LATEST POST
For the Record: Cyber Coverage “For” a Security Breach is Ambiguous under New Mexico Law
Wiley Rein explains: The New Mexico Court of Appeals has held that cyber policy language affording coverage “for” a security breach was ambiguous and must be construed broadly to provide coverage for a breach of contract claim “because of,” “resulting from,” or “on account of” a security breach. Kane ex rel. N.M. Health Connections, Inc. v. Syndicate […]
Ransomware Group Claims Attack on Belk
Major retailers remain vulnerable to attacks by ransomware gangs. The same gang thought to be involved in the Marks & Spencer attack has now claimed another victim. Security Week reports: The DragonForce ransomware gang has claimed responsibility for a disruptive cyberattack on US department store chain Belk. The incident was identified on May 8 and […]
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
Recorded Future reports: The federal cybersecurity watchdog ordered all civilian agencies to immediately patch a vulnerability impacting several NetScaler products used by organizations to manage network traffic. The Cybersecurity and Infrastructure Security Agency (CISA) added the bug — tracked as CVE-2025-5777 — to its catalog of known exploited vulnerabilities on Thursday afternoon but took the extraordinary step […]
McDonald’s AI Chatbot Breach Exposes 64 Million Job Applicant Chat Records
Cyber Magazine reports: McDonald’s job applicants had their personal information exposed when security researchers accessed 64 million records through basic password attacks on the McHire platform. The breach occurred through vulnerabilities in systems operated by AI software firm Paradox.ai, which provides chatbot technology to screen candidates for the fast-food chain. Security researchers Ian Carroll and Sam […]
Arkana Ransomware Gang Claims Theft of 2.2 Million Customer Records
There has been a veritable explosion of new ransomware and extortion gangs this year. You may never have heard of Arkana, but there seems to be some link to the Qilin gang. gbhackers reports: The Arkana ransomware group burst onto the cybercrime scene with a high-profile attack on WideOpenWest (WOW!), a prominent U.S. internet service […]
OCR Enters into Two More Settlements for Failure to Conduct Security Risk Assessments
The Office for Civil Rights (OCR) entered into two recent settlements with HIPAA covered entities alleging that they failed to conduct security risk assessments. Robinson & Cole LLP discusses the enforcement actions. Deer Oaks On July 7, 2025, OCR announced a settlement with Deer Oaks, a behavioral health provider, for alleged violations of HIPAA. The settlement resolves […]
UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks
Reuters reports law enforcement in the UK has arrested four young people believed to be part of the Scattered Spider group that crippled high-end retailers earlier this year: Four people have been arrested as part of a police investigation into cyberattacks that disrupted the operations of retailers Marks & Spencer, the Co-op and Harrods, Britain’s […]
North Dakota’s New InfoSec Requirements for Financial Corporations
Earlier this year, North Dakota’s Governor signed HB 1127, which imposes new obligations for financial corporations operating in North Dakota. The law will take effect on August 1, 2025. From JacksonLewis, an explainer on the new law’s requirements for a comprehensive, written information security programs: Read more of the required elements at Workplace Privacy, Data Management & […]