Author: Staff Writer

Essential Insights Doctors Imaging Group experienced a data breach from November 5-11, 2024, exposing sensitive patient information for over 171,000 individuals. Hackers accessed and copied files containing personal, medical, and financial data, including Social Security numbers and medical records. The organization’s investigation concluded in August 2025; it is unclear if a ransomware group was responsible. While large-scale, such healthcare data breaches are common and can impact many patients. The Issue Doctors Imaging Group, a radiology practice operating in Palatka and Gainesville, Florida, recently disclosed that it experienced a significant data breach nearly a year earlier, from November 5 to November…

Quick Takeaways A group called Scattered LAPSUS$ Hunters, linked to known hacking collectives Lapsus$, Scattered Spider, and ShinyHunters, claims to have stolen data from 39 organizations, including major brands like Disney, Google, and Toyota, involving approximately 1 billion records. Salesforce states there is no evidence of platform compromise and attributes the extortion attempts to past or unsubstantiated incidents, emphasizing no current breach has been identified. The hackers threaten to collaborate with ongoing lawsuits against Salesforce unless paid, marking a novel tactic of leveraging legal actions for extortion. Experts suggest the attack was likely carried out via social engineering and stolen…

Essential Insights Funding Expiration: Federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC), critical for local cybersecurity, expired due to decisions by the Trump administration, threatening national security as local governments lose access to vital services. Significant Membership Loss: MS-ISAC anticipates losing two-thirds of states and thousands of local jurisdictions, especially those that are underfunded, heightening their vulnerability to cyber threats amid increasing attacks from nation-states and criminals. Defunding Consequences: Experts claim that the defunding hinders local governments’ cyber defenses, with many unable to afford memberships for essential cybersecurity resources, leading to increased exposure of critical infrastructure. Future…

Top Highlights A group called Storm-1175 has been exploiting a critical vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT software since September 10, enabling Medusa ransomware attacks across organizations. The vulnerability involves deserialization of untrusted data, allowing remote and low-complexity exploitation without user interaction, leading to unauthorized access and ransomware deployment. Microsoft confirmed that Storm-1175 used this flaw to gain initial access, then utilized RMM tools for persistence, network reconnaissance, lateral movement, data exfiltration with Rclone, and file encryption with Medusa ransomware. Authorities like CISA, FBI, and MS-ISAC have warned over 300 U.S. critical infrastructure entities about Medusa-related assaults, prompting advisories to…

Fast Facts A threat actor has claimed responsibility for a major data breach at Huawei, alleging the theft of internal source code, development tools, and sensitive intellectual property, and is attempting to sell it on the dark web. The incident highlights longstanding security concerns and espionage accusations against Huawei, including past reports of backdoors and targeted cyberattacks linked to both corporate and government interests. The breach’s authenticity and impact are still under investigation, but if confirmed, it could reveal vulnerabilities in Huawei’s products and threaten global infrastructure security. Past incidents, including U.S. infiltration and security flaws, underscore ongoing geopolitical and…

Quick Takeaways Low Readiness for CMMC Compliance: Only 1% of U.S. defense contractors feel fully prepared for the Cybersecurity Maturity Model Certification (CMMC), set to take effect on November 10. Decreasing Confidence: Confidence in readiness among contractors has declined over the past two years, with fewer than 50% implementing necessary security controls and documentation. Implementation Gaps: Significant shortcomings exist, with only 29% using secure backup technologies and just 27% employing multifactor authentication, among other critical cybersecurity measures. Impact of Non-Compliance: As CMMC transitions to procurement requirements, delays in compliance could jeopardize contracts and expose sensitive national security information, emphasizing the…

Quick Takeaways An email-based extortion campaign targeting Oracle E-Business Suite customers has been linked to a zero-day vulnerability (CVE-2025-61882), allowing attackers to take control of Oracle’s system without authentication. The campaign, associated with Clop ransomware, has targeted executives since early last week, with Oracle urging users to apply a critical patch released in July. Security firms reveal that multiple vulnerabilities, including the zero-day and previously disclosed flaws, are being exploited together, especially following leaked exploit code. Clop, a highly active ransomware group, previously exploited Oracle vulnerabilities in August and is now expected to see increased activity with the availability of…

Essential Insights Oracle 0-Day Vulnerability: Threat actors linked to the Cl0p ransomware group exploited the CVE-2025-61882 vulnerability in Oracle E-Business Suite, allowing data theft via unauthorized network access. Phantom Taurus Cyber-Espionage: A Chinese state-sponsored actor, Phantom Taurus, has been targeting key entities in Africa, the Middle East, and Asia with advanced cyber-espionage tactics using bespoke tools. Emergence of New Malware Attacks: Various new malware strains, such as SORVEPOTEL targeting WhatsApp, Detour Dog using compromised WordPress sites, and Android spyware campaigns, indicate a diversification in cybercriminal tactics. New Phishing Toolkit and Legal Actions: The Impact Solutions phishing toolkit has been released,…

Quick Takeaways Data Breach Claim: A hacker group, Crimson Collective, claims to have breached Red Hat, threatening to release 570 GB of stolen data unless a ransom is paid. Scope of Theft: The breach includes over 28,000 Red Hat code repositories, 3.5 million files, and sensitive reports on major corporations like Walmart and American Express. Unauthorized Access: Red Hat confirmed unauthorized access to its internal GitLab, involving consulting engagement data and potentially sensitive business contacts. Collaboration with Cybercrime: Crimson Collective is linked to the Lapsus$ gang and has given Red Hat until October 10 to negotiate, asserting that the company…

Top Highlights A critical vulnerability (CVE-2025-59489, CVSS 8.4) in Unity allows attackers to load malicious libraries and execute arbitrary code via command-line arguments, primarily affecting Unity versions 2017.1 and later. The flaw exploits Unity’s support for application debugging, where malicious applications can manipulate intent extras to control command-line arguments and trigger code execution. Remote exploitation is feasible, especially on Windows with registered custom URI handlers, enabling attackers to load malicious libraries without direct command-line access. Unity and partners like Microsoft and Valve have issued updates, patches, and detection rules, urging developers to update Unity editors and rebuild applications to mitigate…