LATEST POST
Vendors to be(a)ware of: Conduent Business Solutions
Down, down, down go Conduent’s stock prices. Breaches by third-party vendors or business associates account for the majority of patient records breached in incidents. The 2025 Breach Barometer report, which includes more than HIPAA-covered entities, found that 77% of breached patient records resulted from business associate breaches. Some business associate breaches affect millions of patients […]
Notepad++ hijacked by suspected state-sponsored hackers
The Record reports: A software update mechanism for the popular text editor Notepad++ was hijacked by suspected Chinese state-sponsored hackers, allowing them to silently redirect some users to malicious update servers, the project’s developers announced on Monday. In a security update posted on the project’s website, the development team said the attack did not exploit a flaw […]
Vendor breaches continue to pose threat to patient privacy
Updates to two business associate breaches reveal that millions of patients have been impacted by third-part breaches, with Healthcare Interactive’s breach affecting 3 million patients and TriZetto Provider Solutions’s breach reportedly affecting another 700,000 patients. Healthcare Interactive Healthcare Interactive (“HCIactive”) is a Maryland-based provider of AI-powered software solutions for insurance enrollment and benefits administration. In […]
ShinyHunters has been more active. Google reports on the activity.
Google’s Threat Intelligence Group (GTIG) has been tracking the expansion of ShinyHunters-branded SaaS data theft. In a new blog post, they write: Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harvesting […]
Conduent warns of further financial fallout from cyberattack
Cybersecurity Dive reports: Conduent said it may face additional financial risks related to a January 2025 attack that impacted a number of state governments and other organizations. The attack at the New Jersey-based payments contractor led to data breaches across a number of organizations, including state government agencies and insurance providers. In the state of Wisconsin, […]
Trump files $10B lawsuit against IRS over alleged tax return leaks to major news outlets
Fox News reports: President Donald Trump has filed a $10 billion lawsuit against the IRS, accusing the agency of unlawfully leaking his confidential tax returns in a politically motivated violation of federal privacy laws. A spokesman for Trump’s legal team told Fox News “a rogue, politically motivated” IRS employee disclosed private and confidential tax information involving Trump, his family […]
A Grok AI Toy Breach Exposed 50,000 Private Chats
WebProNews reports: An AI toy called Grok exposed 50,000 conversation logs between children and the device to anyone with a Gmail account due to a cloud storage misconfiguration, raising serious questions about data security, regulatory compliance, and the protection of children’s privacy in AI-enabled products. … According to Wired, the breach originated from a fundamental misconfiguration […]
Infamous RAMP cybercrime forum seized by FBI
The Record reports: Websites for the RAMP cybercrime forum, a notorious Russian marketplace widely used by ransomware groups and initial access brokers, have been replaced with a splash page declaring they have been seized by the FBI. Domain name server (DNS) records reportedly initially showed RAMP’s clearnet site redirecting to an FBI domain regularly used […]