The Office of the Australian Information Commissioner (OAIC) has unveiled its most recent Notifiable Data Breaches (NDB) report and dashboard for January to June 2025. This report reveals that the frequency of reported data breaches is persistently high across both public and private sectors in Australia. The updated dashboard highlights…
Microsoft has reported a sophisticated year-long phishing campaign characterized by a remarkable ability to evade detection. The attackers exhibited a pattern of altering their obfuscation and encryption strategies approximately every 37 days, employing various techniques, including Morse code, to obscure their activities while extracting user credentials. The phishing attempts typically…
Microsoft has issued a stark warning concerning an extensive credential phishing campaign that exploits open redirector links in email communications. This tactic aims to deceive users into visiting malicious sites while circumventing traditional security measures. According to a report from the Microsoft 365 Defender Threat Intelligence Team, attackers combine these…
A newly discovered security vulnerability in Windows NT LAN Manager (NTLM) has been exploited in a zero-day attack, with suspected ties to Russian threat actors targeting Ukraine. This vulnerability, designated as CVE-2024-43451 and rated with a CVSS score of 6.5, allows attackers to possibly expose a user’s NTLMv2 hash. Microsoft…
Recent analyses indicate a troubling rise in cyber intrusions, fueled by the proliferation of criminal tools and insufficient defenses. A recent episode of The Indicator from Planet Money delves into how data breaches are accelerating, the decreasing costs of entry for attackers, and the implications this holds for patients, consumers,…
Governance & Risk Management , Healthcare , Industry Specific Penetration Testing Reveals Vulnerabilities in State Medicaid Systems Marianne Kolbasuk McGee (HealthInfoSec) • October 21, 2025 HHS OIG’s penetration testing of ten state Medicaid systems highlighted critical security gaps that must be addressed to safeguard data from advanced cyber threats. (Image:…
A recent phishing campaign has emerged, leveraging socially engineered SMS messages to deliver malware to Android devices. This operation appears to impersonate Iranian governmental and social security entities, aiming to extract credit card information and facilitate financial theft from victims’ bank accounts. In contrast to other forms of banking malware,…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Phishing Campaigns Transition from China to Malaysia Targeting Chinese-Speakers Prajeet Nair ( @prajeetspeaks) • October 17, 2025 Image: Shutterstock Recent investigations reveal that a series of coordinated cyberattacks targeting Chinese-speaking individuals across the Asia-Pacific region can be traced back to a single…
Cybercriminals have increasingly turned their attention to airlines, drawn by the vast amounts of personal data these companies collect. Among the most sought-after information are passports and government identification, which pose a significant risk for long-term identity theft. According to Incogni, a company specializing in data privacy and removal, leaks…
