Policy
-
Microsoft, Cloudflare Lead Disruption of RaccoonO365 Phishing Network, Seizing 338 Domains
Microsoft and Cloudflare led a coordinated takedown of the RaccoonO365 phishing-as-a-service network, seizing 338 domains and disrupting a campaign that had targeted thousands of Microsoft 365 credentials across dozens of countries. The operation highlights how criminal networks leverage legitimate internet infrastructure to facilitate credential theft, with law enforcement pursuing principal operators and affiliates alike.
-
KillSec ransomware hits Brazil’s healthcare IT supply chain, exposing tens of thousands of records
KillSec has claimed responsibility for a September 2025 attack on Brazil’s healthcare software provider MedicSolution, breaching the healthcare IT supply chain and exposing more than 34 GB of sensitive health data across clinics and laboratories, including medical and minor records.
-
ECG signals can be linked to individuals, study finds, prompting privacy cautions
A new study shows ECG signals can be linked to identifiable individuals with high accuracy, challenging traditional de-identification methods and prompting calls for stronger privacy protections in health data sharing.
-
CISA Adds Critical CVE-2025-5086 in DELMIA Apriso to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-5086, a critical remote-code-execution flaw in DELMIA Apriso, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation emerged, prompting urgent patching across affected deployments.
-
Wyden urges FTC to probe Microsoft over alleged ‘gross cybersecurity negligence’ linked to ransomware attacks, citing Ascension breach
U.S. Senator Ron Wyden has urged the FTC to investigate Microsoft, accusing the company of cybersecurity negligence linked to ransomware attacks on critical infrastructure, including a major Ascension health-system breach that affected millions of people.
-
France fines Google €325 million and Shein €150 million for cookie violations, CNIL says
France’s CNIL fined Google €325 million and Shein €150 million for cookie-consent violations, ordering compliance within six months, as U.S. authorities push parallel privacy actions and other firms face related penalties.
-
Jaguar Land Rover says cyberattack severely disrupted production; no evidence of customer data theft yet
Jaguar Land Rover said a weekend cyberattack severely disrupted production and retail operations, but there is no evidence yet that customer data was stolen. The company is restarting affected systems and did not specify a timeline for full recovery.
-
NIST Revamps Security Controls to Tighten Software Updates and Patch Management
NIST has revised its Security and Privacy Control Catalog to strengthen software update and patch management, introducing changes aimed at better incident response, root-cause analysis, and cyber resiliency to reduce the window of exposure in software supply chains.
-
Healthcare Services Group breach affects more than 624,000 individuals
Healthcare Services Group said a data breach exposed the personal information of more than 624,000 individuals, with unauthorized access occurring between Sept. 27 and Oct. 3, 2024 and notifications sent on Aug. 25, 2025. Data types varied but included identifiers and financial details; credit monitoring is being offered, and there is no current evidence of…
-
SSA whistleblower alleges DOGE duplicated NUMIDENT in unauthorized cloud, risking Americans’ data
A government whistleblower alleges that DOGE, a non-official federal client, copied the NUMIDENT database into an unauthorized cloud environment, risking all Americans’ Social Security data, with additional claims of improper access and potential privacy violations.
