactics that account for over 70% of intrusions. 2. Dwell Time: Threat actors lurk inside networks for days or weeks, conducting reconnaissance, escalating privileges, and systematically copying high-value data. 3. Exfiltration: Before encrypting files, attackers steal sensitive information personal data, financial records, or intellectual property to use as leverage. 4. Encryption & Extortion: The final stage: systems are locked, and victims face demands for payment to restore access and prevent public leaks. The encryption itself is often a distraction; the real damage lies in the stolen data. Even organizations that restore from backups remain legally obligated to notify affected individuals if exfiltration is suspected a requirement that regulators enforce aggressively, regardless of whether the ransom is paid. ### Government Entities Under Siege Local governments, counties, and municipal agencies have become prime targets due to a perfect storm of vulnerabilities: - Legacy Infrastructure: Aging systems, unpatched software, and flat network architectures create easy entry points. - Underfunded IT Security: Many agencies allocate less than 5% of their IT budgets to cybersecurity, lacking dedicated security teams or 24/7 monitoring. - Public Records Obligations: Unlike private companies, governments cannot conceal breaches. Outages, audit findings, and breach notifications become public record, making concealment nearly impossible. Ransomware groups like LockBit, BlackCat/ALPHV, Cl0p, Qilin, and Rhysida have explicitly targeted government networks, exploiting predictable architectures and stretched IT staff. For affiliates operating under the ransomware-as-a-service (RaaS) model, these environments offer longer dwell times, slower detection, and higher pressure to pay making them reliable, low-resistance targets. ### A Nationwide Crisis: Documented Incidents by State The scale of the problem is staggering. Between 2024 and 2026, ransomware breaches have been confirmed in every U.S. state, with particularly severe concentrations in: - California: Over 50 cities and counties, including Fresno, Pasadena, Riverside, and Irvine. - Florida: Bradenton, Orlando, Boca Raton, and 20+ other municipalities, with Pinellas and Sarasota Counties among the hardest hit. - Colorado: Arapahoe County, Jefferson County, and 15+ others, including rural mountain communities. - Georgia: Cherokee County, Sandy Springs, and Decatur, with incidents spanning urban and rural areas. - Massachusetts & Connecticut: Over 20 towns, including Brockton, Lynn, and Brookline, reflecting the vulnerability of small municipal governments. - Idaho, Kentucky, Louisiana: Multiple counties, with incidents in Jefferson County (ID) triggering a FEMA disaster declaration one of the first cases where ransomware qualified for federal emergency relief. In Louisiana, breaches in Lincoln Parish and De Soto Parish led to indictments and fiscal emergency declarations, illustrating how ransomware can cascade into broader governance failures. Meanwhile, Virginia’s independent cities like Herndon and Poquoson faced breaches tied to state auditor reviews, highlighting the legal and political fallout of underreporting. ### The Private Sector: High-Stakes Breaches with Cascading Impact While government entities dominate headlines, enterprise ransomware breaches often carry even greater financial and operational risks: - Conduent: A breach at the business process services firm exposed sensitive data for millions of benefit recipients, demonstrating how third-party vendors amplify breach risks. - Coinbase: Attackers stole customer data (including government IDs) and demanded $20 million in extortion mirroring ransomware tactics without deploying encryption. - Insight Partners: A breach at the venture capital firm risked exposing confidential data across its entire portfolio of tech companies. - Hertz: Fell victim to Cl0p’s mass exploitation of Cleo file transfer software, exposing driver’s license numbers and payment data. - Capcom: The 2020 Ragnar Locker attack resulted in 1TB of stolen data, including unreleased game materials and employee records. These incidents underscore a critical trend: supply chain vulnerabilities whether through vendors, software exploits, or insider threats are now a primary attack vector. A single breach can ripple across dozens of dependent organizations, as seen in the UKG Kronos attack, which exposed Puma employee data despite Puma having no direct relationship with the compromised platform. ### Legal and Compliance Fallout Ransomware breaches trigger a complex web of obligations: - State Laws: All 50 states require notification when personal data is accessed, with timelines ranging from 30 to 90 days. California and New York impose additional requirements, including AG notifications for breaches affecting over 500 residents. - Federal Frameworks: HIPAA presumes ransomware incidents are reportable breaches unless organizations prove low risk of data compromise. CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) mandates 72-hour reporting for critical infrastructure entities, with ransom payments due within 24 hours. - Regulatory Enforcement: Failure to report can lead to audits, fines, and criminal referrals. In Louisiana, state auditors flagged multiple parishes for mishandling breaches, while Iowa’s Algona and Michigan’s Oceana County saw indictments tied to incident response failures. ### Why Paying the Ransom Doesn’t Work Despite the pressure to pay, ransom payments offer no guarantees: - No Data Deletion: Attackers frequently publish stolen data even after payment, either due to internal disputes or because the data was already sold. - No Legal Protection: Payment does not absolve organizations of breach notification obligations. Regulators treat exfiltration as a reportable event regardless of ransom outcomes. - Funding Future Attacks: The FBI and CISA warn that ransom payments fuel further criminal activity, with some groups re-targeting victims who paid in the past. ### The Path Forward: Detection and Resilience The only reliable defense against ransomware breaches is proactive monitoring and resilient backups: - Dark Web Monitoring: Detects stolen data on leak sites, criminal forums, and credential marketplaces often before victims are aware of a breach. - Offline, Immutable Backups: The 3-2-1-1-0 rule (three copies, two media types, one offsite, one offline, zero unverified backups) is the gold standard for recovery. - Incident Response Planning: Containment, evidence preservation, and notification must be practiced before an attack. Forensic investigations should prioritize log retention (30–90 days pre-incident) to reconstruct attacker activity. ### Conclusion The ransomware crisis is no longer confined to isolated incidents it is a systemic, nationwide threat reshaping cybersecurity priorities for governments and enterprises alike. With exfiltration now the default tactic, every ransomware attack is a potential data breach, carrying legal, financial, and reputational consequences that extend far beyond the initial encryption. As attackers refine their methods and target the most vulnerable sectors, the question is not if an organization will be hit, but when and whether it will be prepared to respond.

Cyberattacks Target Major Video Game Studios, Exposing Source Code and Internal Data In a wave of recent cyber incidents, leading video game companies including Capcom, Ubisoft, and Crytek have fallen victim to ransomware attacks and data breaches, raising concerns over the security of intellectual property in the gaming industry. Capcom, the Japanese developer behind franchises like Resident Evil and Street Fighter, confirmed a cyberattack on its systems earlier this week. The breach, attributed to the Ragnar Locker ransomware group, disrupted internal networks, including email and file servers. While the company stated there was no evidence of customer data being accessed, it did not disclose whether source code or other sensitive materials were stolen. The attack follows a pattern of recent breaches in the industry, though experts see no evidence of a coordinated campaign. Meanwhile, Ubisoft is investigating claims that hackers stole source code for Watch Dogs: Legion, with reports suggesting the data was leaked online. The company acknowledged a potential security incident after internal network issues surfaced but has not confirmed the extent of the breach. Similarly, Crytek known for the Crysis series was also targeted by the same hacking group, raising fears that proprietary game code could be sold or distributed illegally. The attacks come amid a broader trend of cyber threats against gaming companies, including previous leaks from Nintendo. While no major disruptions to gameplay or official services have been reported, the incidents highlight vulnerabilities in an industry increasingly targeted for its valuable digital assets. The long-term impact may include unauthorized game modifications, knockoff releases, or the exploitation of stolen development materials. As investigations continue, the gaming sector remains on alert for further disclosures of compromised data.

A malicious hacker had the access to Japanese game developer Capcom's internal systems in a cyber attack in November 2020. The company had to shut down some of its systems to contain the attack but chances are that other sensitive data such as intellectual property, or details of the firm’s plans for future video game releases might have stolen. Capcom confirmed that no customer information was breached in the attack.