Penta Security Inc. > Blog > London Councils’ IT Systems Under Cyberattack

London Councils’ IT Systems Under Cyberattack

2025-11-27 Blog
London cyberattack hacker cyber attack councils

London Councils’ IT Systems Under Cyberattack

A significant cyberattack has disrupted the IT systems of multiple local authorities in London, including the Royal Borough of Kensington and Chelsea and Westminster City Council. The simultaneous impact occurred because the two major councils shared essential digital infrastructure, which led to a widespread outage of online services and public contact phone lines. A third council, Hammersmith and Fulham, also experienced disruptions after preemptively isolating its networks to ensure resident data safety. Authorities have since activated emergency plans, collaborating with national security experts and external specialists to contain the damage and begin the complex process of restoring critical resident services.

Source: Bleeping Computer, TechCrunch

Code Beautifier Exposed Credentials

A Security issue was found in two code-beautifying services, JSONFormatter and CodeBeautify. The vulnerability was not a technical flaw in the code processing itself, but a design issue where the “Recent Links” feature had no protection layer and generated URLs that followed a structured, predictable format. In result, it allowed a simple crawler to scrape the publicly accessible JSON snippets. The exposed data included over 80,000 pastes containing sensitive details like Active Directory credentials, database and cloud credentials, private keys, API tokens, CI/CD secrets, payment gateway keys, and large amounts of personally identifiable information (PII).

Source: The Hacker News

Harvard University Discloses Data Breach

The Harvard University data breach was caused by a phone-based phishing attack that compromised the university’s Alumni Affairs and Development information systems. The type of data exposed includes email addresses, telephone numbers, home and business addresses, event attendance records, donation details, and biographical information pertaining to fundraising and alumni engagement. The two key categories of people affected include Alumni and donors to Harvard University, alongside some current students, faculty, and staff. The key action Harvard recommended to its affected individuals was to be suspicious of calls, text messages, or emails claiming to be from the university, particularly those requesting sensitive information, and to report any unusual communications to their call center.

Source: Harvard University, Security Week

Iberia Customer Data Leaked After Vendor Security Breach

The Iberia customer data leak originated from a security incident at one of its suppliers. The specific time frame of the breach is not provided, but the disclosure came days after a threat actor claimed to have access to 77 GB of data roughly a week ago. The exposed data includes the customer’s name and surname, email address, and Loyalty card (Iberia Club) identification number. Iberia’s key recommended action to its affected customers was to pay attention to any suspicious communications they may receive to avoid potential phishing or social engineering attempts and to report any anomalous or suspicious activity to their call center.

Source: Bleeping Computer, Security Affairs

Palo Alto Networks’ GlobalProtect VPN Portals Got Attacked

A massive brute-force scanning campaign against Palo Alto Networks’ GlobalProtect VPN portals recorded approximately 2.3 million malicious sessions since mid-November 2025. This coordinated campaign, which surged 40-fold in a single day, targeted the /global-protect/login.esp URI with the key goal of gaining unauthorized access to enterprise systems. Researchers believe this scanning may precede the exploitation of a specific vulnerability, and they did not tie the attacks to a single CVE at the time of the report. To mitigate the ongoing threat, Palo Alto Networks recommended that customers immediately upgrade to patched versions and implement rate limiting on VPN authentication endpoints.

Source: Cyber Press

 

 

Click here to subscribe our Newsletter

Click here for inquiries regarding the partner system of Penta Security

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

 

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Click here for inquiries regarding the partner system of Cloudbric

Tags: