Three US healthcare organizations - two in Illinois and one in Texas - have disclosed data breaches affecting a total of nearly 600,000 individuals. The data breach tracker operated by the US Department of Health and Human Services (HHS) was updated this week to add three healthcare-related cybersecurity incidents impacting a significant number of people. The biggest breach was disclosed by the North Texas Behavioral Health Authority, affecting 285,000 individuals. READ MORE...
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the "Press Lounge" section of the site were shown a page titled "HACKED," which replaced normal content with what appeared to be a ransom demand and data breach notification. The message warned that attackers had gained access to the company's Shopify backend. READ MORE...
UK enterprise software consultancy The Adaptavist Group is investigating a security breach after an intruder logged in with stolen credentials, while a ransomware crew claims it grabbed far more than the company is currently admitting. In a letter to customers, Adaptavist's CEO Simon Haighton-Williams said the biz detected an "IT security incident" in late March after an attacker used compromised login details to gain unauthorized access to some of its systems. READ MORE...
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors. READ MORE...
Somebody went looking for Google's new Antigravity coding tool this week, clicked download, ran the installer, and got exactly what they thought they were getting. Antigravity installed cleanly. A shortcut appeared on the desktop. The application opened and worked. Nothing looked or felt wrong. But behind the scenes, that installer can give your accounts, your data, and even your machine to an attacker, without breaking anything the user can see. READ MORE...
Mythos matters. It is a significant step forward in AI-assisted vulnerability discovery. But it does not mean cybersecurity changed overnight, nor does it mean enterprises are suddenly facing fully automated exploitation at internet scale tomorrow. It does mean the offensive side of AI is continuing to improve. The defensive side needs to catch up now. Mythos is the latest step in a longer trend. Over the next several years, expect the same pattern to repeat. READ MORE...
A researcher has analyzed internet-facing Perforce P4 servers and found that many are still misconfigured, exposing highly sensitive information. Perforce P4 (formerly Helix Core) is a centralized version control platform built to handle the massive data requirements of industries like AAA gaming and semiconductor design. While P4 serves an important role, it can be valuable for threat actors if left unprotected. READ MORE...