Over 300,000 Individuals Impacted by Vitas Hospice Data Breach
The healthcare data breach tracker maintained by the US Department of Health and Human Services (HHS) revealed on Monday that more than 300,000 individuals are affected by a recent cybersecurity incident at Vitas Healthcare. Chemed-owned Vitas Healthcare is described as the largest for-profit hospice chain in the United States. In a statement posted on November 21, the organization revealed that Vitas Hospice Services discovered an intrusion on October 24. READ MORE...
Poland arrests Ukrainians utilizing 'advanced' hacking equipment
The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining "computer data of particular importance to national defense." The three men, aged between 39 and 43, could not explain why they were carrying the electronic devices. They now face charges of fraud, computer fraud, and possession of devices and software intended for criminal activity. READ MORE...
React2Shell Attacks Linked to North Korean Hackers
Some of the attacks exploiting the recently emerged React vulnerability dubbed React2Shell appear to have been conducted by North Korean threat actors, according to cybersecurity firm Sysdig. The React2Shell vulnerability, officially tracked as CVE-2025-55182, can be exploited for unauthenticated remote code execution. The flaw impacts version 19 of the React open source library for creating application user interfaces. READ MORE...
Researchers spot 700 percent increase in hypervisor ransomware attacks
Researchers at security software vendor Huntress say they've noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they're as secure as can be and properly backed up. "Huntress case data revealed a stunning surge in hypervisor ransomware: its role in malicious encryption rocketed from just three percent in the first half of the year to 25 percent so far in the second half," wrote three Huntress employees in a Monday post. READ MORE...
Initial access brokers involved in more attacks, including on critical infrastructure
The market for initial access brokers has blossomed over the past two years, making it easier for advanced adversaries to outsource the grunt work of intrusions and breach more targets, Check Point said in a report published on Monday. The surge in the IAB ecosystem comes as nation-states increasingly use cyberspace to project power, according to the report. Check Point urged businesses to prioritize identity security, protect software supply chains and harden operational technology. READ MORE...
Ransomware peaked in 2023 prior to law enforcement actions
Ransomware activity reached an all-time high in 2023, totaling more than 1,500 incidents and $1.1 billion in reported payments, before dropping the following year after two high-profile law enforcement takedowns. The two critical law enforcement actions were the 2023 U.S.-led takedown of AlphV/BlackCat and the 2024 disruption of LockBit by U.S. and U.K. authorities, according to a new U.S. government study. READ MORE...
Privacy concerns raised as Grok AI found to be a stalker's best friend
Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request. And, as if that wasn't enough of a privacy violation, Grok has also been exposed as providing detailed instructions for stalking and surveillance of targeted individuals. The findings represent a serious demonstration of how an AI tool can enable real-world harm. READ MORE...
Prompt injection is a problem that may never be fixed, warns NCSC
Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK's National Cyber Security Centre (NCSC) has warned that it may never be "fixed" in the way SQL injection was. Two years ago, the NCSC said prompt injection might turn out to be the "SQL injection of the future." Prompt injection works because AI models can't tell the difference between the app's instructions and the attacker's instructions, so they sometimes obey the wrong one. READ MORE...
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation (ASF) has issued a new CVE identifier for a critical security flaw in Apache Tika because its original vulnerability disclosure failed to capture the full extent of affected components and left many users exposed despite applying the recommend patch. Apache Tika is an open source content analysis tool that can automatically recognize and extract text and metadata from PDFs, PowerPoint, Excel, Word, and hundreds of other file formats. READ MORE...
- ...in 1883, physical trainer Joseph Pilates, creator of the exercise methods bearing his name, is born in Monchengladbach, Germany.
- ...in 1906, computer science pioneer and US Navy Rear Admiral Grace Hopper, the inventor of the first machine-independent program compiler, is born in New York City.
- ...in 1953, actor and producer John Malkovich ("Dangerous Liasons", "Burn After Reading") is born in Christopher, IL.
- ...in 1960, the first episode of "Coronation Street", the world's longest-running television soap opera, is broadcast by the British ITV network.
