U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft following its role in a significant ransomware attack on Ascension Hospital, resulting in the exposure of 5.6 million patient records. In a letter dated September 10, 2025, Senator Wyden criticized Microsoft’s software, claiming it facilitated…
Rackspace Confirms Ransomware Attack by Play Group On Thursday, cloud services provider Rackspace identified the ransomware group known as Play as the responsible party behind a recent security breach that occurred in December 2022. The breach targeted Rackspace’s Hosted Exchange email environment, taking advantage of a previously undisclosed vulnerability. The…
A leading U.S. senator has requested that the Federal Trade Commission (FTC) launch an inquiry into Microsoft, citing what he has termed “gross cybersecurity negligence.” This call to action stems from concerns regarding the company’s continued reliance on the outdated RC4 encryption method, which is set as the default in…
The group known as Silk Typhoon—previously referred to as Hafnium—has shifted its focus from exploiting vulnerabilities in Microsoft Exchange servers to targeting the information technology (IT) supply chain. This change in strategy aims to gain initial access to corporate networks, according to the Microsoft Threat Intelligence team’s recent report. Silk…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…
Microsoft recently acknowledged an individual operating under the EncryptHub alias for uncovering and reporting two significant security vulnerabilities in Windows. This acknowledgment depicts a complex profile of a person straddling a legitimate cybersecurity career while engaging in cybercriminal activities. According to a detailed analysis by Outpost24 KrakenLabs, the individual behind…
In recent developments, Microsoft has unveiled critical security patches addressing a staggering array of 125 vulnerabilities across its software platforms. Among these, one vulnerability has been identified as under active exploitation in the wild, raising significant alarms within the cybersecurity community. Of the reported vulnerabilities, 11 are designated as Critical,…
Microsoft has issued a warning regarding a phishing campaign specifically targeting the hospitality sector by masquerading as the online travel agency Booking.com. This campaign employs an advanced social engineering technique known as ClickFix to deliver malware designed to steal user credentials. According to Microsoft’s threat intelligence team, this activity has…
A recently identified unpatched vulnerability in Microsoft Windows has been exploited by a coalition of eleven state-sponsored hacking groups from nations including China, Iran, North Korea, and Russia. This ongoing cyber threat campaign, dating back to 2017, focuses on data theft, espionage, and financially motivated activities. The zero-day vulnerability, cataloged…
