LATEST POST
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
Recorded Future reports: The federal cybersecurity watchdog ordered all civilian agencies to immediately patch a vulnerability impacting several NetScaler products used by organizations to manage network traffic. The Cybersecurity and Infrastructure Security Agency (CISA) added the bug — tracked as CVE-2025-5777 — to its catalog of known exploited vulnerabilities on Thursday afternoon but took the extraordinary step […]
McDonald’s AI Chatbot Breach Exposes 64 Million Job Applicant Chat Records
Cyber Magazine reports: McDonald’s job applicants had their personal information exposed when security researchers accessed 64 million records through basic password attacks on the McHire platform. The breach occurred through vulnerabilities in systems operated by AI software firm Paradox.ai, which provides chatbot technology to screen candidates for the fast-food chain. Security researchers Ian Carroll and Sam […]
Arkana Ransomware Gang Claims Theft of 2.2 Million Customer Records
There has been a veritable explosion of new ransomware and extortion gangs this year. You may never have heard of Arkana, but there seems to be some link to the Qilin gang. gbhackers reports: The Arkana ransomware group burst onto the cybercrime scene with a high-profile attack on WideOpenWest (WOW!), a prominent U.S. internet service […]
OCR Enters into Two More Settlements for Failure to Conduct Security Risk Assessments
The Office for Civil Rights (OCR) entered into two recent settlements with HIPAA covered entities alleging that they failed to conduct security risk assessments. Robinson & Cole LLP discusses the enforcement actions. Deer Oaks On July 7, 2025, OCR announced a settlement with Deer Oaks, a behavioral health provider, for alleged violations of HIPAA. The settlement resolves […]
UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks
Reuters reports law enforcement in the UK has arrested four young people believed to be part of the Scattered Spider group that crippled high-end retailers earlier this year: Four people have been arrested as part of a police investigation into cyberattacks that disrupted the operations of retailers Marks & Spencer, the Co-op and Harrods, Britain’s […]
North Dakota’s New InfoSec Requirements for Financial Corporations
Earlier this year, North Dakota’s Governor signed HB 1127, which imposes new obligations for financial corporations operating in North Dakota. The law will take effect on August 1, 2025. From JacksonLewis, an explainer on the new law’s requirements for a comprehensive, written information security programs: Read more of the required elements at Workplace Privacy, Data Management & […]
Don’t Delay! California Likely to Soon Require Data Breach Notifications to be Provided to Consumers Within 30 Days
Attorneys at Fisher Phillips write: Read more at JDSupra.
Obligations under Canada’s data breach notification law
Data breach notification law is governed by the Personal Information and Electronic Documents Act (PIPEDA). This federal law regulates the handling of personal information during commercial transactions. This includes the collection, use, and disclosure of personal data. As Lexpert explains, by extension, this also includes the storage of information while in use: Read more at […]