IT Security Newsletter - 3/28/2025
Oracle Health breach compromises patient data at US hospitals
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, confirmed that patient data was stolen in the attack. Oracle Health is a healthcare company offering Electronic Health Records and business operations systems to healthcare organizations. READ MORE...
Threat actor in Oracle Cloud breach may have gained access to production environments
Security researchers are analyzing a 10,000-line dataset provided by a hacker who claimed to have breached Oracle Cloud. The threat actor claimed to have 6 million Oracle Cloud records, which may have impacted more than 140,000 tenants. The sample being analyzed has information on about 1,500 organizations, which, if confirmed, would underscore the breadth of the exfiltrated data, according to researchers at CloudSEK. READ MORE...
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini
In the growing canon of AI security, the indirect prompt injection has emerged as the most powerful means for attackers to hack large language models such as OpenAI's GPT-3 and GPT-4 or Microsoft's Copilot. By exploiting a model's inability to distinguish between, on the one hand, developer-defined prompts and, on the other, text in external content LLMs interact with, indirect prompt injections are remarkably effective at invoking harmful or otherwise unintended actions. READ MORE...
Splunk Patches Dozens of Vulnerabilities
Splunk on Wednesday announced patches for dozens of vulnerabilities across its products, including two high-severity flaws in Splunk Enterprise and Secure Gateway App. The enterprise monitoring solution received patches for a remote code execution (RCE) bug that could be exploited by low-privileged users by uploading a file to the '$SPLUNK_HOME/var/run/splunk/apptemp' directory. Tracked as CVE-2025-20229 (CVSS score of 8.0), the security defect is caused by a missing authorization check. READ MORE...
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Google's fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw - and they found it. There's currently no indication that the Firefox bug (CVE-2025-2857) is under active exploitation, but this should not be surprising: according to Statcounter, Chrome is used by 66.3% of internet users worldwide and Firefox only by 2.62%. READ MORE...
Browser extension sales, updates pose hidden threat to enterprises
Sometimes the simplest pieces of software can cause the most complex security headaches for organizations. Browser extensions, which can be bought, sold and repurposed without warning, are a blind spot for organizations - ignored and often left unrecognized as a hidden threat. John Tuckner, founder of the browser extension security company Secure Annex, recently demonstrated how quickly he bought and repurposed an extension to redirect traffic. READ MORE...
When Getting Phished Puts You in Mortal Danger
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites. READ MORE...
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts. READ MORE...
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
Healthcare is consistently one of the most attacked critical industries - it is a prime ransomware target. The reasons are clear: it offers a huge attack surface that is poorly secured in a sector that must prioritize continuous operation. It is, in short, easily compromised and most likely to pay. The problem stems from healthcare's need to ensure medical systems are operational at all times - patients' lives may depend upon it. READ MORE...
- ...in 1928, Polish-American political scientist and former National Security Advisor Zbigniew Brzezinski is born in Warsaw, Poland.
- ...in 1930, Turkey changes the name of its largest city, Constantinople, to Istanbul.
- ...in 1969, former President and five-star general Dwight D. Eisenhower dies of congestive heart failure.
- ...in 1979, a coolant leak at the Three Mile Island nuclear power plant near Harrisburg, PA results in a partial meltdown.
- ...in 1986, singer-songwriter/actress Stefani Germanotta, aka Lady Gaga, is born in New York City.