Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Nonprofit organization Special Olympics New York hacked and its server used to send phishing emails

Special Olympics of New York, a nonprofit organization focused on competitive athletes with intellectual disabilities was hacked. Special Olympics New York provides inclusive opportunities for people with intellectual disabilities to compete in Olympic-style, coached sports.  Unfortunately, the nonprofit organization was hacked during the Christmas holiday and the attackers later used its email server to launch […]

Special Olympics New York phishing

Source Bleeping Computer

Special Olympics of New York, a nonprofit organization focused on competitive athletes with intellectual disabilities was hacked.

Special Olympics New York provides inclusive opportunities for people with intellectual disabilities to compete in Olympic-style, coached sports. 

Unfortunately, the nonprofit organization was hacked during the Christmas holiday and the attackers later used its email server to launch a phishing campaign against its donors.

“Friends, Boo! As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies. While donating to Special Olympics NY is always a good idea, we would never ask in such a grinchy way.” wrote Stacey Hengsterman, President & CEO of Special Olympics NY, in a post published on Instagram.

“We immediately heard from so many of you and for that we are grateful.
We are sorry for the inconvenience and hope you are all enjoying your holiday season!”

The organization disclosed the hack and announced to have locked out the attackers, it also sent a data breach notification to affected people, recommending them to disregard the last received message from the organization.

SVP of External Relations for Special Olympics NY Casey Vattimo announced the hack via Twitter, and confirmed that the situation was restored.

Special Olympics New York reported that intrusion only affected the “communications system” that contained donors’ contact information, it also pointed out that no financial data was exposed.

The phishing messages sent to the donors alerted them of an impending donation transaction that would automatically debit $1,942,49 from the target’s account within two hours.

Using this trick attackers aimed at tricking the victims into clicking on one of the two embedded hyperlinks that were redirecting them to a PDF version of the transaction statement.

“Please review and confirm that all is correct, if you have any questions, please find my office ext number in the statement and call me back,” read the content of the phishing emails. “It is not a mistake, i verified all twice. Thank you, have a great weekend.”

The phishing email utilized a Constant Contact tracking URL that redirected the victims to a page designed to steal donors’ credit card details.

Casey Vattimo added that users could now make donations without problems, she also added that all amounts donated to Special Olympics NY through December 31 will be tripled courtesy of Finish Line.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Iran, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]