BankInfoSecurity reports: Connecticut-based Yale New Haven Health System is notifying more than 5.5 million patients that their personal information, including Social Security numbers, could have been stolen in a March hack. The incident, which is among several other recent major health data hacks, ranks as the largest health data breach reported to federal regulator so […]
Forbes reports: The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims. Although there is no doubt that ransomware threats should be taken very seriously, […]
In January, Conduent reported that it had experienced an operational disruption due to a third-party compromise of one of its operating systems. They no longer refer to the incident as an “outage” and now refer to it as a “cyberattack,” but they still fail to clearly disclose whether this was a ransomware attack or not. Cybersecurity […]
Forbes reports: Now, a new threat intelligence report has revealed how financially motivated Chinese cybercriminals are targeting government offices, the energy sector, factories, financial services, and, yes, hospitals across the globe. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. According to a new report from Rebecca Harpur at […]
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
The Daily Hodl reports: A car rental giant says sensitive customer data has been exposed in a cybersecurity incident involving one of its vendors. In a notice posted on its website, Hertz says that its vendor, Cleo Communications US, witnessed a zero-day vulnerability exploit late last year that enabled thieves to siphon customer data. Notifications on various […]
BakerHostetler has released its 2025 Data Security Incident Response Report, which provides insight and analysis from more than 1,250 data security incidents managed by the firm this past year. Their report features a deep dive into critical components of security incidents (e.g., response timeline, average ransom payment amount, frequency of litigation) as well as an examination of […]
NPR reports: In the first days of March, a team of advisers from President Trump’s new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board. … according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews […]
The Wall Street Journal reports: Chinese police issued wanted notices for three people they said engaged in cyberattacks against China on behalf of the U.S. National Security Agency, a rare step by Beijing as hostilities between the superpowers escalate. The accusations that the NSA targeted the Asian Winter Games held in the northeastern Chinese city of Harbin […]
The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Sophos writes: Read more at Sophos.