Risk
-
Healthcare Services Group breach affects more than 624,000 individuals
Healthcare Services Group said a data breach exposed the personal information of more than 624,000 individuals, with unauthorized access occurring between Sept. 27 and Oct. 3, 2024 and notifications sent on Aug. 25, 2025. Data types varied but included identifiers and financial details; credit monitoring is being offered, and there is no current evidence of…
-
Five Blind Eagle activity clusters identified, with Colombia as primary focus, researchers say
Security researchers have identified five distinct activity clusters tied to the Blind Eagle threat actor, with Colombia as the primary target, as Recorded Future’s Insikt Group tracks campaigns from May 2024 to July 2025.
-
SSA whistleblower alleges DOGE duplicated NUMIDENT in unauthorized cloud, risking Americans’ data
A government whistleblower alleges that DOGE, a non-official federal client, copied the NUMIDENT database into an unauthorized cloud environment, risking all Americans’ Social Security data, with additional claims of improper access and potential privacy violations.
-
Salesloft breach linked to theft of Drift OAuth tokens used to access Salesforce, Google says UNC6395 behind attack
Hackers breached Salesloft to steal Drift OAuth and refresh tokens used for Salesforce integration, enabling data exfiltration from customer environments. Google’s threat intelligence assigns UNC6395 to the activity and notes credential theft across cloud services, with administrators urged to rotate credentials and reauthenticate Drift-Salesforce connections.
-
ZipLine phishing campaign uses public contact forms to drop in-memory MixShell malware, researchers say
Cybersecurity researchers warn of ZipLine, a social-engineering campaign that uses public-facing Contact Us forms to seed weeks-long conversations before delivering in-memory MixShell malware via a weaponized ZIP file, with DNS tunneling as the primary command-and-control channel.
-
HOOK Android banking trojan adds ransomware overlay, expands remote command set
Security researchers have identified a new HOOK Android banking trojan variant that adds ransomware-style overlays, remote command capabilities, and expanded data-theft features, signaling a growing blend of banking fraud with spyware and ransomware tactics.
-
Farmers Insurance says 1.1 million customers affected by data breach tied to Salesforce attack wave
Farmers Insurance says 1.1 million customers were affected by a data breach at a third‑party vendor, tied to a broader Salesforce data‑theft campaign. The incident exposed names, addresses, birth dates, driver’s licenses, and last‑four digits of SSNs, with notices issued starting in August and Maine officials confirming more than 1.1 million total affected across notices.
-
Auchan data breach exposes loyalty data of hundreds of thousands of customers
French retailer Auchan disclosed a cyberattack that exposed the personal data of hundreds of thousands of loyalty-account holders, including names, addresses, emails, phone numbers, and loyalty card numbers, while bank data and PINs were not affected. The company has notified CNIL and urged vigilance against phishing.
-
Cheap VPS Hijacking Drives New Wave of SaaS-Based Business Email Compromises, Darktrace Finds
A Darktrace security report details a new wave of attacks where criminals rent cheap VPS services to hijack business email accounts, bypass traditional defenses, and establish covert, long-term access through subtle inbox rules.
-
Transparent Tribe targets Indian government with dual-platform Linux and Windows malware, researchers say
Researchers say the Transparent Tribe (APT36) has expanded its assault on Indian government networks with a cross‑platform campaign targeting Windows and Linux‑BOSS systems through spear‑phishing, weaponized desktop shortcuts, and a Go‑based backdoor, complemented by anti‑analysis techniques and 2FA‑focused phishing.
