The Breach News

HHS Data Strategy Seeks to ‘Revitalize Health Technology’

Data Privacy, Data Security, Healthcare Voluntary Initiative Advocates for Standards and Patient Empowerment: A Privacy Perspective Marianne Kolbasuk McGee (HealthInfoSec) • July 31, 2025 President Donald Trump alongside leaders from the Department of Health and Human Services (HHS) announces a new strategy aimed at enhancing health data interoperability and access.…

Read MoreHHS Data Strategy Seeks to ‘Revitalize Health Technology’

SafePay Raises Alarm Over Ingram Micro Breach, Imposes Ransom Deadline – Dark Reading

SafePay Claims Ingram Micro Breach, Sets Ransom Deadline In a recent cybersecurity incident, SafePay has publicly accused Ingram Micro of suffering a significant data breach. The company, known for its global technology distribution, appears to be under threat after SafePay set a ransom deadline, escalating the urgency of the situation.…

Read MoreSafePay Raises Alarm Over Ingram Micro Breach, Imposes Ransom Deadline – Dark Reading

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Belarus-Linked Ghostwriter Exploits Obfuscated Excel Macros to Distribute Malware February 25, 2025 Malware / Cyber Espionage A newly uncovered cyber campaign has emerged, targeting opposition activists in Belarus alongside military and governmental entities in Ukraine. This operation utilizes malware-infused Microsoft Excel documents to disseminate a variant of PicassoLoader, a malicious…

Read More

Belarus-Linked Ghostwriter Utilizes Macropack-Obfuscated Excel Macros to Distribute Malware

Feb 25, 2025
Malware / Cyber Espionage

A new campaign targeting opposition activists in Belarus and Ukrainian military and government entities is using malware-laden Microsoft Excel documents to spread a new variant of PicassoLoader. This operation appears to be an extension of an ongoing effort by the Belarus-aligned threat actor known as Ghostwriter (also referred to as Moonscape, TA445, UAC-0057, and UNC1151), which has been active since 2016. Ghostwriter is believed to align with Russian security interests and promote anti-NATO narratives.

“Preparation for the campaign began in July-August 2024, with active operations starting in November-December 2024,” stated SentinelOne researcher Tom Hegel in a technical report shared with The Hacker News. “Recent findings regarding malware samples and command-and-control (C2) infrastructure suggest that the operation continues to be active.” The attack chain, as analyzed by the cybersecurity firm, is initiated via a Google Drive shared link.

Everest Ransomware Targets Mailchimp in Minor Breach Incident

The Everest ransomware group has publicly claimed responsibility for a significant breach of Mailchimp, a widely used marketing platform for email campaigns and newsletters. This incident highlights ongoing vulnerabilities in the landscape of cybersecurity, particularly for companies reliant on digital marketing services. In a recent announcement on its dark web…

Read MoreEverest Ransomware Targets Mailchimp in Minor Breach Incident

Vanished in Sixty Minutes: The Urgent Need for Law Firms to Address Data Exfiltration Threats – Morphisec

Understanding Data Exfiltration Risks: A Wake-Up Call for Law Firms In a rapidly evolving digital landscape, law firms are facing increasing threats from data exfiltration. Recently, a comprehensive analysis highlighted critical vulnerabilities within this sector, exposing them to significant cybersecurity risks. With sensitive client information at stake, the ramifications of…

Read MoreVanished in Sixty Minutes: The Urgent Need for Law Firms to Address Data Exfiltration Threats – Morphisec

New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations

March 26, 2025
Malware / Vulnerability

The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…

New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Entities March 26, 2025 A notable cyber incident has linked the Chinese threat actor known as FamousSparrow to an attack on a U.S.-based trade organization and a research institute in Mexico. The attack, which occurred in July 2024,…

Read More

New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations

March 26, 2025
Malware / Vulnerability

The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…

St. Paul, MN, Faces Severe Cyberattack, Prompting National Guard Deployment

Cyberattacks on U.S. Cities Increasingly Disruptive: Recent Incidents in Abilene and St. Paul In recent months, U.S. cities have been facing a surge in hacking incidents, many of which involve ransomware attacks that disrupt essential services and carry significant financial burdens. Abilene, Texas, recently experienced a serious breach wherein 477…

Read MoreSt. Paul, MN, Faces Severe Cyberattack, Prompting National Guard Deployment