?Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. The health network operates 142 hospitals nationwide, has over 142,000 employees, and has reported a total revenue of $28.3 billion in 2023. Depending on the impacted patient, the attackers gained access to a combination of personal information. READ MORE...
A former Disney employee, Michael Scheuer, will serve three years in prison for computer fraud and aggravated identity theft after a digital sabotage campaign against his ex-employer. In addition to his sentence, he must pay nearly US$688,000 in restitution. Scheuer, a former menu production manager at Walt Disney World, launched his campaign after being fired for misconduct in June 2024. Fortunately, Disney detected the changes before they reached customers. READ MORE...
France on Tuesday said the Russian state-sponsored hacking group APT28 has targeted or compromised a dozen government organizations and other French entities. Linked to the Russian General Staff Main Intelligence Directorate (GRU) and also tracked as BlueDelta, Fancy Bear, Forest Blizzard, Sednit, and Sofacy, APT28 has been active since at least 2004, typically targeting government, military, energy, and media organizations in Europe and the US. READ MORE...
Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. These numbers are down from 97 zero-days in 2023 but up from 63 in 2022, which GTIG analysts attributed to year-to-year swings reflecting expected variation within an upward trajectory for attacks exploiting zero-days, which the company defines as vulnerabilities exploited in the wild before vendors release patches. READ MORE...
Google and Mozilla on Tuesday announced the promotion of Chrome 136 and Firefox 138 to their stable channels with patches for over a dozen vulnerabilities, including multiple high-severity bugs. Chrome 136 was rolled out with eight security fixes, four of which address flaws reported by external researchers. The most severe of the externally reported security defects is CVE-2025-4096, a high-severity heap buffer overflow issue in HTML. READ MORE...
As AI adoption accelerates across industries, organizations are increasingly turning to open and offline large language models (LLMs) for privacy and intellectual property protection in tasks like source code reviews and assisted coding. But there are significant risks beneath the surface - especially when using models developed or distilled by other nations, governments, or communities. These concerns go far beyond the obvious security risks and privacy issues. READ MORE...
Internet-connected automatic tank gauges (ATGs) pose a serious but often overlooked cyber-risk to the thousands of gas stations, fuel depots, and facilities that rely on these devices to monitor tank levels, temperatures, leaks, and other critical operational parameters. Pedro Umbelino, principal research scientist at Bitsight, is sounding the alarm on the issue at the 2025 RSAC Conference this week, warning that hackers could cause considerable chaos by tampering with ATGs. READ MORE...
Vulnerabilities in Apple's AirPlay protocol and the accompanying SDK could allow attackers to take over devices, in some instances without user interaction, runtime protection firm Oligo Security says. The identified security defects, 23 in total, could be exploited over wireless networks and peer-to-peer connections, leading to the complete compromise of not only Apple products, but also third-party devices that use the AirPlay SDK. READ MORE...