Author: Staff Writer

Essential Insights Log4Shell’s Wake-Up Call: The Log4Shell vulnerability in November 2021 prompted heightened awareness and significant investment in open-source security from major tech companies and the Biden administration, leading to substantial improvements. Challenges to Progress: Despite initial momentum, efforts have stalled due to distractions like generative AI, political transitions, and insufficient follow-through on funding promises from tech companies. Growing Responsibility: There is an increasing recognition among companies that they must take responsibility for the security of open-source software they use, moving away from relying solely on unpaid community developers. Unresolved Issues: Critical security challenges remain, including a lack of transparency…

Fast Facts Multiple healthcare providers, including Meridian Valley Laboratories and pharmacies in New York (College Parkside and College Hometown), reported recent sophisticated hacking incidents involving unauthorized access to patient data, affecting thousands. The breach at College Hometown and College Parkside Pharmacy impacted approximately 15,478 individuals, exposing sensitive health and personal information, with notifications delayed until May 2025 to review affected data. Meridian Valley Laboratories experienced unauthorized network access between May and July 2025, with an estimated 501 individuals potentially affected; full impact is still under investigation. Both incidents highlight ongoing cybersecurity risks in healthcare, prompting affected organizations to implement additional…

Summary Points RatOn has evolved from a basic NFC relay attack tool into a sophisticated Android banking trojan capable of automated device fraud, account takeover, and ransomware-like overlays. It targets cryptocurrency wallets such as MetaMask and Trust, using fake Play Store pages to deliver malicious payloads and requesting extensive permissions for malicious activities. The malware can simulate ransom notes to coerce payment, steal PIN codes, access security settings, and exfiltrate sensitive data, including cryptocurrency seed phrases. RatOn primarily targets Czech and Slovakian users, employing custom commands for malicious operations and collaborating with local money mules for automated transfers. Underlying Problem…

Fast Facts External penetration testing is essential for validating security defenses against sophisticated, real-world threats, especially with expanded attack surfaces in 2025 due to cloud, SaaS, and remote work. Top firms combine expert human testers with advanced platforms (PtaaS) to deliver continuous, realistic assessments that identify vulnerabilities automated tools may miss, focusing on publicly accessible assets. Leading companies like IBM Security, Rapid7, and CrowdStrike emphasize experience, real-time reporting, and targeted testing, catering to high-profile enterprises and regulated sectors, while flexible models like Synack and HackerOne leverage crowdsourcing for scale. The best choice depends on organizational needs for strategic, technical, or…

Summary Points Wayne Memorial Hospital in Georgia experienced a ransomware attack in May 2024, compromising the personal data of over 160,000 individuals. Hackers accessed and encrypted sensitive information, including Social Security numbers, health data, and credit card details, leaving a ransom note. The hospital responded by disconnecting systems, restoring from backups, and providing affected patients with a year of free credit monitoring. The Monti ransomware group, active since 2022 and linked to previous attacks, claimed responsibility by listing WMH on its leak site, though no misuse of data has been reported. The Core Issue In May 2024, Wayne Memorial Hospital…

Quick Takeaways The intrusion involved the deployment of SectopRAT malware via a maliciously signed application, leading to extensive reconnaissance, privilege escalation, and data exfiltration activities. The attacker used advanced tools like Betruger and SystemBC, along with legitimate utilities such as PsExec and PowerShell, employing defense evasion tactics like timestomping and process injection. The attack aimed at ransomware deployment, archiving, and exfiltrating data, with no direct file-encrypting malware executed, but system compromise facilitated through remote access and credential theft. The threat actor is linked to three RaaS operations—Play (via Grixba), RansomHub (via Betruger), and DragonForce (via NetScan)—indicating a multifaceted cybercrime alliance.…

Top Highlights 88% of Boards recognize cybersecurity as a critical business risk, yet security leaders struggle to effectively communicate its importance in business terms like continuity, compliance, and cost impact. Effective security funding should focus on aligning strategies with business objectives, prioritizing high-value assets, and quantifying potential breach costs to justify investments. Using industry standards and continuous, automated security validation helps demonstrate real-world protection, uncover vulnerabilities early, and prove security ROI beyond compliance. Tailoring communication to different audiences and maintaining ongoing testing fosters confidence, shifts the security narrative from fear to resilience, and supports scalable, outcome-driven security budgets. The Issue…

Fast Facts SpamGPT is a dark web "spam-as-a-service" platform that uses AI to automate and enhance large-scale phishing campaigns, lowering technical barriers for cybercriminals. The platform mimics legitimate marketing tools, offering features like campaign management, email testing, and real-time analytics, with an AI assistant called KaliGPT to generate convincing phishing content. It facilitates sophisticated spoofing techniques, automates infrastructure management, and includes training on SMTP cracking, enabling even low-skilled actors to execute effective, undetectable attacks. To combat such threats, organizations must strengthen email authentication protocols (DMARC, SPF, DKIM) and deploy AI-enabled security solutions to identify AI-generated phishing content. The Core Issue…

Essential Insights Dynatrace confirmed a third-party data breach via the Salesloft Drift application, exposing only customer business contact information in Salesforce CRM, with no impact on core products or sensitive data. The breach originated in August 2025 when attackers compromised Salesloft’s Drift app, gaining unauthorized access to Salesforce environments of affected clients, including Dynatrace. Dynatrace responded by disabling the compromised app, launched an investigation with cybersecurity experts, and verified that no customer support cases or sensitive data were accessed. The company advises customers to remain vigilant against social engineering, clarifies that no sensitive credentials were compromised, and emphasizes that employees…

Quick Takeaways Salesloft’s GitHub account was breached between March and June 2025, enabling hackers to download code, add rogue accounts, and escalate to Drift’s AWS environment, leading to OAuth token theft. Attackers, linked to groups like ShinyHunters and Scattered Spider, exploited the compromised OAuth tokens to conduct widespread Salesforce data theft, focusing on support cases and harvesting sensitive credentials. Mandiant’s investigation confirmed that the breach originated from initial GitHub access and escalated after compromising Drift’s AWS environment, but the threat actor’s access has now been contained. Salesloft has rotated credentials, hardened defenses, and restored Salesforce integrations, ensuring no current foothold…