South Carolina-based healthcare provider Sandhills Medical Foundation has disclosed a data breach affecting nearly 170,000 individuals. Sandhills Medical said in a data security incident notice on its website that it discovered a ransomware attack on May 8, 2025. It has since been working with law enforcement, cybersecurity experts, and a forensics firm to investigate the intrusion and determine its impact. READ MORE...
US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. The messages, which began arriving on Monday, came signed by the Iran-linked Handala hacking group, that has spent much of 2026 attacking US and Israeli targets. The messages reportedly arrived from a Bahraini phone number registered to a local business - most likely because it had been spoofed or hijacked. READ MORE...
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company's public image. READ MORE...
A critical remote code execution vulnerability was recently discovered by researchers in Gemini CLI, an open source AI agent designed to provide lightweight access to Gemini directly from a terminal. The vulnerability, patched by Google in both Gemini CLI and the 'run-gemini-cli' GitHub Action, was identified by researchers at Novee Security. The researchers noticed that "Gemini CLI automatically trusted the current workspace folder, loading any agent configuration it found there." READ MORE...
The latest variant of an emerging ransomware may be far more destructive than its operators intended, acting as a wiper that deletes many of an organization's captured files instead of encrypting them, as typical ransomware does. This scenario makes recovery impossible for defenders while complicating the possibility of holding files for ransom for the attackers. The Vect 2.0 variant has a flaw that inadvertently and permanently destroys so-called "large files" rather than encrypting them. READ MORE...
A joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine cryptocurrency investment fraud centers. The crackdown was led by Dubai Police under the UAE Ministry of Interior and targeted crime networks running so-called pig-butchering schemes (also known as romance baiting), a form of fraud in which scammers build trust with their targets before luring them to fake cryptocurrency investment platforms that drain their funds. READ MORE...
Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems. While we don't know who is attacking this one, tracked as CVE-2026-32202, we'd suggest betting it all on Putin's goons. The flaw stems from an incomplete fix for an earlier vulnerability found and abused by Russian spies a month before Redmond released a patch. READ MORE...
GitHub yesterday disclosed CVE-2026-3854, a high severity (8.7 CVSS) vulnerability identified in GitHub Enterprise Server that would grant an attacker with push access to a repository to achieve remote code execution. GitHub said in a blog post that the vulnerability also affected github.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise Managed Users. READ MORE...
An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. The vulnerability is tracked as CVE-2026-31431 and was discovered by the offensive security company Theori, using its AI-driven pentesting platform Xint Code after scaning the Linux crypto/ sybsystem for about an hour. READ MORE...