In December 2024, EdTech vendor PowerSchool was hit with a major attack that reportedly affected more than 60 million students and employees throughout the country. But that wasn’t the only major attack affecting an education sector vendor in December. Teiss reports that a retirement services vendor was also the victim of an attack: About 50 […]
DevOps reports: A popular GitHub Action used in more than 23,000 code repositories has been compromised in a supply chain attack by attackers who introduced a malicious commit aimed at leaking secrets like passwords held in public repositories. In the compromise, which is being tracked as CVE-2025-30066, bad actors modified the code in GitHub Actions tj-actions/changed-files […]
KOAA in Colorado reports: The personal information of over 1,000 veterans in Colorado may be at risk after a data leak. The Veterans Affairs Eastern Colorado Health Care System accidentally sent an email containing personal details about veterans to 75 recipients. The email, which was sent in January, included a spreadsheet with veterans’ full names, the last […]
About Lawsuits reports that all the state and federal lawsuits against Change Healthcare should be coordinated: The U.S. District Judge appointed to preside over all Change Healthcare data breach lawsuits brought throughout the federal court system has issued an order, outlining a plan to coordinate the pretrial proceedings in the federal multidistrict litigation (MDL) with claims pending […]
SecurityWeek reports that Dragos has published an interesting case study about an attack by the Chinese threat actors known as Volt Typhoon on the electric grid. The target was Littleton Electric Light and Water Departments (LELWD), a small public power utility in Massachusetts that serves Littleton and Boxborough. The utility had been in the process […]
From CISA.gov, a #StopRansomware advisory: Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant […]
The following is a press release issued yesterday by NY Attorney General Letitia James: NEW YORK – New York Attorney General Letitia James today filed a lawsuit against several insurance companies doing business as National General and Allstate Insurance Company (Allstate) for failing to protect New Yorkers’ personal information from cyberattacks. In 2020 and 2021, National General […]
Since the Hamas attack in October 2023, more and more Israelis have armed themselves with guns. Now the Sri Lanka Guardian reports that Israeli gun owners are in a state of heightened alert, fearing for their safety due to a breach and leak of their personal information and details: In a severe cybersecurity breach with […]
State and local governments continue to be targeted by threat actors. Here are three current situations in the news: Mission, Texas. Valley Central reports: The cybersecurity attack on the city of Mission has prompted the Mayor to declare a state of local disaster. Mayor Norie Gonzalez Garza sent a letter to Texas Governor Greg Abbott, […]
Tech Radar reports on an exposed data set discovered by a researcher: A dataset contai,ning 820,750 records totaling 122GB has been discovered online, most likely belonging to German tracking software firm Lost & Found, which primarily services the aviation industry. As revealed by security researcher, Jeremiah Fowler, this was in an unprotected and publicly exposed dataset […]
