TL;DR Cobalt.io runs a credit-based pricing model at roughly $1,800 per credit, with most enterprise buyers spending between $15,000 and $40,000 per year. This guide breaks down how the credit model works, what drives total cost beyond the headline number, and how Cobalt’s pricing and value compare directly against Synack at a similar annual budget. […] The post Cobalt.io Pricing: What Cobalt Costs in 2026 (vs Synack) appeared first on Synack .
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 1:01 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt. The same research found Quick Share flaws that
Post-quantum cryptography is now one pip-install away for the entire Python ecosystem. With funding from the Sovereign Tech Agency , we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in pyca/cryptography . On June 22, 2026, the White House ordered the U.S. government to accelerate its transition to post-quantum cryptography. The order says large-scale quantum computers, especially in adversarial hands, will threaten widely used cryptographic systems, and that attackers may already be collecting encrypted data now so they can decrypt it later. It also sets concrete migration deadlines: high-value and high-impact federal systems must use post-quantum key establishment by December 31, 2030 , and post-quantum digital signatures by December 31, 2031 . And even if you don’t care about quantum resistance, that’s not a problem because quantum resistance isn’t the main benefit of post-quantum crypto. That transition cannot happen only at the policy layer. Every application that signs packages, validates certificates, establishes secure channels, or protects long-lived secrets depends on cryptographic libraries. If those libraries do not expose post-quantum algorithms, the software stack cannot migrate. Almost every Python program that touches cryptography goes through pyca/cryptography . It’s currently the eleventh most-downloaded package on PyPI&l
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account's backup, read the private and group message history, and take over the account. Worse, the key keeps working.
TL;DR Most attack surface management tools solve only half the problem: they map what’s exposed and stop there, leaving security teams to guess which findings actually matter. This review ranks the top 10 ASM platforms for 2026 on discovery breadth, exploit validation, and how well each holds up inside a real security program. Synack leads […] The post Best Attack Surface Management Tools in 2026 (Top 10, Reviewed) appeared first on Synack .
Latest
Tuesday, June 30
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated
https://mooofin.github.io/portfolio/blog/s4nct1m0ny.html tuts for ISF from kernel DWARF. for vol as well . loginwindow plaintext credential extraction, Chainbreaker 3DES keychain decryption, and full RE of a Swift dropper using machine Hardware UUID as decryption key , ive tried to make it very less jargon and reader friendly
Post-quantum cryptography is now one pip-install away for the entire Python ecosystem. With funding from the Sovereign Tech Agency , we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in pyca/cryptography . On June 22, 2026, the White House ordered the U.S. government to accelerate its transition to post-quantum cryptography. The order says large-scale quantum computers, especially in adversarial hands, will threaten widely used cryptographic systems, and that attackers may already be collecting encrypted data now so they can decrypt it later. It also sets concrete migration deadlines: high-value and high-impact federal systems must use post-quantum key establishment by December 31, 2030 , and post-quantum digital signatures by December 31, 2031 . And even if you don’t care about quantum resistance, that’s not a problem because quantum resistance isn’t the main benefit of post-quantum crypto. That transition cannot happen only at the policy layer. Every application that signs packages, validates certificates, establishes secure channels, or protects long-lived secrets depends on cryptographic libraries. If those libraries do not expose post-quantum algorithms, the software stack cannot migrate. Almost every Python program that touches cryptography goes through pyca/cryptography . It’s currently the eleventh most-downloaded package on PyPI&l
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt. The same research found Quick Share flaws that
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. An
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in an
A recent phishing campaign targeting Booking.com hotel partners is using the ClickFix social engineering technique to compromise hotel systems. After stealing hotel extranet credentials, attackers gain access to legitimate guest reservation details and use that information to send highly convincing phishing messages requesting fake payments or updated card details. The campaign follows a recent wave of Booking.com hotel account compromises. More details in thr linked article
Monday, June 29
Hundreds of contractors working on a project for Meta pretended to be kids in order to see how other chatbots like Gemini and ChatGPT would respond to high-risk subjects, WIRED found.
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
Welcome back to another watchTowr Labs blog post. This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping people out, and CVE-2026-8037 keeps that streak alive: a pre-authentication Remote Code Execution vulnerability accessible to anyone who can access the API. So, in probably a predictable turn of events, we're back doing what we do best. What Is A Kemp LoadMaster, and What Is CVE-2026-8037? Produced by Progress (of MoveIT fame), Kemp LoadMaster is a load balancer and application delivery controller (ADC) that distributes incoming network traffic across multiple servers to keep applications available, responsive, and scalable. Typically, beyond basic load balancing, it provides Layer 4 and Layer 7 traffic management, SSL/TLS offloading, content switching, health checking, and a built-in web application firewall (WAF) to protect against common threats. Why would you use it? Well, Progress has us covered here:
pagecache-lpe-containment-kit: Educational, defensive kit for two Linux page-cache-corruption LPEs (DirtyClone CVE-2026-43503, pedit COW CVE-2026-46331): hardening, detection, verification, seccomp + validation harness. Detection and prevention only — no exploit code. TLP:CLEAR.
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called "
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today,
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting. Here’s the full Monday recap. ⚡ Threat of the Week New DirtyClone Linux Kernel Flaw Lets Local
Key Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same campaign. This report contains data from both intrusions. We plan to release a DFIR Labs […] The post From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira appeared first on The DFIR Report .
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of these
Mozilla remains committed to maintaining a secure, trustworthy, and transparent Web PKI. Today we are announcing the publication of Mozilla Root Store Policy (MRSP) version 3.1, effective July 1, 2026. While previous policy updates focused heavily on certificate revocation, automation, and operational resilience, MRSP v3.1 focuses on a different challenge: ensuring that Certification Authority (CA) operations are sufficiently transparent, understandable, and auditable. Trust in the Web PKI depends not only on technical requirements, but also on the ability of Mozilla, auditors, and the broader community to understand how CA systems are designed, operated, and assessed. MRSP v3.1 introduces new requirements intended to improve the quality of CA documentation and strengthen independent assurance of the design and effectiveness of controls that protect CA systems. Improving CP/CPS Documentation Certification Practice Statements (CPSes) and combined Certificate Policy / Certification Practice Statement documents (CP/CPSes) are among the most important public documents published by a CA. They describe how a CA conducts its operations and meets industry requirements. Over the years, we have seen significant variation in the quality, structure, and level of detail provided in CP/CPS documentation. Some documents provide extensive implementation detail, while others rely heavily on incorporation by reference or provide only high-level descriptions of CA practices. The revised policy will continue to require conformance with RFC 3647, as modified by applicable CA/Browser Forum requirements. Improvements to section 3.3 in the MRSP will establish clearer expectations regarding the content and quality of CP/CPS documentation. The new requirements emphasize that documentation must be explicit, bounded, auditable, and sufficientl
Europe’s pro-competition proposals could see Google Search and Android systems opened up. The company claims there are serious privacy flaws.
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in a
Sunday, June 28
Reverse-engineering VMware's encrypted + compressed VM memory checkpoint format (vTPM "partial" encryption)
>On June 18, an international police operation seized the servers behind the fake "update your browser" pop-up, the one that has been tricking people into installing malware since 2017. They took down 106 servers and domains and scrubbed the malware off 14,971 hacked websites. >Dutch police, who led the operation, say the login details for 1.4 million websites were exposed in the process. The breach-notification service [Have I Been Pwned](https://haveibeenpwned.com/?ref=freshfromcache.com) was handed 154,000 email addresses and more than half a million passwords from the haul. Canada's federal police disinfected 2,488 computers and notified every Canadian victim they could identify. >The Netherlands, the FBI, Germany, and Canada ran it together with Europol behind them, as part of an ongoing campaign called Operation Endgame that has spent two years knocking out malware services hundreds of servers at a time. >SocGholish is tied to Evil Corp (yes, that's really their name), a Russian group that law enforcement knows well. The US, UK, and Australia have all sanctioned Evil Corp. Its alleged leader, Maksim Yakubets, carries a $5 million FBI bounty and is believed to have worked with Russian intelligence.
Saturday, June 27
Reverse Engineering dobreprogramy.pl Bundler - Extracting Clean Download URLs Without Executing Adware
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our most
Plus: Former national security advisor John Bolton pleads guilty in classified-materials case, Microsoft helps take down major infostealer infrastructure, and more.
Recently I ran into a problem: I needed to analyze a VMware snapshot of a Windows 11 25H2 VM, but the VM had a vTPM, which makes VMware silently encrypt the .vmem/.vmsn/.vmss/.nvram. Volatility just couldn't find the kernel, and I couldn't find any existing tool to decrypt these files for offline analysis. So I reverse-engineered the format with the help of Claude and wrote one. It's called vmem-decrypt (pure Python): \- Recovers the data-file key from the VM password (PBKDF2 → AES-256-CBC key chain VMware labels everything "XTS-AES-256" but it's actually CBC, which trips up most people). \- Decrypts .vmem/.vmsn/.vmss/.nvram. \- Flattens the decrypted .vmem into a flat, Volatility-ready image. (VMware compresses then encrypts, so it's still in a proprietary checkpoint LZ77 layout) Workflow: pull the password hash from the .vmx (VM-Password-Extractor) → crack with hashcat (mode 27400) → feed the password to the tool → run Volatility. Full steps + format notes in the README. Tested on VMware Workstation Pro 26H1 / Win11 25H2 (build 26100), Volatility 3. Feedback welcome, especially snapshots from other VMware versions to test the format against. Repo: [https://github.com/heeeyaaaa/vmem-decrypt](https://github.com/heeeyaaaa/vmem-decrypt) (Yes, I used AI to help build this. It's tested and it works, that's what matters. Happy to walk through any part of how it works.)
Friday, June 26
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account's backup, read the private and group message history, and take over the account. Worse, the key keeps working.
Seeking feedback: Searchable index of EXIF/IPTC/XMP metadata from 720M+ public images — potentially useful for digital forensics investigations
I've been building a tool called Image-Meta and would love feedback from people who actually do forensics work, since that's one of the primary use cases I'm trying to serve well. \*\*What it does:\*\* Crawls and indexes the embedded metadata from publicly accessible images using ExifTool. Currently \~720 million images indexed with full EXIF/IPTC/XMP extraction. \*\*Forensics-relevant capabilities:\*\* \*\*Device attribution\*\* \- Search by camera serial number — link multiple images across different domains or accounts back to the same physical device \- Make/model filtering to narrow device type before drilling into serial \*\*Identity traces\*\* \- Author, copyright, rights, and description fields often contain real names, emails, and organizational affiliations that subjects didn't know were there \- Software fields can expose Photoshop/Lightroom license strings, machine names, or internal workflow metadata \*\*Timeline reconstruction\*\* \- foundDT = date we first indexed the image (earliest known appearance online) \- createDT / modifyDT = timestamps embedded in the file itself \- Useful for establishing when an image was created vs. when it first appeared publicly \*\*GPS / geospatial\*\* (Not available to public without subscription) \- Coordinate + radius search for images taken near a location \- Reverse-geocoded address search \- Many images still carry precise GPS even when uploaded to platforms that claim to strip metadata \*\*What I'm looking for feedback on:\*\* \- Are there metadata fields or query types that would make this more useful in an actual investigation workflow? \- Is the API structure (REST, Bearer token, field-level boolean search) something that integrates well with existing tooling? \- What's missing that you'd expect from a tool like this? Not trying to sell anything here — genuinely want to understand what the forensics community needs before I build more features. [https://image-meta.com](https://image-meta.com) API docs: [https://image-meta.com/api-docs](https://image-meta.com/api-docs)
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a diplomatic organization in Indonesia, government organizations in Taiwan,
Boards and CIOs are pushing security teams to build internal AI pentesting tools, but is it worth it? This piece walks through the five questions security teams should ask when deciding between build vs buy for AI pentesting. The post Considering Build vs. Buy for AI Pentesting? Top 5 Questions to Ask appeared first on Synack .
Exposed records from the private group included the personal information of a senior White House intelligence official and an active-duty special operations officer.
AI has handed hackers a resource advantage. Winning it back means spending your own resources far more precisely, and that’s the strategy we call Dynamic Defense. The principle is simple. Contain the threat just enough, for just long enough, until the risk is removed. This piece shows how that works as a five-stage loop that […] The post How Dynamic Defense shuts an attacker out without shutting down the business appeared first on Heimdal Security Blog .
AI has flipped the economics of cybersecurity in the attacker’s favor. For most of the last decade, defenders held the cost advantage, buying down their risk with a stack of largely static controls. That advantage is gone, and winning it back is the central problem facing every security team in 2026. I think the answer […] The post Static security has run out of road. The case for Dynamic Defense appeared first on Heimdal Security Blog .
The Cyber Resilience Act (CRA) is a regulation introduced by the European Union to strengthen cybersecurity requirements for products with digital elements. In simple terms, the CRA sets mandatory cybersecurity rules for hardware and software sold in the EU. This includes everything from connected devices (IoT) to operating systems and even stand-alone software. Very important, this concerns any company that wants to sell their products into the EU, regardless whether that company is based in the EU or not. The goal is to ensure that digital products placed on the EU market are secure by design and default and remain secure over time. That also means that the CRA does not stop at the launch of a product. It covers the entire lifecycle from design and development all the way through updates and vulnerability management. It also brings everyone in the product pipeline into responsibility. The CRA entered into force on 10 December 2024 , meaning it is already officially law in the EU, although most obligations are not yet applicable. The implementation is phased. From 11 September 2026 , companies will already need to comply with certain reporting obligations, particularly related to the notification of vulnerabilities and security incidents. From 11 December 2027 , the CRA will be fully applicable. Also, products with digital elements that have been placed on the market before 11 December 2027 are not subject to the CRA unless, from that date, they are subject to a substantial modification. Reporting obligations apply to all products with digital elements that have been made available on the Union market, including those already placed on the market before 11 December 2027. Preparing for the CRA is ultimately not just about interpreting legal text, but about translating regulatory expectations into concrete t
Release of GuardDog 3.0, an open-source tool to identify malicious packages, featuring a new YARA-based rules engine, a risk scoring engine, and built-in sandboxing.
Thursday, June 25
We’re sharing two headline numbers as an early look at our State of Continuous Security Validation report before the full analysis lands in July. Turns out 95% of security teams discover high or critical vulnerabilities outside their scheduled testing windows—proof that cadence alone is no longer a reliable measure of coverage. The post The State of Continuous Security Validation: An Early Look at the Data appeared first on Synack .
As UK police embrace the AI revolution, a WIRED investigation reveals the messy inside story of one region’s experiment with predictive analytics.
TL;DR Cobalt.io runs a credit-based pricing model at roughly $1,800 per credit, with most enterprise buyers spending between $15,000 and $40,000 per year. This guide breaks down how the credit model works, what drives total cost beyond the headline number, and how Cobalt’s pricing and value compare directly against Synack at a similar annual budget. […] The post Cobalt.io Pricing: What Cobalt Costs in 2026 (vs Synack) appeared first on Synack .
TL;DR Most attack surface management tools solve only half the problem: they map what’s exposed and stop there, leaving security teams to guess which findings actually matter. This review ranks the top 10 ASM platforms for 2026 on discovery breadth, exploit validation, and how well each holds up inside a real security program. Synack leads […] The post Best Attack Surface Management Tools in 2026 (Top 10, Reviewed) appeared first on Synack .
Wednesday, June 24
Open bug bounty programs are buckling under AI-generated noise, triage overload, and coverage blind spots. Synack's PTaaS platform and security researchers on the Synack Red Team preserve what works about incentivized research while fixing what doesn't. The post The Bug Bounty Model Is Failing. It’s Time to Say It Out Loud. appeared first on Synack .
MSPs spend too much time talking to other MSPs and not enough time talking to the people they’re supposed to serve. That’s Paul Croker’s view of some of the channel’s biggest growth problems. While most industry events bring technology professionals together, they rarely put them in the same room as the business leaders making […] The post Breaking the MSP Echo Chamber: The Power of Community appeared first on Heimdal Security Blog .
If you ever wanted to carve out a piece of MFT/Journal - a timeframe, path or file extensions... here's your chance
I worked in forensics for many years and one of the most annoying things in MFT/Journal analysis, is that initial work of prepping the files until they are readable by humans (size, format, timeframe). I used to export to csv, open in emeditor, then carve out the time periods I did not care about, but that took time and was not reliable. Now, with the emergence of AI, I was finally able to create the app that does it. It basically allows you to select a timeframe, extensions you do or do not care about, folders you wish to exclude, and go on your merry way of exporting the valid but carved out MFT for use in other tools or a CSV for use in your favorite tools, too. As this could be a collaborative project... and I will NEVER sell it, it will remain free (and maybe even open source) - what else would you like to see in such an app? Mods, am I allowed to add a link to a free tool here? https://preview.redd.it/smc3u9vl679h1.png?width=2470&format=png&auto=webp&s=8435e8ed9428b9d46396d069816eefe7fe631af1 I am almost certain there is no free or paid software out there that allows this kind of laser-focused carving of MFT files for speed of analysis. If the mods allow it, I'll post a link to the download. It's Freeware.
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I know enough about home cinema audiovisual to know there's a lot I don't know. It's conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That's not to sound derogatory (it's spelled out that way in the competence model ), rather it recognises that this is a super specialised area and as soon as you start scratching the surface, things get very complex and very expensive really fast. But it's also exciting, and what we've got in the pipeline for our house expansion will blow you away. More to come soon
Tuesday, June 23
The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the files.
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London , the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider , and their guilty pleas came on the first day of what was expected to be a six-week trial. Owen Flowers (left) 18, and Thalha Jubair, 20. Image: UK National Crime Agency (NCA). Thalha Jubair , 20, of East London and 18-year-old Owen Flowers of Walsall admitted conspiring to commit unauthorized acts against Transport for London computer systems and causing risk of serious damage to human welfare. According to a report from the BBC, Flowers alone admitted to being part of a conspiracy to hack into U.S. based healthcare providers SSM Health Care Corporation and Sutter Health in September 2024. Jubair is also wanted by U.S. law enforcement agencies. In September 2025, prosecutors in New Jersey unsealed