LATEST POST
Attackers Now Need Just 29 Minutes to Own a Network
Dark Reading reports: In 2025, cybercriminals needed less time to move from break-in to lateral movement across a network than it takes to watch a typical sitcom. An analysis by CrowdStrike of threat activity last year found attackers took just 29 minutes on average to pivot to other systems after gaining an initial foothold in […]
ShinyHunters claims responsibility for Odido telecom breach affecting millions
Bleeping Computer reports: The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. Odido is one of the largest telecommunications companies in the Netherlands and offers mobile, broadband, and television services to millions of customers nationwide. The company disclosed the breach on February 12, […]
Norton Healthcare to Pay $11M to Settle BlackCat Lawsuit
Bank InfoSecurity has an update on the Norton Healthcare breach in 2023: Norton Healthcare, which operates nine hospitals and 480 other care facilities in Kentucky and Indiana, has agreed to pay $11 million to settle class action litigation triggered by a 2023 data theft attack by ransomware-as-a-service gang Alphv/BlackCat that affected nearly 2.5 million people. […]
PayPal discloses data breach that exposed user info for 6 months
Bleeping Computer reports: PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing. PayPal discovered the breach […]
How the Conduent Data Breach Unfolded, and Why It Matters
Freedom For All Americans recaps what is known so far about a Conduent Business Solutions data breach that could wind up affecting many more Americans than what has already been disclosed: A cyber intrusion inside Conduent stretched for nearly 3 months, from October 21, 2024, to January 13, 2025, and ended up pulling personal and […]
Criminals threaten Wynn Resorts with data leak if they don’t pay extortion demand
Cybernews reports: The cybercrime group ShinyHunters claims it has pulled off a massive data heist against Wynn Resorts, alleging it holds more than 800,000 records containing personal and employee information. The group is escalating its pressure tactics and has issued what it calls a “final warning” on the dark web, giving the luxury resort giant […]
Negotiating with hackers: The AI in ransomware response
An article by Josh Taylor of Fortra begins: Ransomware groups are increasingly inserting AI bots into the negotiation loop to triage victims, collect leverage and scale their operations. At Fortra, I have observed a growing trend of attackers deploying chatbots for first contact, with humans stepping in only after certain thresholds are met. This approach […]
Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
The Record reports: A Chinese state-backed hacking group is targeting Dell customers with a zero-day vulnerability impacting a popular line of operational and disaster recovery tools. Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at least mid-2024. Dell’s advisory said the vulnerability carries a […]