Vulnerabilities
-
DaVita ransomware breach exposes data of nearly 2.7 million people, OCR confirms
DaVita disclosed that a ransomware attack compromised the personal and health data of nearly 2.7 million people, with OCR confirming 2,689,826 affected and the company noting a possible 2.4 million. The breach exposed information from DaVita’s labs database, with the company offering credit monitoring to affected individuals as investigations continue.
-
Nearly 1 Million Health Records Exposed in Ohio Medical Alliance Data Breach
Cybersecurity researchers say two unprotected databases linked to Ohio Medical Alliance exposed 957,434 patient records, including SSNs and driver’s-license images, in a breach that required immediate remediation and raises privacy and identity-theft concerns in the medical marijuana sector.
-
Microsoft restricts Chinese firms’ access to vulnerability warnings amid SharePoint attacks
Microsoft has restricted certain Chinese firms from its vulnerability early warning program after concerns that data could be linked to a wave of SharePoint server attacks, sparking debate over governance and the global sharing of threat intelligence.
-
Apple patches zero-day CVE-2025-43300 after highly targeted attack, urges immediate updates
Apple has issued security updates for CVE-2025-43300, a zero-day flaw in Apple’s Image I/O framework that was exploited in a highly targeted attack; users are urged to install the latest iOS, iPadOS and macOS updates.
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
-
Static Tundra: Russia-linked group exploits Cisco flaw to maintain long-term access to global networks, researchers say
A Russian state-sponsored group known as Static Tundra has been quietly compromising network devices worldwide for over a decade, exploiting a seven-year-old Cisco vulnerability to steal data and maintain access, according to Cisco Talos Intelligence.
-
DripDropper Linux malware patches exploited flaw to lock out rivals, Red Canary says
Red Canary researchers describe DripDropper, a Linux malware that exploits Apache ActiveMQ CVE-2023-46604 to gain access to cloud servers, then patches the vulnerability to keep rivals out and maintain control, using Sliver for persistence and Dropbox as a command channel.
-
Commvault patches four on-prem vulnerabilities tied to remote code execution chains
Commvault has fixed four on-prem vulnerabilities that could enable unauthenticated attackers to compromise deployments and chain to remote code execution, according to findings from watchTowr Labs.
-
State-sponsored XenoRAT campaign targets South Korean embassies, researchers say
A Trellix-led analysis describes a multi-phase, state-sponsored XenoRAT espionage campaign targeting South Korean embassies, with links to North Korea’s Kimsuky and indications of possible China-based sponsorship. The operation has conducted at least 19 spearphishing attacks since March, delivering XenoRAT via password-protected ZIP archives and complex, multilingual lures.
-
PipeMagic backdoor used in RansomExx attacks tied to patched Windows vulnerability CVE-2025-29824
Security researchers say the PipeMagic backdoor, used in RansomExx attacks, exploits a patched Windows vulnerability (CVE-2025-29824) and leverages a modular loader to deploy additional payloads, with activity spanning Saudi Arabia, Brazil and beyond.
