In Moldova, hackers attacked a medical database, damaging 30% of the information
UNN reports: Moldova’s Cybersecurity Agency has reported a large-scale attack on the country’s main medical database, resulting in damage to around 30% of the information, according to Point, as reported by UNN. The agency’s deputy director said the attackers had been targeting the platform over the past month. The database is a key hub collecting data… […]
The “BlueLeaks 2.0” Breach: Will there be any accountability? Senators start with transparency.
A DataBreaches.net Editorial The “BlueLeaks 2.0” data breach may be the worst privacy and data security breach affecting students that DataBreaches has seen in 20 years of reporting on breaches affecting the education sector. If people thought the Power School incident was the worst ever, hold my coffee. Who will hold P3 Global Intel (“P3”)… […]
Alleged member of Scattered Spider arrested in Finland, U.S. seeks extradition
Jason Meisner reports: The high-tech cyber hacker who goes by the online moniker “Bouquet” jetted around the world, from Dubai to Thailand to New York, staying in five-star hotels and flashing cash and jewels, federal authorities allege. As his internet attacks grew bolder and more sophisticated, he taunted the FBI for being a step behind,… […]
Post Title
Michael Martin reports: Cherry Health says it is dealing with ongoing technology issues, but days into the disruption, officials have not explained what’s causing them. In a notice posted to their website Monday, the health system said it is “experiencing technology issues across Cherry Health, including our phone system.” Their clinics remain open for scheduled… […]
Regulator fines Fidelity Brokerage Services $1.25M over data breach
Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that resulted in a data breach affecting about 77,000 customers. “After learning of the breach, Fidelity also failed to notify many impacted residents, including the relatives and minor children… […]
Alleged Silk Typhoon hacker extradited to US
Lawrence Abrams reports: A Chinese national accused of carrying out cyberespionage operations for China’s intelligence services has been extradited from Italy to the United States to face criminal charges. According to a DOJ announcement, Xu Zewei is alleged to be a contract hacker for China’s Ministry of State Security (MSS) who conducted breaches between February… […]
One ransomware crew now drives half of all cyber claims: At-Bay
Kenneth Araullo reports: A single ransomware crew exploiting a single brand of firewall is now driving nearly half of all cyber insurance claims, At-Bay has warned, in a finding that recasts how underwriters and brokers should be thinking about risk selection. The cyber carrier’s 2026 InsurSec Report, drawn from more than 6,500 claims and 100,000… […]
TH: Hacker steals personal data of 350,000 engineers
The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in the council’s board, said that about a week ago a hacker breached the database containing members’ personal data when it… […]
KR: Data of 100,000 leaked from Lee & Lee Country golf club; N. Korean hacking suspected
Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after the website of Lee & Lee Country Club in the county of Gapyeong, about 55 kilometers northeast of Seoul, was hacked, with… […]
OCR Announces Settlements of Four Ransomware Investigations that Affected Over 427,000 Individuals
Yesterday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced settlements with four regulated entities following separate ransomware investigations under HIPAA’S Security Rule. For those keeping count: the resolutions announced mark 19 completed investigations from ransomware breaches and 13 completed investigations in OCR’s Risk Analysis Initiative. The settlements follow… […]
South Korea’s regulator fines matchmaking service Duo $830,000 over data breach
Hyun Su-a reports: Duo Info, South Korea’s top matchmaking company, leaked the personal information of 430,000 members, authorities said. The leaked items went far beyond names and email addresses to include religion, hobbies, height, weight, education and remarriage history. Excluding income and asset information, virtually all of the members’ personal details were exposed externally. The… […]
Healthcare AI Firm Sued Over Alleged Unlawful Disclosures of Genetic Data
Steve Alder reports: Tempus AI, a publicly traded healthcare artificial intelligence company, is facing multiple class action lawsuits over the alleged unauthorized collection and disclosure of genetic testing results, which were derived from genetic testing by Ambry Genetics Corporation (Ambry Genetics). Tempus AI used Ambry Genetics’ genetic database to train its AI models. Tempus AI… […]
Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft
From the so-there-they-are! dept Out of sight, out of mind? It seems like ages ago that DataBreaches last reported on the Trigona ransomware group, but it was actually in September 2023. After that, DataBreaches lost track of them, and after a few months, concluded that they had disappeared or disbanded. But a check of ransomlook.io… […]
Half a million Britons’ medical data were offered for sale on Alibaba in major UK Biobank breach
Harry Taylor reports: Data from 500,000 people who volunteered their health information to the UK Biobank has been breached and offered for sale online in China. Technology Minister Ian Murray said that information of all half a million members had been listed for sale on the website Alibaba, as he called the breach an “unacceptable abuse” of data. He… […]
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alone, RAMP functioned like a business platform where criminals could sell access, recruit affiliates, advertise ransomware, and negotiate deals in private. What… […]
Mile Bluff Medical Center says security incident that involved data encryption disrupted phone, computer systems
DysruptionHub reports: Mile Bluff Medical Center in Mauston, Wisconsin, said Tuesday that a security event involving data encryption disrupted some phone and computer functions, prompting clinical teams to shift to downtime procedures while patient care continued. The hospital said it activated security protocols immediately after detecting the issue and began an investigation with internal experts… […]
NOT for Sale! BlueLeaks 2.0 Hacktivist decides not to sell dataset with sensitive data
Just when I thought I might be done with work for the day, DataBreaches received an email from “Internet Yiff Machine” (IYM), the hacktivist responsible for hacking P3 Global Intel in what has been called the “Blue Leaks 2.0” breach. As most readers know by now, IYM provided a dataset of 8.3 million tips that… […]
Outside FDA, Inside the Crosshairs: Cybersecurity Risks for General Wellness and Fitness Products
Troutman Pepper Locke writes: In Part One of this series, we discussed how wellness products sit at the intersection of Food and Drug Administration (FDA), Health Insurance Portability and Accountability Act (HIPAA), Federal Trade Commission (FTC), and state privacy/breach laws. In Part Two, we analyzed FDA’s 2026 General Wellness guidance and what it means for device-level cybersecurity expectations…. […]
BlueLeaks 2.0: 7,300+ Schools, Referral Systems Reported, and a Breach Navigate360 Still Hasn’t Publicly Confirmed
Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about students on a platform that promised them anonymity and security. DDoSecrets.org named the incident “Blue Leaks 2.0” because, like a previous leak… […]
Dutch warship compromised with $5 tracker and a postcard
Ann-Marie Corvin reports: Cheap tech just keeps on exposing NATO warships. In the latest example, a journalist was able to send a Bluetooth tracker to a Dutch frigate. Just Vervaart, working for regional broadcaster Omroep Gelderland, hid the $5 Bluetooth tracker inside an envelope with a postcard via the military postal service. The reporter followed… […]
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
Phil Muncaster reports: Next.js developer Vercel has confirmed a cyber-incident conducted by a “highly sophisticated” attacker which may have resulted in threat actors getting hold of sensitive internal data. The US firm, which provides developer tools and cloud infrastructure, said in an updated April 21 notice that the unauthorized access originated from an employee’s use… […]
Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims
And then there were three…. A third man has pleaded guilty to conspiring with two other cybersecurity professionals and BlackCat to use BlackCat’s ransomware and negotiation platform to target U.S. firms. Ryan Goldberg of Georgia and Kevin Martin of Texas pleaded guilty in December, and are scheduled to be sentenced on April 30. Two of… […]
Minidoka Memorial Hospital updates Easter morning cyberattack
Dysruption Hub reports: Minidoka Memorial Hospital in Rupert, Idaho, said a cyber incident on Easter morning, April 5, limited imaging services and led to some emergency patient transfers, though the hospital and its clinics continued treating patients. In an April 17 social media update, the hospital said the incident temporarily affected certain internal systems and had… […]
Breach at BE PRIME cybersecurity company exposes client data and surveillance systems; Be Prime threatens journalists
Alberto Payo reports: A cybersecurity company based in Mexico, BePrime, was reportedly the victim of a cyberattack that allegedly resulted in the leak of 12.6 GB of data and access to network infrastructure and video surveillance, according to information published by the supposed attacker on a cybercrime forum. The company, which provides connectivity and security services to large corporations… […]
Qilin’s 2024 attack on NHS vendor continues to impact patient care for one NHS Trust
Long-term follow-ups are important, and DataBreaches is glad that Alexander Martin points out that at least one NHS Trust is still impacted by the Qilin ransomware attack on Synnovis in 2024. From his reporting: At South London and Maudsley NHS Foundation Trust (SLaM), pathology systems have not been restored as of publication, with the trust… […]
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware
Daryna Antoniuk reports: Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. Ukraine’s computer emergency response team (CERT-UA) said the activity was carried out by a group tracked as UAC-0247, which launched multiple attacks over the past two months against municipal authorities, clinical hospitals… […]
Tax documents for school employees potentially stolen across Los Angeles County
Jason Henry reports: The Los Angeles County Office of Education is investigating the possibility that bad actors gained access to the electronic tax documents of teachers and administrators after employees at schools around the county received letters indicating fraudulent tax filings had been submitted in their names. The Southern California News Group confirmed that employees… […]
Judge lets state auditor’s investigation into data breach affecting Blue Cross Blue Shield members move forward
There’s an update to a lawsuit involving Blue Cross Blue Shield of Montana’s parent company, HCSC, and Montana’s state auditor. As previously reported, after BCBSMT notified the state of the Conduent breach that had affected 462,000 members, the state auditor opened an investigation into whether the notification to the state was timely. HCSC claimed the… […]
Tyler Robert Buchanan pleads guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft.
On November 20, 2024, the government unsealed charges against five defendants associated with Scattered Spider, One of them, Noah Michael Urban pleaded guilty in a Florida courtroom in April 2025. On August 20, 2025, “King Bob,” as he was often known, was sentenced to ten years in prison and $13 million in restitution. A second man, Tyler Robert… […]
Anthropic’s Dario Amodei heads to White House amid hacking fears over Mythos
Ian Duncan and Cat Zakrzewski report: Anthropic chief executive Dario Amodei is set to meet White House Chief of Staff Susie Wiles on Friday, according to a person briefed on the plan, as the federal government races to understand the national security implications of a powerful new artificial intelligence model the company says it has… […]
AI ghost narratives create a minefield for entities and journalists
There’s a thought-provoking article on CyberScoop by Mary Catherine Sullivan and Brett Callow of FTI. They provide examples of three types of incidents in which AI has created or contributed to fake narratives that can trigger a crisis response, require allocating significant resources, damage reputation, or give journalists a professional black eye: A company wakes… […]
Brussels launched an age checking app. It took 2 minutes to hack it.
Émile Marzolf, Ellen O’Regan, and Eliza Gkritsi report: The European Union’s unveiling of a mobile app to check people’s age online has quickly turned sour, as cybersecurity experts found glaring privacy and security problems with the code. European Commission President Ursula von der Leyen presented the age-verification tool in Brussels on Wednesday, saying it was… […]
Connecticut AG Puts Businesses on Notice: Old Laws Still Apply to AI
CPI reports: Connecticut Attorney General William Tong has issued a sweeping advisory clarifying that businesses deploying artificial intelligence systems remain fully subject to the state’s existing legal framework—even in the absence of a comprehensive, AI-specific statute. The guidance, as analyzed by Squire Patton Boggs, underscores a central message for compliance officers and in-house counsel: AI does… […]
Are Former Black Basta Affiliates Automating Executive Targeting?
A new report by Reliaquest considers data suggesting that former Black Basta affiliates are not only using the gang’s social engineering playbook, but have been successfully honing it and targeting corporate executives: A new campaign is successfully evolving “Black Basta’s” signature social engineering playbook into a faster, more targeted, and increasingly automated intrusion method aimed at senior… […]
State to audit Ohio school districts’ cybersecurity plans
Siobhan Harms reports: The Ohio Auditor of State’s Office will begin evaluating school districts’ cybersecurity policies in July. As outlined by House Bill 96, districts had to implement a cybersecurity program that safeguards the district’s data, information technology and information technology resources to ensure availability, confidentiality and integrity. The law reads, “The program shall be… […]
Oklahoma State Tax Commission Fails To Notice Data Breach for 18 Months
DataBreaches missed this one, but The Daily Hodl didn’t. They reported on March 31: A US state tax agency has placed taxpayers’ personal info at risk by missing an extended data breach that lasted 18 months. The Oklahoma Tax Commission (OTC) says the breach happened between July 2024 and December 2025, per a new filing with the… […]
Northern Ireland school IT systems ‘largely restored’ after cyber attack
Barry O’Connor provides an update on the C2K breach in Northern Ireland: The IT systems in schools targeted in a cyber attack last week have been “largely restored” the Education Authority (EA) has said. All online and IT systems in schools are provided through the C2K network, managed by the EA. The attack left all schools… […]
Teen arrested in Northern Ireland over cyberattack on school network
Alexander Martin reports: A 16-year-old boy has been arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students. The boy, who has not been named for legal reasons, was arrested Wednesday in Portadown, County Armagh, on suspicion of offenses under the Computer Misuse Act. The… […]
Double trouble: Hackers used both Claude Code and ChatGPT in a cybersecurity hack that lasted two and a half months.
Kenna Hughes-Castleberry reports: Nine Mexican government agencies were hacked in an artificial intelligence (AI)-driven cyber campaign between December 2025 and mid-February 2026 in what researchers have said should “serve as a wake-up call.” According to researchers at cybersecurity company Gambit Security, a small group of individuals used Claude Code and OpenAI’s GPT-4.1 to breach both… […]
Unpatched Microsoft Defender flaw lets hackers gain admin access
Laura Pippig reports: A security vulnerability was recently discovered in Microsoft Defender, the first-party Windows 11 antivirus tool used by millions. Attackers can exploit this vulnerability to gain elevated system privileges and cause significant damage without users noticing. The so-called “RedSun” vulnerability was discovered by security researcher Chaotic Eclipse, the same one who previously published a… […]
Defendant Sentenced To Prison For Hacking Betting Website
Not everyone complies with the conditions of pre-sentencing release. After pleading guilty to a credential stuffing attack, this defendant reopened his online criminal shop and advertised what he was doing. Unsurprisingly, he was re-arrested and remanded into federal custody. Although the DOJ announcement does not name the betting site, it was reported in news as… […]
P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next.
Introduction P3 Global Intel advertises itself as a “fully integrated and state-of-the-art tip acquisition and tip management solution that has quickly become the leading choice of Crime Stoppers Programs, Law Enforcement Agencies, Campus Safety Programs, and Federal Agency Initiatives.” 35,000 U.S. schools use P3 Campus, which partners with “safer school” initiatives such as Sandy Hook… […]
California’s cybersecurity audit rule is now in effect: its impact for class litigation
The IAPP writes: Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to… […]
City of Anthony, NM, public records have been suspiciously disappeared, locked, or wiped
There are insider breaches, and then there are fourth-degree felonies and other possible charges if public records are destroyed improperly or without a lawful purpose. KVIA in New Mexico reports: The City of Anthony released a letter to KVIA on Saturday stating that the previous administration had allegedly committed several wrong-doings and the City is… […]
A Silent Threat, Loud Consequences: Ransom Group Hits Law Firms Hard
When the FBI issued a Private Industry Notice in May 2025 about the Silent Ransom Group (SRG) targeting law firms, they were not exaggerating. The image on the left side of this post is not a new geometric wallpaper. The green boxes represent law firm listings on SRG’s leak site. There are about 38 by… […]
Booking.com warns customers their private travel details may have been accessed by ‘unauthorised party’
Here we go again? Lara Pearce reports: Popular travel website Booking.com has warned customers that their personal information including booking details and names may have been accessed by an “unauthorised third party”. Booking.com is one of the largest digital travel companies globally, with more than 28 million accommodation listings worldwide. The company sent emails to some of its Australian… […]
GTA-maker Rockstar Games hacked again but downplays impact
Joe Tidy reports: Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday, after a group of hackers claimed responsibility for the hack. In posts viewed by outlets, the criminals said they… […]
MN: Spring Lake Park Schools Closed After Suspected Ransomware Attack
Spring Lake Park Today reports: Spring Lake Park Schools in Minnesota were forced to close on Monday due to a suspected ransomware attack that disrupted the district’s computer systems. Local authorities are investigating the cybersecurity incident, which caused the abrupt shutdown of all schools in the district as a precautionary measure. … According to officials,… […]
Brockton Hospital still dealing with aftermath of ransomware attack
Yesterday, Bryan Lambert reported: Health care providers at Brockton Hospital are preparing to work off paper, not computers, for the next two weeks as the health care hub deals with an ongoing cybersecurity incident. The cybersecurity incident took many electronic services at Brockton Hospital offline on Monday and forced ambulances to be diverted. On Thursday,… […]
Silent Ransom Group leaked another big law firm: Orrick, Herrington & Sutcliffe
Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group (“SRG”).* In January, SRG gained access to the law firm of Orrick, Herrington & Sutcliffe LLP (“Orrick”). In… […]
Ex-Meta worker investigated for downloading 30,000 private Facebook photos
Laura Cress reports: A former Meta employee suspected of downloading around 30,000 private images of Facebook users is being investigated by the Metropolitan Police. The engineer, who lives in London, is believed to have designed a program to be able to access personal pictures on the site while avoiding security checks. A Meta spokesperson told… […]
Lotte Card given notice of $3M penalty, business suspension over massive data breach
Yonhap News reports: Lotte Card has been notified by the financial watchdog that it is liable for around 5 billion won ($3.38 million) in financial penalties and a business suspension of over four months over a massive data leak, informed sources said Thursday. The Financial Supervisory Service recently sent the notice to the credit card… […]
86% of businesses refused to pay cyber ransoms in 2025 — Coalition Insurance
Two firms recently told DataBreaches that about 30% or more of their clients pay ransom after a cyberattack. But you may get a different impression from other findings. The Actuary reports: Initial ransom demands by cyber attackers surged by 47% last year but record numbers of businesses declined to pay up, according to a specialist… […]
Capita under investigation after workers hit by pensions data breach
Rob White reports: A major pensions administrator is under investigation after admitting its second data breach in three years, the Government has confirmed. Capita, which runs the Civil Service Pension Scheme, confirmed that up to 138 retirees received the wrong annual statement or had theirs accessed by other scheme members during a data breach in… […]
Madras High Court Dismisses Plea By Cyber Security Expert Seeking Probe Into Star Health Security Lapses
Upasana Sajeev reports an update to a case previously noted on this site: The Madras High Court has dismissed an appeal filed by cybersecurity specialist Himanshu Pathak against a single judge’s order dismissing his plea seeking directions to the Ministry of Electronics and Information Technology, the Ministry of Finance, the Ministry of Home Affairs, the… […]
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data
Isaac Yee reports: A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed… […]
Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records
I posted the following article this morning over on PogoWasRight.org, but I have had so many people sending me links to stories about this news that I guess I should have posted it here, too, as a future data breach. by Amanda Seitz and Maia Rosenfeld April 8, 2026 The Trump administration is quietly seeking… […]
OCR Releases Risk Management Video
From HHS OCR: This video presentation is intended to raise awareness and provide practical education to HIPAA covered entities and business associates of the HIPAA Security Rule’s Risk Management requirement. Like risk analysis, effective risk management is an essential component of both HIPAA Security Rule compliance and broader cybersecurity preparedness. Risk management is a critical step not only for… […]
Hackers steal and leak sensitive LAPD police documents
Lorenzo Franceschi-Bicchierai reports: Cybercriminals have allegedly stolen a large amount of sensitive internal documents from the Los Angeles Police Department and leaked the data online. The stolen data included police officer personnel files, internal affairs investigations, and discovery documents that can include unredacted criminal complaints and personal information, such as witness names and medical data, according… […]
Iowa AG files lawsuit against Change Healthcare over 2024 data breach
Naomi Diaz reports: Iowa Attorney General Brenna Bird has filed a lawsuit against Change Healthcare, alleging the company violated state consumer protection and data security laws in connection with a 2024 data breach that affected nearly 2.2 million Iowa residents. Filed March 31, the lawsuit claims the breach exposed sensitive personal and medical information and caused widespread… […]
Act-of-War Clauses Cloud Cyber Insurance Coverage
Angus Loten reports: From Europe to the Middle East, geopolitical conflicts have companies rereading the fine print on insurance policies that deny coverage for wartime cyberattacks. Act-of-war exclusions—a common provision in homeowners, life and travel insurance—are largely untested in the cyber market, where the line between cybercrime and nation-state warfare is unclear. That can leave… […]
Who really runs your VPN — and what that may mean for your privacy
Over on Codamail (fka Cotse.net), Steve Gielda has updated his research on VPN infrastructure and its implications for your privacy. From that article: The Question VPN providers market themselves as independent services in diverse jurisdictions. This investigation asks a structural question: does the global VPN industry’s physical infrastructure actually reflect that diversity, or does it… […]
Russians hijacking routers for cyber spying
George Allison reports: In a new advisory, the NCSC warned that APT28, a cyber group linked to Russia’s GRU Military Unit 26165, has been exploiting vulnerabilities in edge network devices to conduct Domain Name System hijacking operations. DNS is the system that translates website addresses into the numerical IP addresses computers use to connect, and… […]
A string of radio hijacks exposes a deeper broadcast weakness
Joseph Topping’s dot-connecting analysis suggests we need to take some “little incidents” more seriously as they are the harbingers of what could be a major problem: A story about a radio station feed being hijacked popped up in my Facebook feed today, and it immediately felt familiar. Not because this kind of thing is common,… […]
NL: Dutch healthcare software vendor goes dark after ransomware attack
Connor Jones reports: A Dutch healthcare software vendor has been knocked offline following a ransomware attack, officials say. ChipSoft‘s website went down on April 7 and remains unreachable at the time of writing. The company provides hospitals with patient record software, serving around 80 percent of all facilities in the country. The ransomware element of… […]
HK: Man arrested over stolen patient personal data
RTHK reports: Police said they have arrested a man working for a contractor commissioned by the Hospital Authority for allegedly stealing the personal data of tens of thousands of patients. The data breach resulted in details of more than 56,000 patients from the Kowloon East cluster being taken without authorisation and leaked on a third-party… […]
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
From: CISA Date: April 7, 2026 Alert Code: AA26-097A Executive Summary: Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project… […]
1 Billion Microsoft Users Warned As Angry Hacker Drops 0-Day Exploit
Davey Winder reports: Usually, when I report zero-day exploits, it’s because attacks by threat actors are already underway or a vendor has released a patch after becoming aware of the vulnerability. BlueHammer, however, is different. This time, it’s a security researcher who has released the Windows attack exploit code; there is no patch available, and… […]
Jones Day confirms limited breach after phishing attack by Silent Ransom Group
One of the top-ranked law firms in the country confirmed today that it has suffered a data breach. Jones Day disclosed the breach after hackers known as Silent Ransom Group (SRG) posted the data to their dark web leak site on March 30. A spokesperson for the firm said that limited files for 10 clients… […]
Maine House advances McCabe bill to strengthen cybersecurity at Maine hospitals
A press release on April 6, 2026 from Maine House Democrats: On Thursday, the Maine House voted unanimously to advance a bill from Rep. Julie McCabe, D-Lewiston, that would help prevent cybersecurity attacks on Maine hospitals and ensure continuity of patient care when future cyberattacks occur. As amended, LD 2103 would require Maine hospitals to adopt a… […]
Microsoft links Medusa ransomware affiliate to zero-day attacks
Sergiu Gatlan reports: Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. This cybercrime gang quickly shifts to targeting new security vulnerabilities to gain access to its victims’ networks, weaponizing some of them within a day and, in… […]
Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026
On January 12, Valley Family Health Care (VFHC) notified HHS after learning that the TriZetto Provider Solutions (TPS) breach had affected 4,300 of their patients. The TPS breach, which began in November 2024, involved their patients’ names, addresses, dates of birth, Social Security numbers, health insurance member numbers (including Medicare beneficiary identifiers), health insurer names,… […]
NYS school data incidents rose 72% in 2025, with 44 reported on Long Island
Lorena Mongelli reports: Reports of compromised student data and cybersecurity in schools surged statewide in 2025, according to education officials. Statewide, data incident reports rose 72%, from 384 in 2024 to 662 in 2025, an annual report issued by the state Education Department’s chief privacy officer found. On Long Island, schools reported 44 data incidents in 2025, a jump from 35 the year prior, according to… […]
Two data security incidents affected immigration law firms and their clients
DocketWise is an immigration and case management solution designed for immigration attorneys. The firm informed the Maine Attorney General’s Office on April 3 of a September 1, 2025, data breach that affected the personal information of its law firm clients’ clients. The types of information involved varied by individual client. Their notification to Maine states… […]
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Brian Krebs reports: An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between… […]
Researchers didn’t want to glamorize cybercrims. So they roasted them.
Jessica Lyons reports: Cybercrime crews have become almost mystical entities, with security vendors assigning them names like Wizard Spider and Velvet Tempest. They hide out in hidden corners of the dark web (often accompanied by a clearnet leak site), leading some infosec folks to talk about these miscreants as if they are invincible. But not… […]
Fitness tracking under scrutiny as Strava military data leak exposes personnel
Paulo Vargas reports: Your Strava runs might feel private, but a new Strava military data leak shows how easily that information can reveal more than your workout. In the latest case, activity logs have been linked to more than 500 UK military personnel, connecting everyday exercise to sensitive locations. This goes beyond visible routes. Shared histories and account details… […]
Moscow, Idaho, clinics reopen after Gritman cyber incident
DysruptionHub reports: Gritman Medical Center began reopening clinics in Moscow, Idaho, on Friday after a cybersecurity incident disrupted outpatient care beginning early Wednesday, though the hospital and emergency department remained open throughout. Gritman first publicly disclosed the problem Thursday, saying several primary and specialty clinics were closed because of an electronic systems outage. In an update later that night,… […]
How often do threat actors default on promises to delete data?
We have probably all read recommendations that cyberattack victims should not pay ransom demands because it encourages more crime, and because criminals can’t be trusted to delete data they promise to delete. But what evidence have we seen supporting a claim that criminals default on data deletion? Law enforcement made a point of reporting that… […]
The breach lasted 25 minutes. How long will the litigation last?
Unauthorized access to Auger & Auger‘s network lasted all of 25 minutes on February 17, 2026. On March 30, the North Carolina personal injury law firm notified those affected and offered them 1 year of complimentary identity protection services from EPIC-Privacy D Solutions. In their notification letter, Auger & Auger informed those affected that the… […]
Hong Kong Hospital Authority apologises for data breach involving 56,000 patients
Edith Lin reports: Hong Kong’s privacy watchdog and police are investigating a large-scale data leak involving over 56,000 patients served by the Hospital Authority, which reported the unauthorised retrieval of a variety of information. The authority on Saturday apologised to affected victims – patients of hospitals in Kowloon East – for the breach that compromised… […]
Claude Code leak used to push infostealer malware on GitHub
Bill Toulas reports: Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as an autonomous agent, capable of direct system interaction, LLM API… […]
‘Serious cyberattack’ impacts phones, public safety systems in several Massachusetts towns
Phil Tenser reports: A cybersecurity attack is affecting several Massachusetts towns that share a regional emergency communications center. The cyberattack affecting the Patriot Regional Emergency Communications Center and associated towns was identified early Tuesday, according to statements from affected towns. The towns of Ashby, Dunstable, Pepperell and Townsend also said their police and fire departments… […]
UK: School IT system targeted in cyber attack ahead of exam season
Robbie Meredith reports: An IT system used by schools across Northern Ireland has been targeted in a cyber attack, the Education Authority (EA) has said. On Thursday, schools received a message that as part of “work to manage an IT security issue” the EA would be carrying out a password reset for all users. An… […]
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Maxwell Zeff, Zoë Schiffer, and Lily Hay Newman report: Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. The pause is indefinite, the sources said. Other major AI labs are also reevaluating their work with Mercor as they… […]
Questions raised after Cherry Creek students notified of data breach, lawsuit
Abraham Jewett reports: The Cherry Creek School District sent a message to families recently after some students received a notice about a class action settlement over a 2024 data breach involving the web-based education platform Naviance. The school district, in its message to families, clarified that the email was legitimate, and the class action lawsuit… […]
BakerHostetler’s 2026 report: Findings from 1,250 clients’ breach experiences in 2025
BakerHostetler’s annual report, which shares their experiences as a law firm representing data breach clients, is always one of my favorite reads, and their 2026 Data Security Incident Response Report does not disappoint. As always, it is chock-full of interesting statistics and commentary. In 2025, they represented 1,250 clients: 27% were from Healthcare (including pharma… […]
European Commission investigates cyber attack on its websites; CERT-EU publishes recommendations
Politico reported: The European Commission is investigating a cyber attack on its websites, with early findings suggesting that some data was taken, it said Friday. The EU executive said it discovered the attack on Tuesday and took “immediate steps” to contain it. The attack hit the cloud computing infrastructure used by the Commission to manage… […]
Nacogdoches Memorial Hospital notifies 257,073 after January data breach
Chad van Alstin reports: A hospital in Texas revealed that it’s fallen victim to a data breach that exposed the personal information of more than 257,000 patients to hackers. Nacogdoches Memorial Hospital—an independent health system in Texas consisting of one emergency-capable facility, several affiliated provider practices, and a rehabilitation center—made the breach public this week…. […]
Apex recovers stolen personal data after about 22K impacted in cyberattack: Town
When criminals store or host data on U.S. servers, victims may get lucky. This is one of those situations. Matthew Sockol reports that data from the town of Apex in North Carolina had been stolen in an attempted ransomware attack in July 2024. The data of approximately 22,000 residents had reportedly never appeared on the… […]
Italy’s data protection regulator fined Intesa Sanpaolo €31.8 million over insider data breach
From the Garante’s press release, below, it sounds like the banking group experienced an insider-wrongdoing breach in which an employee improperly accessed 3,573 customer accounts over a period of two years. Data breach: The Italian Data Protection Authority fines Intesa Sanpaolo €31.8 million for unauthorized access to the banking information of over 3,500 customers for… […]
Toymaker Hasbro says it may take weeks to recover from cyberattack
Zack Whittaker reports: American toy-making giant Hasbro has confirmed a cyberattack, and the company says it may take “several weeks” before the incident is resolved. The owner of properties including Transformers, Peppa Pig, and Dungeons & Dragons said in a legally required disclosure with the U.S. Securities and Exchange Commission on Wednesday that it detected an intrusion… […]
North Attleboro, Massachusetts, schools hit by suspected cyberattack
DysruptionHub reports: North Attleboro Public Schools in Massachusetts said Wednesday it is responding to unauthorized activity on its network after what the superintendent described as a cybersecurity incident over the past several days. The Sun Chronicle reported that Superintendent John Antonucci said the district had responded ‘over the past several days’ to unauthorized activity on its network…. […]
Everything you need to know about the malware stealing data from Mac users
Matt Binder reports that Mac users have a new malware threat to be on the watch out for. According to a new report by Malwarebytes, Infiniti Stealer is a new malware attack targeting Mac users that utilizes social engineering tactics and, once the payload is delivered to the device, is very difficult to detect. The hacker’s… […]
$285 Million Drift Protocol Exploit Shows Signs of North Korea-Linked Hackers
Abdelaziz Fathi reports: Blockchain analytics firm Elliptic said the $285 million exploit of Solana-based Drift Protocol shows multiple indicators associated with North Korea’s state-sponsored hacking groups. The firm’s assessment is based on onchain behavior, laundering patterns, and network-level signals that align with previous incidents attributed to DPRK-linked actors. The attack is the largest crypto exploit… […]
Attack on axios software developer tool threatens widespread compromises
Tim Starks and Derek B. Johnson report: A hacker briefly delivered malware this week through a popular open-source project for software developers that has an estimated 100 million weekly downloads, raising the possibility of compromises spreading widely through a supply-chain attack. Axios is a JavaScript client library used in web requests. The unknown attacker hijacked… […]
Estonian hospital sends patient home with other peoples’ health data
Märten Hallismaa reports: A person who underwent X-ray imaging at West Tallinn Central Hospital (LTKH) was sent home with a USB drive that also contained the personal and health data of other patients. ERR has received information about a person who went to West Tallinn Central Hospital to undergo an X-ray. Because the images needed… […]
South African government agency and Spanish psychological software provider victims of cyberattacks by XP95
Jan Vermeulen reports: Statistics South Africa has become the latest government entity to fall victim to a ransomware attack by the emerging cybercrime group known as XP95. The threat actors claim to have successfully breached the agency responsible for conducting South Africa’s census, as well as producing and disseminating other official statistics, like the Consumer… […]
Did you sign up for the new White House app? Don’t use it until you read this!
Did you sign up for the new White House app? Don’t use it until you read this, because it puts your privacy and data security at risk. Patrick Quirk takes an impressive technical piece and distills it for those of us who are not developers or coders. His article is based on original research by… […]
CareCloud notifies the SEC after attack on one of its EHR environments
DysruptionHub reports: CareCloud said an unauthorized third party briefly disrupted one of its six electronic health record environments on March 16, restoring access that evening as investigators assess possible patient data exposure. In a March 27 SEC filing, the Somerset, New Jersey-based company said an unauthorized third party temporarily accessed part of its CareCloud Health division… […]
Thankfully, the Infinite Campus incident did not involve a lot of non-directory student information
In the wake of the Infinite Campus data breach, DataBreaches was contacted by several concerned EdTech professionals who weren’t prepared to accept Infinite Campus’s word that there was no sensitive student information in the data tranche. With their encouragement, DataBreaches downloaded the data tranche from ShinyHunters’ leak site and examined it. Most of the files… […]
Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account
Pierluigi Paganini reports: Iran-linked hacking group Handala claims it breached FBI Director Kash Patel’s personal Gmail account and shared alleged data, including photos and files. The FBI confirmed it is aware of the incident and has taken steps to mitigate risks, stressing that the exposed material is old and does not involve any government or classified information…. […]
Woodfords Family Services notifying patients and families about 2024 ransomware attack
A notice by Woodfords Family Services in Maine caught my eye because the name sounded familiar. They provide support services for people with disabilities and their families. On March 27, 2026, they issued a notice: What Happened? On April 8, 2024, we discovered suspicious activity within our network. We took steps to secure our environment and… […]
Thousands of Corewell Health patients affected by security breach
Fox2 reports: Corewell Health announced their former health care consulting vendor experienced a data breach in 2024, affecting thousands of patients. Pinnacle Holdings previously provided health care consulting services to Corewell Health. After being notified of the data breach, Corewell said they conducted a review to identify who was impacted. The health system said around… […]
Meet Claude Mythos: Leaked Anthropic post reveals the powerful upcoming model
Matt Binder reports: An accidental leak has now been officially confirmed by AI company Anthropic regarding its most powerful AI model yet. The model, now known as “Claude Mythos,” was originally uncovered in a report from Fortune. Anthropic has since confirmed the details about the leak to the outlet. The data leak included details about the upcoming release of the… […]
LeakBase’s “Chucky” detained in Russia
TASS reports: Police have detained a Taganrog resident suspected of administering LeakBase, one of the largest hacker platforms. Law enforcement officials told TASS. The detained Taganrog resident is suspected of administering “one of the largest international hacker platforms, LeakBase,” the agency’s source said. According to him, the liquidated platform operated a credit system and user… […]
Ransomware Attack Totally Cripples Jackson County Sheriff’s Office in Indiana
From a report on cyber.netsecops.io: Executive Summary A debilitating ransomware attack has completely crippled the IT operations of the Jackson County Sheriff’s Office in Indiana. The attack, which struck last week, has rendered the department’s entire computer network, including all PCs, Wi-Fi, and critical reporting systems, unusable. […] Technical Analysis Initial Access Vector: The likely initial access vector… […]
‘CanisterWorm’ Springs Wiper Attack Targeting Iran. But why?
Brian Krebs reports: A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against… […]
Florida senator sues Booz Allen over his leaked tax returns
Gary Fineout reports: Sen. Rick Scott is suing a major government contractor for damages after his tax returns were leaked along with other prominent and wealthy figures, including President Donald Trump. The Florida Republican on Monday filed a lawsuit against Booz Allen Hamilton, a management and technology consulting company, and a former employee of the contractor who… […]
Delaware Supreme Court Reverses, Holds Cyber Insurers Sufficiently Pled Collective Subrogation Claim Resulting from Blackbaud Data Breach
The fallout from the massive Blackbaud breach is not over, it seems. Lydia Mills of Wiley Rein writes: Reversing the decision below, the Delaware Supreme Court held that a group of cyber liability insurers sufficiently pled a complaint for subrogation based on breach of contract. Travelers Cas. & Sur. Co. of Am. v. Blackbaud, Inc., 2026… […]
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Deeba Ahmed reports on some of TeamPCP’s dangerously effective recent activities: What Happened? The trouble began on 19 March 2026, when a hacking group calling themselves TeamPCP managed to break into Trivy, a popular tool used by developers to scan their code for security vulnerabilities. This was a supply chain attack, which occurs when hackers sneak malicious code… […]
Companies face difficult choices in blaming hackers for an attack
Eric Geller reports: Businesses need to think carefully about when they publicly blame a threat actor for a cyberattack, lest they invite unwanted consequences, experts said at a panel at the RSAC 2026 Conference here on Tuesday. “The rush to attribute is a risky one,” Megan Stifel, the chief strategy officer at the Institute for… […]
Utimaco Survey Finds 78% of US Companies Name Legacy Data Breaches the Top Gen AI Risk
From a press release by Utimaco: 57% of respondents have not yet implemented a solution to address these concerns Post quantum cryptography (PQC) readiness shows an even wider gap: while 72% identify legacy data attacks as the greatest quantum issue, 75% remain unprepared Data Sovereignty is front of mind: 80% of respondents rank protecting customer… […]
Malware on Luxembourg public sector devices was active for almost a month
Alex Stevensson reports: Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said. The security breach was confirmed on 27 February but details were scant at the time, with LSAP deputy Ben Polidori… […]
Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets
Jonathan Greig reports: The popular anime streaming platform Crunchyroll confirmed on Monday evening that a batch of customer information leaked online over the weekend is legitimate. In a statement to Recorded Future News, a spokesperson for the company said their investigation into the stolen documents is ongoing alongside cybersecurity experts. “At this time, we believe… […]
Handala Hackers Alleges Massive Data Breach of Tamir Pardo, Former Mossad Chief
As posted by the Iranian news agency, WANA: The hacker group Handala announced that it has released 14 gigabytes of personal and highly confidential documents belonging to Tamir Pardo as proof of concept (PoC). A message from Handala that accompanies some screengrabs offered as proof of claims states, in part: Today, Handala proudly announces that… […]
Infinite Campus Security Incident Awareness: No Impact to Student Data According to Infinite Campus
There was some understandable panic and concern in the k-12 sector when the ShinyHunters threat actors announced they had compromised and would leak data from edtech vendor Infinite Campus. Was this going to be another massive breach like the PowerSchool breach that affected tens of millions of students? At the present time, the Infinite Campus… […]
Florida Medicare members’ data exposed as Mirra Health improperly outsourced records overseas
Skyler Shepard reports: State investigators say Mirra Health jeopardized the safety of thousands of Floridians by sharing their sensitive health data with unauthorized companies overseas. Florida Insurance Commissioner Mike Yaworsky suspended Mirra Health Care LLC on Tuesday after investigators found the company sent private medical information to unlicensed companies in India and the Philippines. Mirra Health handles important claims… […]
50 Israeli companies ‘digitally erased’
On March 9, The Jerusalem Post reported that the Israel National Cyber Directorate had received a growing number of reports of cyberattacks aimed at destroying information and systems to disrupt the functioning of the home front economy. At that point, National Cyber Directorate Head Yossi Karadi said that no organization essential to the functioning of… […]
Family of UMMC patient speaks out after cyberattack during lifesaving surgery
WBAL reports: A Mississippi family is sharing their story for the first time after a cyberattack disrupted operations at a major hospital system in the middle of a lifesaving surgery. At the University of Mississippi Medical Center, patient Wade Watts was undergoing a liver transplant just as critical systems across the hospital began to fail…. […]
243,000 French Public School Employees Victims of Hack
La Revue Technique reports: A cyberattack on a French Education Ministry HR system has exposed personal information tied to roughly 243,000 public education employees, most of them teachers, raising fears of targeted scams and identity fraud. French officials say the breach hit a platform called Compas, used to manage student-teachers and other trainees in the… […]
Foster City goes offline after cybersecurity breach
The Daily Journal reports: Days after a cybersecurity breach that was “widely impacting city services,” the city of Foster City has moved its network offline, an action that disrupted its phone and email systems outside of emergency response, according to the city. City staff cannot make or receive calls or respond to emails but will… […]
Citing HIPAA, Groups Oppose Renewed Federal Plan to Amass Millions of Workers’ Health Data
Theresa Defino of the Health Care Compliance Association reports: Calling the proposal “unprecedented in its scope and lack of specificity,” CVS Health—owner of Aetna—is among a chorus of firms and organizations opposing a renewed effort by the Office of Personnel Management (OPM) to establish what CVS termed a “wholesale collection of vast amounts of granular… […]
Initial Access Broker sentenced to 81 months in prison for enabling Yanluowang ransomware gang
A press release from the U.S. Department of Justice about a Russian initial access broker who pleaded guilty in November, 2025: A court in the Southern District of Indiana today sentenced a Russian citizen, Aleksei Volkov, to 81 months in prison for assisting major cybercrime groups, including the Yanluowang ransomware group, in carrying out numerous… […]
Hackers increasingly target school districts
Nolan Keegan reports: Hackers are increasingly treating school districts like easy ATMs for personal data, and Bronx families are squarely in the crosshairs. A recent Turn To Tara segment on News 12 New York spotlighted a sharp jump in cyberattacks on schools and highlighted warnings from Check Point security analysts about exposed Social Security numbers,… […]
If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident.
On January 2, while many were still greeting each other with “Happy New Year,” Wound Technology Network (“Woundtech”), a Florida-headquartered mobile wound treatment provider, was not off to a great start for the year. On or about December 6, 2025, they had become aware of unusual activity in their network. An investigation confirmed that unauthorized… […]
3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches
He hasn’t attracted much attention or media coverage yet, and he doesn’t have any leak site or Telegram account. However, those reporting breaches involving patient data should note a threat actor known as “Stuckin2019” (or simply “Stuck”). Two of his recent attacks allegedly affected telehealth entities and 3.7 million patients. OpenLoop Health On January 7,… […]
GitHub is starting to have a real malware problem
Catalin Cimpanu reports: GitHub is slowly becoming a very dangerous website as more and more threat actors are starting to use it to host and distribute malware disguised as legitimate software repositories. What started as an infrequent sighting in early 2024 is now at the center of an increasing number of infosec and malware reports. The tactic… […]
Hackers target schools, towns in alarming attacks. Why aren’t more using New Jersey’s MS-ISAC ybersecurity service?
If you’re asking, “What MS-ISAC service?”, you’re not alone. Brianna Kudisch reports: A nationwide data breach exposing millions of K-12 students’ information, including kids in Cranford and Millburn. […] In November 2025, New Jersey signed on as a statewide member of the Multi-State Information Sharing and Analysis Center. It pays $795,000 for its annual membership, according to… […]
AU: Fairfield Council obtains injunction against unknown threat actors in ransomware incident
Anthony Segaert reports: A western Sydney council is communicating with anonymous hackers by sending Dropbox links into a chatroom, after it suffered a major data breach. In October last year, Fairfield Council’s servers – which contained personal, financial and property information about councillors, ratepayers, residents and staff – were illegally accessed by hackers, who are… […]
Weill Cornell Medicine discloses an insider data breach
On February 23, HHS received a breach submission from Weill Cornell Medicine in New York. The submission reported that 516 patients were affected by an incident involving Unauthorized Access/Disclosure of data in Electronic Medical Records (EMR). DataBreaches emailed the hospital to request an explanation and received the following statement from a spokesperson: After thorough investigation,… […]
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Robert Lemos writes: An open server hosted on a German cloud provider’s systems has been discovered, containing the entire toolset of a member of the Beast ransomware group. The find exposes the tactics, techniques, and procedures of the threat actor, but also reveals that Beast shares many of those TTPs with other ransomware gangs. According… […]
Strengthening Cybersecurity in Canada’s Municipal Sector: A Verified Analysis
From the Nonprofit Tech Support: When the City of Hamilton suffered a ransomware attack on February 25, 2024, it marked a sobering milestone in Canadian municipal cybersecurity. The attack crippled roughly 80% of Hamilton’s network, impacting services from business licensing to the fire department’s records. Attackers demanded an $18.5 million ransom, which the city refused… […]
Jaguar Land Rover’s cyber bailout sets worrying precedent, watchdog warns
Carly Page reports: The UK’s cyber watchdog has warned that the government’s £1.5 billion bailout of Jaguar Land Rover (JLR) risks setting a troubling precedent for how Britain handles major cyber crises. Speaking at an event marking the Cyber Monitoring Centre’s (CMC) first operational year, Ciaran Martin, chair of the CMC’s technical committee and a distinguished fellow… […]
Global cybercrime crackdown: over 373,000 dark web sites shut down
From Europol, some impressive results: On 9 March 2026, a global operation led by German authorities and supported by Europol was launched against one of the largest networks of fraudulent platforms in the dark web. The investigation began in mid-2021 against the dark web platform “Alice with Violence CP”. During the investigation, authorities discovered that… […]
University College of Dublin staff member due in court over accessing student data
Paul Reynolds provides today’s reminder of the insider threat. This one involves a univeristy in Dublin, Ireland. A UCD staff member is due in court this morning charged in connection with unlawfully accessing student data at the college. The man, who is in his 50s, was arrested this morning following an investigation by the Garda… […]
North Carolina tech worker found guilty of insider attack netting $2.5M ransom
Matt Kapko reports: A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday. Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive… […]
Justice Department Disrupts Iranian Cyber Enabled Psychological Operations
A Court-Authorized Domain Seizure Removes Four Websites Facilitating the Islamic Republic of Iran’s Ministry of Intelligence and Security’s Hacking Efforts Tied to Psychological Operations and Transnational Repression WASHINGTON – Today, the Justice Department announced the seizure of four domains as part of an ongoing effort to disrupt hacking and transnational repression schemes conducted by the Islamic Republic… […]
UMMC continues investigating cyberattack and recovering from impact.
In February, the University of Mississippi Medical Center (UMMC) announced it was closing dozens of its clinics statewide after a cyberattack disrupted multiple IT systems and cut off access to its Epic EMR platform, which contained patients’ medical records. The attack resulted in a nine-day service suspension, during which most outpatient clinics statewide were closed,… […]
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
Sergiu Gatlan reports: Hackers part of APT28, a state-backed threat group linked to Russia’s military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. This high-severity security flaw (tracked as CVE-2025-66376 and patched in early November) stems from a stored cross-site scripting (XSS) that unauthenticated attackers can exploit to gain remote… […]
Deaconess patients’ sensitive data stolen in vendor breach
Houston Harwood reports: A data breach at a third-party medical records vendor exposed the personal and health information of patients at two Deaconess Health System hospitals in Western Kentucky, the Evansville-based health system disclosed nearly two months after the breach itself occurred. The breach did not affect Deaconess’s internal computer systems or its electronic medical… […]
Cyberattack leaves drivers with required breathalyzer test systems in 46 states unable to start vehicles
Brad Rogers reports: A cyberattack has shut down a nationwide breathalyzer test system found in vehicles of OUI offenders, impacting thousands of drivers in Maine and 45 other states. Intoxalock is the company targeted by the attack. Once the device is installed, drivers have to pass a breathalyzer test before they can start their vehicle…. […]
Personal information of 16,000 individuals leaked from Seoul National University Hospital
Jung Si-Nae reports: Patient records of around 16,000 individuals were partially leaked from Seoul National University Hospital due to a clerical error. The hospital announced the data breach on its website on Thursday. A staff member mistakenly entered the wrong email address while sending an internal message at 2:07 p.m. on Saturday, resulting in patient… […]
Chilling Effects: NZ GP stops uploading patient notes to MyIndici as a precaution
Kate Green reports: A Wellington GP clinic has stopped uploading consultation notes to patient portal MyIndici as an extra layer of protection for patients’ data. MyIndici said it hasn’t been compromised, but there have been two high-profile security breaches involving health data at other companies in the past few months – ManageMyHealth, and then MediMap. Newlands Medical… […]
Hackers can raid iOS 18 with an infected link. Have you updated yet to iOS26?
Emma Roth reports: If you’ve been putting off an update to iOS 26, now might be the time to do it. On Wednesday, security researchers published findings on a new hacking tool that targets iPhones running iOS 18.4 to 18.6.2, as reported earlier by Wired. The “DarkSword” exploit allows bad actors to scoop up the personal information… […]
The “Internet YIFF Machine” leaks millions of “anonymous” tips to DDoSecrets
Mikael Thalen reports: A California resident had an urgent message for the police. A family tied to Mexico’s notorious Sinaloa drug cartel was trafficking hundreds of pounds of marijuana at a time, and the tipster knew how the police could apprehend these “highly violent” people who “always carry weapons.” Equally urgent to the tipster: secrecy…. […]
UK Watchdog Tightens Cyber Incident Reporting Rules as Attacks Surge
Yaminin Kahlia reports: Britain’s finance regulator confirmed new incident and third-party reporting rules on Wednesday, giving firms 12 months to prepare for clearer requirements aimed at strengthening resilience against cyber attacks and third-party disruptions. The new rules, which take effect on March 18, 2027, come after over 40% of cyber incidents reported to the Financial… […]
Pro-Iran hackers claim Microsoft outage, vow to ramp up attacks on U.S. companies
Bridget Johnson reports: Hackers supporting Iran claimed to be behind today’s Microsoft outage issues while a collective that has urged “epic war” allies to stand as unified “mujahideen” on the cyber front is vowing to target more U.S. companies and conducting fundraising to beef up hackers’ infrastructure. An Iranian group closely linked to CyberAv3ngers that has previously… […]
Booz Allen warns AI‑driven cyberattacks outpace human-driven defenses across critical infrastructure
Anna Ribeiro reports: A new report from Booz Allen Hamilton warns that cybersecurity is entering a ‘machine-speed’ era where AI (artificial intelligence) is collapsing the time between intrusion and impact, allowing attackers to plan, test, and execute multi-stage operations in minutes with minimal human input. The analysis finds that threat actors are adopting AI faster than defenders,… […]
Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Lily Hay Newman and Matt Burgess report Sears department stores have largely disappeared across the United States, but the brand and its appliance repair service are still in business, complete with a modern twist: an AI chatbot and phone assistant named Samantha. As the historic retailer steps into the future, though, new research shows that conversations people had with the… […]
Nvidia’s version of OpenClaw could solve its biggest problem: security
Rebecca Szkutak reports: Nvidia CEO Jensen Huang thinks every company should have an OpenClaw strategy. And Nvidia is here to provide it. Nvidia has developed NemoClaw, an enterprise-grade AI agent platform, Huang announced during his GTC keynote on Monday. The platform is built on top of OpenClaw, the popular open-source framework for building and running AI agents locally on… […]
DeKalb County, Tennessee sheriff and jail hit by ransomware attack
Dysruption Hub has found that yet a third “DeKalb County” has been the victim of a cyberattack. This one is in Tennessee (the first two reportedly involved DeKalb County, Georgia, and DeKalb County, Indiana). Dysruption Hub reports: A ransomware attack hit the DeKalb County Sheriff’s Department and jail in Smithville, Tennessee, disrupting email and inmate… […]
Ransomware incident responder gave info to BlackCat cybercriminals during negotiations, DOJ alleges
It’s not like threat actors weren’t telling some of us about rogue negotiators. They were. Now I wonder how many other journalists also disbelieved the threat actors when they were telling the truth. Jonathan Greig reports: The Justice Department is accusing an incident responder of conducting cyberattacks and helping ransomware gangs negotiate higher payouts from… […]
45,000 malicious IP addresses taken down in international cyber operation
An international cybercrime operation targeting phishing, malware and ransomware has taken down more than 45,000 malicious IP addresses and servers. Law enforcement from 72 countries and territories took part in Operation Synergia III (18 July 2025 – 31 January 2026), coordinated by INTERPOL. The operation led to the arrest of 94 people, with another 110… […]
The Broken Records: tracing the human cost of the 2022 British MoD leak
Harvey Depledge-Kittle writes: In February 2022, a Ministry of Defence data breach exposed sensitive personal information relating to approximately 18,700 Afghan nationals who had assisted UK forces and applied for protection. The breach was not publicly disclosed for nearly two years. From September 2023, a High Court super-injunction prohibited reporting on the breach and, initially,… […]
Telus Digital confirms breach after ShinyHunters claims 1 petabyte data theft
Lawrence Abrams reports: Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. Telus Digital is the digital services and business process outsourcing (BPO) arm of Canadian telecommunications provider Telus, providing customer support,… […]
China’s CERT warns OpenClaw can inflict nasty wounds
Simon Sharwood reports: China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks. In a Tuesday post to its WeChat account, the CERT warned that OpenClaw has “extremely weak default security configuration” and must therefore be handled with extreme care. The CERT is worried that attackers… […]
Bell Ambulance data breach impacted over 238,000 people
Pierluigi Paganini reports: Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers, and non-emergency transport, focusing on patient safety and timely care. On February 13,… […]
Lotte Card fined 9.6 billion won for leaking users’ social registration numbers
Korea JoongAng Daily reports: Lotte Card was fined 9.6 billion won ($6.5 million) by the Personal Information Protection Commission (PIPC) after 450,000 users’ social registration numbers were leaked. The PIPC decided to impose an administrative fine of 9.62 billion won and a penalty of 4.8 million won on Lotte Card for violations of the Personal Information… […]
Handala claims responsibility for attack on medical device maker Stryker
A.J. Vicens and Christy Santhosh report: An Iranian-linked hacking group on Wednesday claimed responsibility for a destructive cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group’s Telegram channel. The Michigan-based company, with 56,000 employees and operations in 61 countries, said in a filing with the SEC that the… […]
Police Scotland fined £66k for extracting and sharing mobile phone data
Scottish Legal News reports: The Information Commissioner’s Office (ICO) issued the fine and reprimand after finding that a series of data protection failures resulted in the excessive collection, handling and unlawful disclosure of sensitive personal information. The data protection authority says the case highlights key data protection practices that all police services and criminal justice… […]
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
Emma Woollacott reports: While much emphasis has been placed on the rise of youth cyber crime over the last two years, new research shows hacker activity peaks much later. Orange Cyberdefense looked at the numbers and found that it’s actually thirty- and forty-somethings that are the greatest threat. The company’s intelligence team analyzed 418 publicly announced law enforcement activities… […]
Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users
Emanuel Maiberg reports: Quittr, an app that promises to help men stop watching pornography, leaked intimate data on hundreds of thousands of its users, including their masturbation habits, and lied about its security issues, 404 Media can now reveal. I first reported about Quittr exposing user data in January, but was unable to name Quittr in… […]
1,700 Dutch police officers get reminder not to access files without legitimate purpose
Dutch Police reports: Nearly 1,700 police officers will receive a letter in the coming period because they used police systems when there was likely no need to do so. These colleagues were looking for information about the violent death of 17-year-old Lisa from Abcoude. The letter is primarily intended to remind police officers of the… […]
Israeli spies ‘hacked every traffic camera in Tehran to plot killing of Iran’s Ayatollah Ali Khamenei’
Maira Butt reports: Israeli spies hacked nearly every traffic camera in Tehran for years in order to monitor the movements of Ayatollah Ali Khamenei in an unprecedented intelligence-gathering campaign, according to a report. Officials surveilled highly trained and loyal security guards, bodyguards and drivers of senior Iranian officials to pick up on their “pattern of life”, the Financial Times reported. This real-time data, including from cameras focused… […]
Congress finds data brokers cost consumers tens of billions of dollars
A congressional investigation estimates broker breaches have cost consumers $20 billion in identity theft. Major brokers now promise to make it easier to opt out of their databases. By: Colin Lecher Breaches at data brokers have cost American consumers more than $20 billion, Congress’s Joint Economic Committee revealed Friday as part of an investigation triggered… […]
Evoke Wellness at Hilliard updates its breach notification
On February 27, external counsel for OCAT, LLC dba Evoke Wellness at Hilliard (“Evoke”), submitted a breach notification to the Maine Attorney General’s Office. The sample notification letter submitted with it claims that the Ohio addiction treatment center learned of an incident on August 7, 2025: On August 7, 2025, OCAT became aware of unauthorized… […]
Data from Insight Hospital and Medical Center Leaked on Dark Web
On or about January 26, 2026, Insight Hospital and Medical Center (“Insight”) in Chicago issued a substitute notice. It states that in September 2025, Insight learned of unusual activity within its network. An investigation subsequently determined that an unauthorized individual accessed the network between August 22, 2025 and September 11, 2025. As of the date… […]
Wisconsin k-12 district hit by weeklong outage
Dysruption Hub reports: A reported “cyber incident” left the Denmark School District in the Village of Denmark, Wisconsin, without internet access for five school days, forcing teachers and students to rely on paper-based workarounds, according to a local news report. But that “cyberincident” appears to be a cyberattack by INC Ransom, or so the gang… […]
Project Compass: first operational results against The Com network
Europol reports: In its first year of operation, Project Compass has delivered concrete operational results against “The Com”, a decentralised extremist network targeting minors and vulnerable individuals both online and offline. Since January 2025, Project Compass has contributed to: 4 victims safeguarded 30 perpetrators arrested 62 identified and partially identified victims 179 identified and partially… […]
Hacktivists claim to have hacked Homeland Security to release ICE contract data
Lorenzo Franceschi-Bicchierai reports: A group of hacktivists calling themselves “Department of Peace” claimed to have hacked the Department of Homeland Security (DHS), leaking allegedly stolen documents online. On Sunday, the nonprofit transparency collective DDoSecrets published data relating to contracts between DHS, Immigration and Customs Enforcement (ICE), and more than 6,000 companies, including defense contractors Anduril, L3Harris, Raytheon,… […]
Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule
Cassandre Coyer reports: A partial government shutdown threatens to further derail a key federal cybersecurity agency’s incident reporting rule—and delay answers that companies need to comply. The Department of Homeland Security shutdown, now entering its third week, may push back the finish line for a Biden-era rule that would create stringent disclosure requirements for critical infrastructure entities after… […]
CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams
Ashley Nyquist, Ashden Fein, Caleb Skeath, John Webster Leslie, Matthew Harden, Catherine McGrath, and Samar Amidi of Covington and Burling write: On January 28, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a new resource on Assembling a Multi-Disciplinary Insider Threat Management Team.The guidance is intended to assist critical infrastructure stakeholders, which includes private… […]
South Korean Police Lose Seized Crypto By Posting Password Online
Kyle Torpey reports: South Korea’s National Tax Service seized crypto assets during recent enforcement actions against 124 high-value tax evaders, but now, a large chunk of that crypto cash has been lost. The operation originally resulted in the confiscation of crypto holdings worth about 8.1 billion won, or roughly $5.6 million. However, officials later issued… […]
Connecticut Senate Bill Raises the Stakes on Data Breach Response
Hayley Steele and Gregory Szewczyk of Ballard Spahr write: A new bill introduced in Connecticut—Connecticut Senate Bill 117, An Act Concerning Breaches of Security Involving Electronic Personal Information—would create mandatory forensic examination requirements for entities that experience a “massive breach of security,” defined as a data breach affecting at least 100,000 Connecticut residents, and imposes… […]
Court Refuses to Slice Up CiCi’s Cyber Extortion Coverage
Andrea DeField and S. Alice Weeks of Hunton Andrews Kurth write: In the rarely litigated space of cyber insurance, the Northern District of Texas issued a win for cyber policyholders this week, offering a clear reminder to insurers that if they want to restrict coverage, they must draft the policy to clearly do so. In CiCi… […]
Israel plunges Iran into darkness with largest cyberattack in history during attack against Iran
The Jerusalem Post reports: As fighter jets and cruise missiles struck IRGC command centers, a parallel front reportedly paralyzed the Islamic Republic from within. Reports on Saturday, February 28, 2026, indicated that Iran entered an almost complete digital fog, in what appeared to be a large-scale cyberattack accompanying Operation “Roar of the Lion.” Critical infrastructure, official news sites,… […]
Leaked Odido data exposes sensitive information
In contrast to entities and courts that try to chill reporting, look at coverage of the Odido breach, where Dutch news outlets are not censored from informing the public about the scope of the breach. As seen on NL Times: A second batch of stolen customer data from Dutch telecom company Odido has revealed highly sensitive information… […]
KT, LG Uplus face lingering fallout over hacking incidents
Lee Gyu-lee reports: Korea’s two major telecom companies, KT and LG Uplus, continue to grapple with the fallout over hacking incidents and data breaches that triggered customer departures and mounting pressure for tougher sanctions. KT has extended the deadline for customers to apply for early termination fee refunds after complaints that some users were unable… […]
Hackers steal medical details of 15 million in France
Third-party vendors/business associates continue to be responsible for huge breaches involving patient data. Rébecca Frasquet and Chloé Rabs of AFP report: France’s health ministry said Friday that administrative details and medical notes on more than 15 million people had been hacked. The announcement came only days after officials warned that the details of 1.2 million… […]
Former Nuance employee admits breaching more than 1.2M Geisinger patient records
John Beauge reports the latest update in the case of Max Vance, also known as Andre J. Burk. Vance had been employed by Nuance Communications, a business associate of Geisinger Health. After his employment was terminated, he was still able to access Geisinger patient data. Geisinger detected the breach and notified Nuance. Now Beauge reports:… […]
South Korean Authorities Accidentally Hand Hackers $4.8M in Crypto
Kenrodgers Fabian reports: A security blunder hit South Korea as the National Tax Service accidentally exposed a crypto wallet’s recovery key, leading to a $4.8 million theft. The incident happened when the tax authority published a press release photo showing the mnemonic phrase for a seized wallet. This phrase, essentially the master password for virtual… […]
Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data
Andrew Martin and Caroline Millan report: A hacker exploited Anthropic PBC’s artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and voter information, according to cybersecurity researchers. The unknown Claude user wrote Spanish-language prompts for the chatbot to act as… […]
UK Court of Appeal Rules on the Concept of Personal Data in the Context of Data Security
Sam Jungyun Choi, Jadzia Pierce, and Paul Maynard of Covington and Burling write: On February 19, 2026, the UK Court of Appeal handed down its decision in DSG Retail Limited v The Information Commissioner [2026] EWCA Civ 140. The Court ruled that a controller’s data security duty applies to all personal data for which it acts as… […]
NL: Hackers had access to prison staff data for five months
Dutch News reports: Hackers had access to data from the Dutch prisons agency DJI for at least five months, according to an investigation by radio programme Argos. Cyber criminals could see e-mail addresses, phone numbers and security certificates of staff at the agency, Argos said, which may increase the risk of extortion or blackmail. The hackers… […]
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
Zack Whittaker reports: Cisco says hackers have been exploiting a bug in one of its popular networking products used by large enterprises for at least three years, prompting the U.S. government and its allies to urge organizations to take action. The bug, which has a maximum-rated vulnerability severity score of 10.0, allows hackers to remotely break… […]
Extorting the Extorters? Moscow man accused of posing as FSB officer to extort Conti ransomware gang
Daryna Antoniuk reports: A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service (FSB), according to local media reports. Russian outlet RBC, citing sources familiar with the investigation, reported on Wednesday that the suspect, Ruslan Satuchin, allegedly presented himself as… […]
Clalit probes suspected cyberattack after Iranian-linked hackers leak patient files
Or Hadar reports: Clalit Health Services, the largest health maintenance organization in Israel, said it is investigating a suspected cyberattack after an Iranian-linked hacking group claimed it breached the insurer’s systems and published thousands of documents containing personal information of patients. The hacking group, calling itself “Handala,” has published thousands of documents online, including medical… […]
South Korea considers updates to data and cyber laws
Charmian Aw, Paul Otto, and Ciara O’Leary of Hogan Lovells write: Recent large‑scale data breaches across major sectors in Korea, including across the telecommunications, retail, and finance sector, have prompted swift and coordinated response from lawmakers and regulators. The National Assembly and relevant government agencies are advancing legislative amendments and updating regulatory measures to strengthen… […]
UAE claims it stopped ‘terrorist’ ransomware attack
Jonathan Greig reports: The United Arab Emirates said it stopped a ransomware attack this weekend that allegedly targeted the country’s digital infrastructure. The country’s Cyber Security Council published a statement on Saturday that said they “successfully thwarted organized cyberattacks of a terrorist nature that targeted the country’s digital infrastructure and vital sectors in an attempt… […]
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Eduard Kovacs reports that the Wynn Resorts listing on the ShinyHunters leak site, previously noted on this site, has been removed, suggesting that the resort paid an extortion demand to get data deleted. “The unauthorized third party has stated that the stolen data has been deleted,” the company said in an emailed statement. “We are… […]
Attackers Can Own Your Network in a Matter of Minutes
Jai Vijayan reports: In 2025, cybercriminals needed less time to move from break-in to lateral movement across a network than it takes to watch a typical sitcom. An analysis by CrowdStrike of threat activity last year found attackers took just 29 minutes on average to pivot to other systems after gaining an initial foothold in… […]
Greater Pittsburgh Orthopaedic Associates disclosed a 2025 breach, but was there also one in 2024?
Greater Pittsburgh Orthopaedic Associates (GPOA) recently began notifying patients of a breach that occurred on or about August 10, 2025. Although their notification letter to patients does not indicate that this was an incident involving encryption, on August 20, 2025, Ransomhouse had added GPOA to its dark web leak site. Their listing indicated that GPOA… […]
Lazarus hackers adopt Medusa ransomware for extortion campaigns, targeting healthcare and nonprofits
Anna Ribeiro reports: A joint investigation by the Symantec and Carbon Black Threat Hunter teams details evidence that operators linked to the Lazarus hacker group are deploying Medusa ransomware in ongoing extortion campaigns targeting the U.S. healthcare sector and a Middle East entity, indicating the North Korean threat cluster continues ransomware-driven extortion campaigns despite prior U.S. indictments…. […]
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
Connor Jones reports: Two South Korean teenagers were this week charged with breaching Seoul’s public bike service, Ttareungyi. Identified only as Persons A and B, the pair, now of high school age, allegedly carried out the attack on Ttareungyi in June 2024 and stole data belonging to most of the service’s registered users. Officials said… […]
Hackers threaten to leak 8 million people’s stolen data if Dutch telecom Odido won’t pay ransom
Daniel Verlaan reports: The cybercriminal group Shinyhunters is responsible for hacking Odido. On the dark web, Odido is being pressured to pay the ransom—over a million euros. “This is your final warning,” the hackers write. “Otherwise, we will leak the data.” Shinyhunters confirmed to RTL Nieuws that it was behind the hack and has shown… […]
Some patients listed as “Charlie Kirk” or dead after major NZ health app MediMap hacked
1News reports: A digital medical records data company has been taken offline after some patient records were modified. Some users’ information had been changed, including to say they were deceased. MediMap is used by some health providers in aged care, disability, hospice and the community to accurately record medication doses. Read more at 1News. MediMap… […]
Top NATO allies believe cyberattacks on hospitals are an act of war. They’re still struggling to fight back.
Maggie Miller, Dana Nickel and Antoaneta Roussi report: NATO countries’ restrained response to hybrid attacks is at odds with public opinion, new polling shows: Broad swaths of the public in key allied countries say actions such as cyberattacks on hospitals should be considered acts of war. The POLITICO Poll, conducted in the United States, Canada,… […]
The hospitality sector continues to be lucrative targets
The hospitality sector has long been a target of hackers, and it’s a global problem. Here are three recent attacks in the news this week: In the U.S.: Choice Hotels International disclosed a breach affecting franchisees and applicants. Its notification letter states that a “skilled person used social engineering” to gain access on January 14,… […]
Ukrainian hackers uncover how Russian drone operators are using Belarus
As seen on InformNapalm: On February 18, 2026, Ukrainian President Volodymyr Zelenskyy imposed sanctions against Belarusian dictator Alyaksandr Lukashenka for his role in escalating and prolonging Russia’s aggressive war against Ukraine. One of the stated reasons is that in the second half of 2025, Russia deployed a system of repeaters for the control of attack… […]
This is how you do it: Dentist speaks out after practice hit by cyber attack
This could be the smallest breach DataBreaches has reported recently, and yet we are covering it instead of other, much bigger breaches that will undoubtedly generate lots of headlines. Why? Because it represents a refreshing example of quick response and transparency. Dr. Joe McEnhill, owner of Grange Dental Care, said the breach occurred on Thursday… […]
Discord’s age verification data has a frontend leak — now what?
Interesting Engineering reports: A newly uncovered flaw in Discord’s age verification rollout has added fresh pressure to the company’s 2026 compliance plans. Security researchers recently found that frontend components tied to identity vendor Persona were accessible on the open web, prompting debate over how securely the platform handles sensitive age checks. The discovery surfaced on… […]
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Pieter Arntz reports: Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable… […]
Hospitals at Risk of BeyondTrust Ransomware Hacks
Marianne Kolbasuk McGee reports: U.S. federal authorities and industry officials are urging hospitals and clinics to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a corporate network. The U.S. Department of Health and Human Services in an alert Thursday warned… […]
Resource: Privacy Law Directory — Codamail
Regular readers of my companion privacy-oriented site, PogoWasRight.org, may recall that the site recently noted The Data Broker Directory: Who has your data, where they got it, and who they sell it to by Codamail’s Stephen K. Gielda of Packetderm. Instead of taking a well-deserved break after all the work he did to compile that… […]
Romanian hacker faces up to 7 years for breaching Oregon emergency management department
Jonathan Greig reports: A 45-year-old Romanian national pleaded guilty this week to hacking into computers at Oregon’s Department of Emergency Management in June 2021 and selling the access he obtained for $3,000 worth of Bitcoin. Catalin Dragomir also hacked into 10 other U.S. companies, causing financial losses of at least $250,000. He was arrested in… […]
A single compromised account gave hackers access to 1.2 million French banking records
Emma Woollacott reports: Credentials stolen from a single government official enabled threat actors to access a French national database containing data on more than 1.2 million bank accounts. The attackers were able to access the Fichier des Comptes Bancaires et Assimilés (FICOBA) database, which contains files on all bank accounts opened in France. Stolen credentials… […]