DevOps reports: A popular GitHub Action used in more than 23,000 code repositories has been compromised in a supply chain attack by attackers who introduced a malicious commit aimed at leaking secrets like passwords held in public repositories. In the compromise, which is being tracked as CVE-2025-30066, bad actors modified the code in GitHub Actions tj-actions/changed-files […]
Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed […]
About Lawsuits reports that all the state and federal lawsuits against Change Healthcare should be coordinated: The U.S. District Judge appointed to preside over all Change Healthcare data breach lawsuits brought throughout the federal court system has issued an order, outlining a plan to coordinate the pretrial proceedings in the federal multidistrict litigation (MDL) with claims pending […]
The U.S. Department of Justice announced: A dual Russian and Israeli national was extradited to the United States on charges that he was a developer of the LockBit ransomware group, United States Attorney John Giordano announced. In August, Rostislav Panev, 51, was arrested in Israel pursuant to a U.S. provisional arrest request. Today, Panev was […]
Dark Storm, the big scary-sounding group that took down X (formerly Twitter) in a DDoS attack was just an Egyptian college kid? Cybernews reports: A French security researcher on Tuesday claims to have uncovered the identity of the Dark Storm hacker behind the hours-long DDoS cyberattack on Elon Musk’s X social media platform – and […]
The following is a press release issued yesterday by NY Attorney General Letitia James: NEW YORK – New York Attorney General Letitia James today filed a lawsuit against several insurance companies doing business as National General and Allstate Insurance Company (Allstate) for failing to protect New Yorkers’ personal information from cyberattacks. In 2020 and 2021, National General […]
Since the Hamas attack in October 2023, more and more Israelis have armed themselves with guns. Now the Sri Lanka Guardian reports that Israeli gun owners are in a state of heightened alert, fearing for their safety due to a breach and leak of their personal information and details: In a severe cybersecurity breach with […]
It was the biggest heist in history and hackers are already cashing out. MSN reports: North Korean hackers who orchestrated a billion-pound cryptocurrency heist have successfully cashed out over £232,000,000 of their loot. The hackers, known as the Lazarus Group, pulled off the biggest heist in history during a raid on crypto exchange ByBit two weeks ago, […]
Dark Reading reports: Medusa ransomware attacks are increasingly becoming a core tool for a threat group known as “Spearwing,” which has amassed hundreds of victims since 2023; nearly 400, in fact, have been listed on its leak site. The ransom demands when using Medusa ransomware range from $100,000 to a whopping $15 million, according to […]
Bleeping Computer reports: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. The data breach was discovered in early February 2025, but the exact date when the hackers gained initial access to NTT’s systems hasn’t been determined. “NTT Communications Corporation discovered […]
