SuspectFile reports that two well-known ransomware gangs independently attacked and encrypted files from Resource Corporation of America (RCA), a revenue cycle management business associate headquartered in Texas. What happened next is not totally clear because neither the Qilin gang nor the victim provided any details, but SuspectFile reports that the Medusa gang provided some information […]
BleepingComputer reports: The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into […]
Apple Insider reports: Apple supply chain member Luxshare suffered a major data breach in December, and hackers that pilfered the files are now offering it for sale on the dark web. It looks legit. The Apple supply chain is typically a very secure system, and core to the existence of Apple itself. This leads it […]
Infosecurity Magazine reports: The number of organizations notifying their GDPR regulator of a data breach surged by 22% to a daily average of 443 in 2025, according to DLA Piper. The global law firm has been analyzing GDPR regulatory activity every year since the data protection regulation came into being in 2018. The past 12 months […]
The Hill reports: Members of Elon Musk’s Department of Government Efficiency (DOGE) improperly shared Social Security data through a third-party server, according to a recent court filing from the Justice Department. The DOGE team embedded at the Social Security Administration (SSA) used Cloudflare, which was not approved for storing agency data, to share data during a 10-day period in March, the […]
The Minnesota Department of Human Services’ vendor breach was not the only recent breach disclosed that affected more than 300,000 people. Monroe University in New York also disclosed a breach involving a lot of sensitive information. From their January 13 notification letter: We are posting this notice to inform our community of a data security […]
The Minnesota Star Tribune reports: A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people. There is not evidence the data was misused, the department said in a Jan. 16 letter notifying impacted individuals. The letter was sent about four months after the breach […]
The HIPAA Journal reports: TriZetto Provider Solutions, a Cognizant-owned provider of revenue management services to physicians, hospitals, and health systems, has started notifying certain healthcare clients about a recently identified cybersecurity incident. On October 2, 2025, suspicious activity was identified within a web portal used by some of its healthcare provider customers to access TriZetto […]
Top Class Actions reports: American Addiction Centers Inc. agreed to a $2.75 million class action lawsuit settlement to resolve claims it failed to adequately protect patients’ private information. The settlement benefits individuals whose personal information was potentially compromised in a data breach involving American Addiction Centers on or about Sept. 26, 2024, and who were […]
SLSH Malicious “Supergroup” Targeting 100+ Organizations via Live Phishing Panels
Silent Push reports: A massive identity-theft campaign is currently active, targeting Okta Single Sign-On (SSO) and other SSO platform accounts across 100+ high-value enterprises. Silent Push has identified a surge in infrastructure deployment that mirrors the TTPs (Tactics, Techniques, and Procedures) of SLSH—a predatory alliance between Scattered Spider, LAPSUS$, and ShinyHunters. This isn’t a standard automated spray-and-pray attack; it is a […]