Bill Toulas reports: An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. A deep forensic examination of the artifacts left behind uncovered tooling that had not been used in the investigated attack, but exposed attacker infrastructure that stored data exfiltrated from multiple victims. The…
Chad Van Alstin reports: Last year, 92% of all healthcare organizations—systems, hospitals, and provider groups—were targeted by a cyberattack, according to a new report from vendor Fortified Health Security. Further, 70% of those that reported experiencing an incident said patient care was impacted in some form, signaling that even an unsuccessful data breach can result in…
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It’s currently not known who is behind the campaign. The rootkit “has the ability to cloak or mask any…
A lot of insider threat reports this week, it seems. This one is from the U.S. Attorney’s Office, Southern District of Iowa: DES MOINES, Iowa – On October 15, 2025, a federal grand jury in Des Moines charged a Des Moines man with computer fraud. The Indictment alleges that Ezekiel Dean Potter, 34, after being……
A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop
Here is today’s reminder of the insider threat. Street Insider reports: ALT5 Sigma Corporation filed a lawsuit in Delaware Chancery Court on November 4 against Wellington Peel, LLC, Jean-Francois Amyot, Hugues Benoit and Prime Delta Corp., seeking a temporary restraining order and injunctive relief related to alleged unauthorized access of company information. The company discovered……
The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a “national security decision.” “Effective…
