Comstar LLC Enters into Corrective Action Plan and Settlement Agreement with HHS OCR
In May 2022, it was reported that Comstar LLC, an ambulance billing service based in Massachusetts, initiated notifications to an undisclosed number of individuals following a data security breach…

Revival of Haozi Phishing Service in China: A Threat Amplifying Criminal Revenues
A Chinese-language platform known as Haozi is revolutionizing the landscape of cybercrime by providing a PhaaS (Phishing as a Service) solution that requires minimal technical expertise. This plug-and-play service…

Exploitation of Critical Vulnerability in vBulletin Forum Software by Cyber Threat Actors
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be actively exploited in the wild.

The identified flaws, designated…

Transforming from Compliance Constraints to Enabling Innovation: A Healthcare CISO’s Path to Advancing Modern Care Solutions
When Jason Elrod, CISO of MultiCare Health System, articulates the challenges of legacy healthcare IT environments, he underscores a critical perspective: “Healthcare often progresses in reverse, focusing on the…

US Banks Advocate for Repeal of Cyber Disclosure Regulation
The US banking sector is actively seeking the revocation of a recent rule from the US Securities and Exchange Commission (SEC) regarding the reporting of cyber incidents. The coalition…

Mandatory Disclosure of Ransom Payments by Australian Cybercrime Victims to Government Authorities
Australia has recently implemented groundbreaking legislation that mandates organizations to report any extortion payments made to cybercriminals as a result of ransomware attacks. This measure positions Australia as the…

Critical Vulnerabilities in Linux Enable Exfiltration of Password Hashes through Core Dumps in Ubuntu, RHEL, and Fedora
Two information disclosure vulnerabilities have been identified in Apport and systemd-coredump, the core dump handling systems used in various Linux distributions, including Ubuntu, Red Hat Enterprise Linux, and Fedora.…

GangExposed Unveils Identity of Conti Leaders in Significant Ransomware Data Disclosure
A whistleblower, operating under the alias GangExposed, has unveiled significant details regarding key individuals associated with the Conti and Trickbot ransomware groups. This individual has released a substantial cache…

Transforming Enterprise Operations in 2025: The Impact of Flowable’s Advanced Automation Solutions
As organizations increasingly encounter the challenge of maximizing output while minimizing resource expenditure, automation platforms are emerging as essential tools for operational efficiency. Flowable stands out as a robust…

Understanding Facebook’s Data Collection Practices: Insights from Lock and Code S06E11
This week on the Lock and Code podcast, we delve into the extensive data that Facebook collects about its users.

In an effort to enhance transparency, Facebook introduced an…

Impersonation of Recruiter Communications Affects CFOs Utilizing Authentic NetBird Tool Across Six Global Regions
Cybersecurity professionals have identified a sophisticated spear-phishing campaign leveraging a legitimate remote access tool, Netbird, to target Chief Financial Officers (CFOs) and financial executives at institutions including banks, energy…

Dutch Police Lead Shutdown of Counter AV Service AVCheck
European and American law enforcement agencies have successfully dismantled one of the most significant Counter Antivirus (CAV) services in operation, known as AVCheck. This service permitted malware developers to…

Akira Fails to Uphold Commitments to Affected Parties — SuspectFile
Over the past week, SuspectFile has delved into the implications of the ransomware group Akira’s alleged deception toward its victims. In two separate reports, the focus has been on…

Operator of Iranian Robbinhood Ransomware Pleads Guilty in Attacks on U.S. Cities
A ransomware operator associated with the sophisticated Robbinhood strain has entered a guilty plea for orchestrating significant cyberattacks against various cities in the United States, most notably targeting Baltimore…

Potential AsyncRAT Infection Risk Following Redirection to Fraudulent Booking.com Domains
Cybercriminals have launched a campaign targeting users on gaming websites and social media platforms, as well as promoted through sponsored advertisements, directing individuals to counterfeit websites masquerading as Booking.com.…

“Emergence of the ‘Russian Market’ as a Principal Source for Compromised Credentials”
The “Russian Market” cybercrime marketplace has gained significant traction as a prominent platform for trading credentials compromised by information stealer malware. Active for approximately six years, the marketplace saw…

Cryptojacking Campaign Leverages Open-Source Tools from GitHub to Exploit DevOps APIs
Cybersecurity researchers have identified a new cryptojacking campaign targeting publicly accessible DevOps web servers associated with technologies such as Docker, Gitea, and HashiCorp Consul and Nomad, with the intention…

Emerging Linux Vulnerabilities Reveal Password Hashes through Core Dumps
Two local information-disclosure vulnerabilities have been identified in widely-used Linux crash-reporting tools, enabling potential attackers to gain access to sensitive system data.

The vulnerabilities, unveiled by the Qualys Threat…

Cartier Data Breach Notification: Luxury Retailer Alerts Customers to Potential Exposure of Personal Information
Another esteemed luxury brand has fallen victim to a cyber attack: Cartier. Distinct from the recent breaches involving other high-end labels such as Dior and Tiffany, Cartier operates under…

Ensuring the Security of Your Litecoin: A Comprehensive Guide
Litecoin (LTC) has established itself as a prominent player in the cryptocurrency landscape, often referred to as the “silver to Bitcoin’s gold.” Its design facilitates faster transaction times and…