securityweek.com
By Eduard Kovacs|
November 13, 2025 (7:54 AM ET)
The UK’s national healthcare system is working with the country’s National Cyber Security Centre to investigate the incident.
Cybercriminals have named the United Kingdom’s National Health Service (NHS) as one of the victims of the recent data theft and extortion campaign targeting organizations that use Oracle’s E-Business Suite (EBS) enterprise resource planning solutions.
“We are aware that the NHS has been listed on a cyber-crime website as being impacted by a cyber-attack, but no data has been published,” a spokesperson for NHS England told SecurityWeek. “Our cyber security team is working closely with the National Cyber Security Centre to investigate.”
The Oracle EBS hacking campaign came to light in early October and within two weeks the cybercriminals started naming victims on the Cl0p ransomware group’s leak website. The hackers have since made public data allegedly stolen from organizations such as Harvard University, American Airlines subsidiary Envoy Air, industrial giants Schneider Electric and Emerson, and The Washington Post.
The NHS is the latest organization named on the Cl0p ransomware leak website, which now lists more than 40 alleged victims of the Oracle EBS campaign. Data allegedly obtained from 25 targets has been published.
One of the victims named in recent days is Hitachi subsidiary GlobalLogic, a provider of digital engineering solutions.
GlobalLogic confirmed this week that the cybercriminals gained access to HR information for current and former employees, including names, addresses, contact information, dates of birth, passport information, Social Security numbers, salary information, and bank account details. The company said the incident impacts more than 10,000 individuals.
A majority of the organizations named on the Cl0p website have yet to confirm or deny being impacted. The list includes major companies such as Logitech, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.
Victims of the Oracle EBS hack are likely conducting investigations and some of them likely do not want to share information until their probes are completed. Others are likely trying to avoid the spotlight by staying silent.
While Cl0p’s history suggests that organizations are rarely listed as victims without cause, the actual scope of the breach may be exaggerated by the threat actors to pressure victims into payment.
| TechCrunch
Zack Whittaker
5:09 AM PST · November 17, 2025
The defacement of Protei's website said "another DPI/SORM provider bites the dust," apparently referring to the company selling its web intercept and surveillance products to phone and internet providers.
A Russian telecom company that develops technology to allow phone and internet companies to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned.
Founded in Russia, Protei makes telecommunications systems for phone and internet providers across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of central Africa. The company, now headquartered in Jordan, sells video conferencing technology and internet connectivity solutions, as well as surveillance equipment and web-filtering products, such as deep packet inspection systems.
It’s not clear exactly when or how Protei was hacked, but a copy of the company’s website saved on the Internet Archive’s Wayback Machine shows it was defaced on November 8. The website was restored soon after.
During the breach, the hacker obtained the contents of Protei’s web server — around 182 gigabytes of files — including emails dating back years.
A copy of Protei’s data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.
Mohammad Jalal, the managing director of Protei’s branch in Jordan, did not respond to a request for comment about the breach.
The identity of the hacker is not known, nor their motivations, but the defaced website read: “another DPI/SORM provider bites the dust.” The message likely references the company’s sales of deep packet inspection systems and other internet filtering technology for the Russian-developed lawful intercept system known as SORM.
SORM is the main lawful intercept system used across Russia as well as several other countries that use Russian technology. Phone and internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of calls, text messages, and web browsing data of the networks’ customers.
Deep-packet inspection devices allow telecom companies to identify and filter web traffic depending on its source, such as a social media website or a specific messaging app, and selectively block access. These systems are used for surveillance and censorship in regions where freedom of speech and expression are limited.
The Citizen Lab reported in 2023 that Iranian telecoms giant Ariantel had consulted with Protei about technology for logging internet traffic and blocking access to certain websites. Documents seen and published by The Citizen Lab show that Protei touted its technology’s ability to restrict or block access to websites for specific people or entire swathes of the population.
Reuters reuters.com
Reporting by Charlie Devereux and Aislinn Laing, additional reporting by Emma Pinedo, editing by Andrei Khalip, David Latona and Alexander Smith
MADRID, Nov 19 (Reuters) - Spain's parliament will investigate Meta (META.O), opens new tab for possible privacy violations of its Facebook and Instagram users, Spanish Prime Minister Pedro Sanchez said on Wednesday.
"In Spain, the law is above any algorithm or any large technology platform. And anyone who violates our rights will pay the consequences," Sanchez said in a statement.
The investigation stems from international research that found Meta had used a hidden mechanism to track the web activity of Android device users, Sanchez's office said.
Meta did not immediately reply to a request for comment.
Spain's investigation into the U.S. tech giant threatens to further sour relations with Washington, which has rounded on Madrid over its failure to meet NATO spending targets and for its friendliness with Beijing.
President Donald Trump's administration has also criticised the EU's Digital Markets Act, which seeks to curb the power of Big Tech, and the Digital Services Act, which requires large online platforms to tackle illegal and harmful content.
Spain's government said Meta may have violated various European Union laws on security and privacy including its General Data Protection Regulation (GDPR), the ePrivacy Directive, the DMA and the DSA.
Meta, which is led by U.S. billionaire Mark Zuckerberg, will be called to testify before a lower house committee, it added.
The company has had several legal clashes with the European Commission, which in preliminary findings in October said Meta and TikTok had breached their legal obligation to grant researchers adequate access to public data.
The Commission fined Meta 798 million euros ($923 million) in 2024 for abusive practices benefiting Facebook Marketplace while in July last year it charged the company for failing to comply with the DMA in its new pay or consent advertising model.
