The Breach News

Edelson Lechtzin LLP Launches Investigation into Data Privacy Claims for Customers of Northwest Radiologists, Inc. and Mount Baker Imaging

BELLINGHAM, Wash., Aug. 4, 2025 /PRNewswire/ — Edelson Lechtzin LLP, a law firm based in suburban Philadelphia, is conducting an investigation into data privacy concerns following a data breach involving Northwest Radiologists, Inc. and Mount Baker Imaging, collectively referred to as “Northwest Radiologists.” The organization detected unauthorized access to their…

Read MoreEdelson Lechtzin LLP Launches Investigation into Data Privacy Claims for Customers of Northwest Radiologists, Inc. and Mount Baker Imaging

Cisco Confirms Active Exploits Targeting Vulnerabilities in ISE, Leading to Unauthenticated Root Access

On July 22, 2025, Cisco updated its advisory regarding several recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), confirming that they are being actively exploited. Cisco’s Product Security Incident Response Team (PSIRT) reported awareness of attempts to exploit these vulnerabilities in real-world scenarios. However, the company did not specify which vulnerabilities are being targeted, the identity of the attacking entities, or the scale of these activities. Cisco ISE is crucial for network access control, determining which users and devices can access corporate networks and under what conditions. A breach at this level could allow attackers unrestricted access to internal systems, effectively bypassing authentication and logging controls and transforming a key policy engine into an unguarded entry point. The alert emphasizes that the identified vulnerabilities are classified as critical.

Cisco Confirms Ongoing Exploitation of ISE Vulnerabilities Leading to Unauthenticated Root Access On July 22, 2025, Cisco updated its advisory regarding recently unveiled vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), admitting that active exploitation is occurring in live environments. The Cisco Product Security Incident…

Read More

Cisco Confirms Active Exploits Targeting Vulnerabilities in ISE, Leading to Unauthenticated Root Access

On July 22, 2025, Cisco updated its advisory regarding several recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), confirming that they are being actively exploited. Cisco’s Product Security Incident Response Team (PSIRT) reported awareness of attempts to exploit these vulnerabilities in real-world scenarios. However, the company did not specify which vulnerabilities are being targeted, the identity of the attacking entities, or the scale of these activities. Cisco ISE is crucial for network access control, determining which users and devices can access corporate networks and under what conditions. A breach at this level could allow attackers unrestricted access to internal systems, effectively bypassing authentication and logging controls and transforming a key policy engine into an unguarded entry point. The alert emphasizes that the identified vulnerabilities are classified as critical.

⚡ THN Weekly Update: Key Cybersecurity Threats, Tools, and Strategies [Jan 6]

Jan 06, 2025

Every action we take online—each tap, click, and swipe—shapes our digital experience, but it also opens up opportunities for unintended risks. Trusted extensions, helpful assistants, and even QR codes are becoming avenues for cybercriminals. The boundary between convenience and risk has never been more precarious. This week, we explore the hidden dangers, unexpected vulnerabilities, and the cunning tactics that hackers are employing to outmaneuver the systems we rely on. Join us as we delve into the realities behind the screens and learn how to stay one step ahead.

⚡ Threat of the Week
Dozens of Google Chrome Extensions Discovered Stealing Sensitive Data — The ongoing challenges of securing the software supply chain were highlighted once again when about thirty Chrome extensions were found covertly extracting sensitive information from approximately 2.6 million devices over several months in two interconnected campaigns. This alarming discovery came to light thanks to insights from data loss prevention service Cyberhaven.

THN Weekly Recap: Examining Recent Cybersecurity Threats and Essential Insights Published January 6, 2025 In our increasingly digital world, each online interaction—from simple taps to complex swipes—helps define our digital existence. However, these actions can inadvertently expose us to risks we did not intend to invite. Trusted browser extensions, virtual…

Read More

⚡ THN Weekly Update: Key Cybersecurity Threats, Tools, and Strategies [Jan 6]

Jan 06, 2025

Every action we take online—each tap, click, and swipe—shapes our digital experience, but it also opens up opportunities for unintended risks. Trusted extensions, helpful assistants, and even QR codes are becoming avenues for cybercriminals. The boundary between convenience and risk has never been more precarious. This week, we explore the hidden dangers, unexpected vulnerabilities, and the cunning tactics that hackers are employing to outmaneuver the systems we rely on. Join us as we delve into the realities behind the screens and learn how to stay one step ahead.

⚡ Threat of the Week
Dozens of Google Chrome Extensions Discovered Stealing Sensitive Data — The ongoing challenges of securing the software supply chain were highlighted once again when about thirty Chrome extensions were found covertly extracting sensitive information from approximately 2.6 million devices over several months in two interconnected campaigns. This alarming discovery came to light thanks to insights from data loss prevention service Cyberhaven.

Chinese State-Sponsored Hackers Target Southeast Asian Telecoms

Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Threat Actor Maintains Long-Term Stealthy Access Prajeet Nair (@prajeetspeaks) • August 4, 2025 Image: Shutterstock A recent cybersecurity analysis reveals that Chinese nation-state hackers have infiltrated mobile telecommunications networks across Southeast Asia, ostensibly to track the locations of individuals,…

Read MoreChinese State-Sponsored Hackers Target Southeast Asian Telecoms

Highlands Oncology Group Data Breach Impacts 113,575 Individuals

Highlands Oncology Data Breach: Lawsuit Investigation Attorneys affiliated with ClassAction.org are currently investigating the potential for a class action lawsuit in response to the Highlands Oncology data breach. This inquiry focuses on gathering information from individuals who have received notifications indicating that their personal data was compromised. Overview of the…

Read MoreHighlands Oncology Group Data Breach Impacts 113,575 Individuals

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Date: July 22, 2025
Category: Vulnerability / Threat Intelligence

Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:

  • Linen Typhoon (also known as APT27, Bronze Union, Emissary Panda, Iodine, Lucky Mouse, Red Phoenix, and UNC215), active since 2012 and previously linked to malware families including SysUpdate, HyperBro, and PlugX.
  • Violet Typhoon (aka …).

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacking Groups July 22, 2025 In a recent announcement, Microsoft has officially connected the exploitation of vulnerabilities in SharePoint Server instances to two Chinese cybercriminal organizations known as Linen Typhoon and Violet Typhoon. This confirmation reinforces prior reports regarding the ongoing attacks,…

Read More

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Date: July 22, 2025
Category: Vulnerability / Threat Intelligence

Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:

  • Linen Typhoon (also known as APT27, Bronze Union, Emissary Panda, Iodine, Lucky Mouse, Red Phoenix, and UNC215), active since 2012 and previously linked to malware families including SysUpdate, HyperBro, and PlugX.
  • Violet Typhoon (aka …).

CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues

Jan 07, 2025
Critical Infrastructure / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.

CISA Reports No Broader Federal Impact from Treasury Cyber Attack; Investigation Continues On January 7, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) announced that the recent cyber breach affecting the Treasury Department does not appear to have compromised other federal agencies. This development follows a major cybersecurity incident, described…

Read More

CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues

Jan 07, 2025
Critical Infrastructure / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.

Cloudflare Claims AI Site Perplexity Employs “Stealth Tactics” to Bypass No-Crawl Directives

AI search engine Perplexity is under scrutiny for allegedly utilizing stealth bots to circumvent website restrictions against web crawling. This claim, if verified, would breach established Internet practices that have been upheld for over thirty years, as articulated by cybersecurity and optimization firm Cloudflare. Cloudflare disclosed in a recent blog…

Read MoreCloudflare Claims AI Site Perplexity Employs “Stealth Tactics” to Bypass No-Crawl Directives