The healthcare data breach tracker maintained by the US Department of Health and Human Services (HHS) revealed on Monday that more than 300,000 individuals are affected by a recent cybersecurity incident at Vitas Healthcare. Chemed-owned Vitas Healthcare is described as the largest for-profit hospice chain in the United States. In a statement posted on November 21, the organization revealed that Vitas Hospice Services discovered an intrusion on October 24. READ MORE...
The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining "computer data of particular importance to national defense." The three men, aged between 39 and 43, could not explain why they were carrying the electronic devices. They now face charges of fraud, computer fraud, and possession of devices and software intended for criminal activity. READ MORE...
Some of the attacks exploiting the recently emerged React vulnerability dubbed React2Shell appear to have been conducted by North Korean threat actors, according to cybersecurity firm Sysdig. The React2Shell vulnerability, officially tracked as CVE-2025-55182, can be exploited for unauthenticated remote code execution. The flaw impacts version 19 of the React open source library for creating application user interfaces. READ MORE...
Researchers at security software vendor Huntress say they've noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they're as secure as can be and properly backed up. "Huntress case data revealed a stunning surge in hypervisor ransomware: its role in malicious encryption rocketed from just three percent in the first half of the year to 25 percent so far in the second half," wrote three Huntress employees in a Monday post. READ MORE...
The market for initial access brokers has blossomed over the past two years, making it easier for advanced adversaries to outsource the grunt work of intrusions and breach more targets, Check Point said in a report published on Monday. The surge in the IAB ecosystem comes as nation-states increasingly use cyberspace to project power, according to the report. Check Point urged businesses to prioritize identity security, protect software supply chains and harden operational technology. READ MORE...
Ransomware activity reached an all-time high in 2023, totaling more than 1,500 incidents and $1.1 billion in reported payments, before dropping the following year after two high-profile law enforcement takedowns. The two critical law enforcement actions were the 2023 U.S.-led takedown of AlphV/BlackCat and the 2024 disruption of LockBit by U.S. and U.K. authorities, according to a new U.S. government study. READ MORE...
Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request. And, as if that wasn't enough of a privacy violation, Grok has also been exposed as providing detailed instructions for stalking and surveillance of targeted individuals. The findings represent a serious demonstration of how an AI tool can enable real-world harm. READ MORE...
Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK's National Cyber Security Centre (NCSC) has warned that it may never be "fixed" in the way SQL injection was. Two years ago, the NCSC said prompt injection might turn out to be the "SQL injection of the future." Prompt injection works because AI models can't tell the difference between the app's instructions and the attacker's instructions, so they sometimes obey the wrong one. READ MORE...
The Apache Software Foundation (ASF) has issued a new CVE identifier for a critical security flaw in Apache Tika because its original vulnerability disclosure failed to capture the full extent of affected components and left many users exposed despite applying the recommend patch. Apache Tika is an open source content analysis tool that can automatically recognize and extract text and metadata from PDFs, PowerPoint, Excel, Word, and hundreds of other file formats. READ MORE...