Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

American steel giant Nucor confirms data breach in May attack

American steel giant Nucor confirms hackers stole data in a May cyberattack, following its earlier disclosure of the incident. Nucor, North America’s largest steel maker, confirmed hackers stole some data in a May cyberattack, following its earlier disclosure of the incident. Nucor Corporation (NYSE: NUE) is a major American steel company headquartered in Charlotte, North Carolina. […]

Nucor

American steel giant Nucor confirms hackers stole data in a May cyberattack, following its earlier disclosure of the incident.

Nucor, North America’s largest steel maker, confirmed hackers stole some data in a May cyberattack, following its earlier disclosure of the incident.

Nucor Corporation (NYSE: NUE) is a major American steel company headquartered in Charlotte, North Carolina. It’s the largest steel producer in the U.S. and North America’s top recycler of scrap metal.

In May, the company informed the Securities and Exchange Commission (SEC) that it had identified a cybersecurity incident involving unauthorized third party access to certain information technology systems.

“Nucor Corporation (the “Company”) recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company.” reads the FORM 8-K initially filed with SEC. “Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures. “

The company notified law enforcement and started the incident response procedure with the help of external cybersecurity experts. 

On Friday, Nucor provided an update on the security incident, confirming the theft of “limited data” from the impacted systems.

“As disclosed in the Original Form 8-K, the Company recently experienced a cybersecurity incident affecting certain information technology systems used by the Company. The Company’s investigation revealed that a threat actor illegally accessed the Company’s information technology systems. The cybersecurity incident resulted in a temporary limitation of access to portions of the Company’s information technology applications supporting some aspects of the Company’s operations at some of the Company’s facilities, and as noted in the Original Form 8-K, in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations.” reads the update sent filed by the company with SEC. “The Company’s investigation also determined that the threat actor exfiltrated limited data from the Company’s information technology systems. The Company is reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.”

Nucor has restored operations and IT systems after the cyberattack and believes the threat actor no longer has access to its infrastructure. The company pointed out that the incident had no material business or financial impact.

The notifications don’t include info about the nature of the attack, however, experts believe it was a victim of a ransomware attack. At this time, no known group has claimed responsibility for the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cyber attack)