Latest Posts › Cyber Attacks

Share:

Privacy Tip #444 – Best Phishing Campaigns are from HR or IT

Everyone thinks they can spot a phish. Whether it is an email, SMS text, or QRish phishing, people have an overinflated view of their capabilities to detect them....more

College Student Behind Cyber Extortions

The U.S. Attorney’s Office for the District of Massachusetts has charged a student at Assumption University with hacking into two U.S.-based companies’ systems and demanding a ransom....more

Ascension Notifies 430,000 Patients of Data Breach

Healthcare system Ascension has notified 437,329 patients of a data breach exposing “demographic information, such as name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers, as...more

Privacy Tip #443 – Fake AI Tools Used to Install Noodlophile

Threat actors are leveraging the publicity around AI tools to trick users into downloading the malware known as Noodlophile through social media sites. Researchers from Morphisec have observed threat actors, believed to...more

SAP NetWeaver Visual Composer Requires Urgent Patch

SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more

Threat Actors Use AI to Launch Identity Theft Scams

Identity theft will continue to rise in 2025. According to the Better Business Bureau of Missouri (BBB), it received over 16,000 identity theft complaints in the past three years. Scammers are “increasingly using advanced...more

Privacy Tip #441 – Identity Theft Statistics Increasing in 2025

Unfortunately, identity theft continues to increase, and according to Identitytheft.org, the statistics are going to get worse in 2025. Some of the statistics cited by Identitytheft.org include: 1.4 million complaints of...more

AI Powered Bot Targeted 400,000 Websites

SentinelOne researchers have discovered AkiraBot, which is used to target small- to medium-sized company websites with generative AI, and drafted outreach messages for website chats, comments, and contact forms. SentinelOne...more

CISA Issues Alert on Potential Legacy Oracle Cloud Compromise

BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some...more

WhatsApp Patches Vulnerability That Facilitates Remote Code Execution

WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows version 2.2450.6....more

CISA Issues Malware Analysis Report on RESURGE Malware

On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure....more

Joint Alert Warns of Medusa Ransomware

On March 12, 2025, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center to advise...more

X Hit with DDoS Attack

According to Security Week, X (formerly Twitter) was hit with a distributed denial-of-service (DDoS) attack that disrupted tens of thousands of X users’ ability to access the platform on March 10, 2025....more

MS-ISAC Loses Funding and Cooperative Agreement with CIS

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Tuesday, March 11, 2025, that the Multi-State Information Sharing and Analysis Center (MS-ISAC) will lose its federal funding and cooperative agreement...more

Warby Parker Settles Data Breach Case with OCR for $1.5M

Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more

Social Engineering + Stolen Credential Threats Continue to Dominate Cyber-Attacks

CrowdStrike recently published its 2025 Global Threat Report, which among other conclusions, emphasized that social engineering tactics aimed to steal credentials grew an astounding 442% in the second half of 2024....more

Joint Cybersecurity Advisory Released on Ghost (Cring) Ransomware

The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center released an advisory on February 19, 2025, providing information on Ghost...more

Criminal Charges Lodged Against Alleged Phobos Ransomware Affiliates

Unfortunately, I’ve had unpleasant dealings with the Phobos ransomware group. My interactions with Phobos have been fodder for a good story when I educate client employees on recent cyber-attacks to prevent them from becoming...more

Privacy Tip #430 – GrubHub Confirms Security Incident Through Third Party Vendor

If you are a GrubHub customer, read carefully. The app has confirmed a security incident involving a third-party vendor that allowed an unauthorized threat actor to access user contact information, including some customer...more

DeepSeek AI’s Security Woes + Impersonations: What You Need to Know

Soon after the Chinese generative artificial intelligence (AI) company DeepSeek emerged to compete with ChatGPT and Gemini, it was forced offline when “large-scale malicious attacks” targeted its servers. Speculation points...more

CISA + FBI Issue Joint Advisory on Threat Actors Chaining Ivanti Vulnerabilities

On January 22, 2025, the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) issued a joint advisory related to previous vulnerabilities in the Ivanti Cloud Service Appliance,...more

MGM Inks $45M Class Action Settlement for 2019 and 2023 Data Breaches

MGM Resorts agreed to pay $45 million to settle over a dozen class action lawsuits concerning 2019 and 2023 data breaches. A federal court in Nevada preliminarily approved the settlement, which, according to lawyers, covers...more

Rhysida Hits American Addiction Centers + Publishes 2.8TB of Data

American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26,...more

Ascension Health Notifying 5.6 Million of Data Breach

We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states....more

Adobe Issues Patches for ColdFusion “High Severity” Vulnerability

Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology  (NIST), “an attacker could exploit this...more

894 Results
 / 
View per page
Page: of 36

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide