The cybercrime group known as ShinyHunters has made headlines for its ongoing campaign of data breaches and is now reported to be actively exploiting vulnerabilities in companies’ GitHub repositories. This analysis highlights the group’s strategies for conducting broader and more sophisticated cyberattacks. According to a report from Intel 471 shared…
Artificial Intelligence & Machine Learning, Healthcare, Industry Specific Guidance Documents Highlight 5 Key Risk Areas and Best Practices for AI in Healthcare Marianne Kolbasuk McGee (HealthInfoSec) • November 12, 2025 The Health Sector Coordinating Council has previewed upcoming materials aimed at helping the healthcare sector address the cyber risks associated…
On November 7, a hacker on a forum began offering what they claimed to be 353 GB of data from Doctor Alliance, a Texas-based vendor specializing in services for healthcare providers. The seller indicated the package consists of 1,240,640 files, cautioning potential buyers that “all your data will be sold”…
Critical Vulnerabilities Discovered in VMware vCenter Server: A Call to Action for Businesses On Tuesday, Broadcom issued urgent updates in response to a significant security vulnerability affecting VMware vCenter Server that could potentially allow remote code execution. This vulnerability, designated CVE-2024-38812 and rated with a CVSS score of 9.8, is…
A recent advisory from U.S. and U.K. intelligence agencies reveals that cyber operatives linked to the Russian Foreign Intelligence Service (SVR) have adapted their operational tactics in light of prior public revelations regarding their attack methodologies. This shift aims to circumvent detection and mitigation efforts from cybersecurity defenders. The National…
Wiz, a cloud security organization, has disclosed a recently patched vulnerability in Microsoft’s Azure Cosmos database that posed a significant risk by allowing unauthorized users to gain full administrative access to the database instances of other customers. This vulnerability, named “ChaosDB,” was particularly alarming due to its potential for exploitation…
Third-Party Risk Management, Governance & Risk Management, Operational Technology (OT) Sean Tufts of Claroty Discusses Security Challenges for Critical Infrastructure , Brian Pereira (creed_digital) • November 12, 2025 Sean Tufts, Field CTO, Claroty Recent findings indicate that third-party risks present significant cybersecurity challenges for critical infrastructure providers, potentially leading to…
Over the last decade, the English-speaking cybercriminal landscape, known as “The COM,” has grown from a niche group dedicated to trading rare social media usernames into a complex, service-driven underground economy orchestrating a wide array of global cyberattacks. Foundational communities like Dark0de and RaidForums have played a critical role in…
In a significant development for the cybersecurity landscape, GitLab has issued critical patches addressing a serious vulnerability in both its Community Edition (CE) and Enterprise Edition (EE) software. The flaw, categorized as an authentication bypass, could potentially allow unauthorized users to gain access to sensitive systems. This vulnerability is embedded…
