惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
Project Zero
Project Zero
博客园 - 聂微东
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
Jina AI
Jina AI
C
Check Point Blog
博客园_首页
The GitHub Blog
The GitHub Blog
The Hacker News
The Hacker News
T
The Blog of Author Tim Ferriss
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cisco Blogs
人人都是产品经理
人人都是产品经理
V
Visual Studio Blog
A
Arctic Wolf
博客园 - 三生石上(FineUI控件)
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Forbes - Security
Forbes - Security
阮一峰的网络日志
阮一峰的网络日志
Engineering at Meta
Engineering at Meta
T
Troy Hunt's Blog
Microsoft Security Blog
Microsoft Security Blog
Spread Privacy
Spread Privacy
Schneier on Security
Schneier on Security
K
Kaspersky official blog
宝玉的分享
宝玉的分享
Google DeepMind News
Google DeepMind News
V2EX - 技术
V2EX - 技术
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Y
Y Combinator Blog
大猫的无限游戏
大猫的无限游戏
S
Security Affairs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - Franky
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
The Register - Security
The Register - Security
P
Proofpoint News Feed
小众软件
小众软件
S
Securelist
T
Tor Project blog

The Stack

How Lloyds has transformed its trusted critical data for AI Micron's revenue surges with no end to the memory shortage in sight Ubiquiti UniFi OS vulnerabilities exploited in the wild Mistral's new OCR 4 model shows size matters EU approves €76m in state aid for chip testing firm Even FedEx is a winner of the data centre boom Why AWS thinks AI coding assistants need a new place to run Why China is forging closer ties with open-source foundations China's CPU-only supercomputer tops power list Runtime: Why 'Bring-your-own-Cloud' is taking off; the TRAIT&R framework for agents, and... AWS adds yet another security tool to speed up patching OSS security finally gets a Magic Quadrant Places for People forking out £60m for new ERP system Google offers ATT&CK for bad AI, with surging cost forecast STACKUP: The Stack's weekly tech startups and funding wrap Bring Your Own Cloud: why more enterprises are buying in AWS takes NVIDIA "G7" Blackwell instances GA Runtime: Vercel sets up a new framework for agents, Databricks finds a new Genie, and… Borussia Dortmund's IT head has to sometimes think "outside of the box" Accenture stumbles after Middle East, AI, merger questions Cabinet Office offering £100k+ for AI "ambassador" Critical Splunk Enterprise vulnerability being exploited Accenture buys majority stake in OT security company Dragos npm's security rethink, Satya’s warning, a COBOL win, and... US spending billions to counter China's tech influence NatGeo Society CTO on migrating 15 years of video data to the cloud Alibaba opens French data centres in Europe cloud push SpaceX to take over Cursor in $60bn play for AI coding market Hosting firm Hetzner hikes prices sharply amid supply chain pain HSBC's CIO: AI is easy. True impact is hard. Databricks' Ali Ghodsi: 'Your processes have to change' Rackspace’s "30MW" AMD deal: The devil's in the details The Stack acquires Runtime What is npm doing to protect the JavaScript ecosystem Ron van Kemanade, Group COO, Lloyds, on agents, COBOL, IAM. Langflow instances are getting exploited – again Red Hat's $5 billion answer to Mythos: fix all the code OpenAI acquires German startup to spin up cloud dev environments for better agent control STACKUP: The Stack's weekly tech startups and funding wrap Microsoft CEO warns over concentrated AI model dependency Internet pillar cURL takes a summer holiday from security Anthropic knee-capped by abrupt export controls Months after losing its CEO, now Adobe's CFO gets poached Oracle zero-day exploited for nearly two weeks by Shiny Hunters HM Treasury needs a new CTO, the salary is below average AMD joins UK's Sovereign AI train with Cambridge "AI lab" Oracle PeopleSoft vulnerability exploited: 100s reported hit Oracle reports a $638 billion backlog The UK wants to record court hearings - but not an actual plan Bank of England restarts stalled £24m data collection refresh Anthropic warns LLMs can crank out N-day exploits cheap and fast Defender under Attack: June's Patch Tuesday in the spotlight The CISO needs to get focused on business resilience LibreOffice denounces Euro-Office as Microsoft Trojan Horse Apple's revamped Siri AI leans on Google models and cloud AI could be driving IT hiring in Europe, new report finds UK calls for “device-based” nude controls Cult browser project Ladybird cuts off code community UK gets $1.5bn AI Hardware Plan, and a big-coalition sovereign model plan too STACKUP: The Stack's weekly tech startups and funding wrap Fake IT support staff are walking in to US law firms to steal data Apple found a way to sharply cut token use Apache Livy graduates to Top-level project for Spark support Supabase raises $500m, looks to horizontal Postgres scaling GitLab Field CTO on unlikely customers pulling ahead with AI Killing the card? The UK’s banks eye a payments revolution MPs call on UK government to drop £330m Palantir-NHS deal The Tokenomics Foundation is coming for AI Finops Microsoft's new models give it a better moat The EU dropped its latest tech sovereignty package – what to know HMRC digital transformation: new customer service platform Tokenmaxxing is dead. Finops for AI is emerging slowly. This database company wants to take on Palantir ChatGPT 5.5 and Codex now on Bedrock for easy AWS access Multicloud gets sweeter with a 500 Mbps free private link Alphabet raising $80bn to keep up with ballooning AI CapEx How to get visibility and isolation for AI in Kubernetes Red Hat packages injected with worm in supply chain attack STACKUP: The Stack's weekly tech startups and funding wrap Dell COO says “pain” of price hikes will continue NVIDIA, MS tease tighter agent-native security primitives in Windows Sumedh Thakar: CISOs need to think Shock, WoW, and "AWE" Microsoft turns down temperature amid Nightmare Eclypse row IBM to put $5bn and 20,000 engineers into OSS security fight MongoDB eyes more federal work, snaps up partner Clarity Chinese cyber victims overlapping with industrial strategy - ESET Microsoft stirs a hornets nest over “criminal” zero day disclosure threats Snowflake's AI coding tool is "flywheel" for data platform “Headless” Salesforce hits 1 trillion API calls MySQL gets a foundation with no Oracle, but Alibaba presense GCHQ teases “blueprint” for national AI cyber defense BNP Paribas moves to “zero copy” data model Snowflake joins US federal discount scheme Can Dropbox's new CEO save it from stagnation? Zscaler CEO drools over Mythos tailwind, but Jason's and Joe's departures spook markets Google chases a Kubernetes moment for AI agents UKHSA sticks with Oracle after outsourcing payroll Lenovo eyes “personal AI super agents” in $100 billion drive US eyes physics-based safeguards for water cyber threats Accenture beats IBM in Post Office's latest bid to ditch Horizon
Scattered Spider: UK teen pleads guilty to TfL attack
Edward Targett · 2026-06-23 · via The Stack

Two British members of the Scattered Spider cybercrime group have pleaded guilty to a ransomware attack on Transport for London (TfL) in 2024.

The 2024 incident, said the National Crime Agency (NCA) this week, forced all 28,000 TfL employees to attend a TfL office for a password reset.

TfL’s annual report shows it suffered £29 million in loss and recovery costs after the incident, which took place between August 31 and September 4.

Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, both plead guilty to the attack. Flowers was initially arrested within days of the attack – police had raided his home on September 6.

They found hardware with evidence of other cybercriminal activity. 

The two had been communicating by Telegram and “an online tool where multiple participants can work remotely on a common workspace.”

Scattered Spider’s well-documented playbook typically saw social engineering used to gain an initial access vector – e.g. calling IT help desks or identity administrators while impersonating employees, in order to manipulate staff into resetting credentials or approving MFA requests. 

See also: MGM Resorts’ ransomware attack started with a single phone call

Cybersecurity firm Huntress suggested that high-profile attacks on Caesars, MGM Resorts, and Transport for London “all involved calling a help desk to reset credentials as the initial access vector” – TfL did not publish public Indicators of Compromise (IOCs) or detail the precise initial attack vector. 

Paul Foster, head of the NCA’s National Cyber Crime Unit, said the case was made possible because TfL engaged with law enforcement early – “I would urge any other organisation to please do the same in such circumstances.”

He added: “The profile of offenders like Flowers and Jubair demonstrates the increasing threat from cyber criminals based in the UK and other English-speaking countries, epitomised by Scattered Spider.”

TfL said in its annual report that it had to suspend access to travel concessions for several months after the attack; access to both Oyster and contactless journey histories was finally  restored in December.

It has since added “significant cybersecurity incident” to its set of core enterprise risks; breaking it out from “significant security incident”. 

Jubair and Flowers were due to stand trial at Woolwich Crown Court on June 22 but changed their pleas to guilty on the first day of proceedings. They are due to be sentenced at the same court on 16 July.

Join peers following The Stack on LinkedIn...