Governance & Risk Management , Healthcare , Industry Specific Penetration Testing Reveals Vulnerabilities in State Medicaid Systems Marianne Kolbasuk McGee (HealthInfoSec) • October 21, 2025 HHS OIG’s penetration testing of ten state Medicaid systems highlighted critical security gaps that must be addressed to safeguard data from advanced cyber threats. (Image:…
A recent phishing campaign has emerged, leveraging socially engineered SMS messages to deliver malware to Android devices. This operation appears to impersonate Iranian governmental and social security entities, aiming to extract credit card information and facilitate financial theft from victims’ bank accounts. In contrast to other forms of banking malware,…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Phishing Campaigns Transition from China to Malaysia Targeting Chinese-Speakers Prajeet Nair ( @prajeetspeaks) • October 17, 2025 Image: Shutterstock Recent investigations reveal that a series of coordinated cyberattacks targeting Chinese-speaking individuals across the Asia-Pacific region can be traced back to a single…
Cybercriminals have increasingly turned their attention to airlines, drawn by the vast amounts of personal data these companies collect. Among the most sought-after information are passports and government identification, which pose a significant risk for long-term identity theft. According to Incogni, a company specializing in data privacy and removal, leaks…
Recent intelligence reveals that operators linked to the Lazarus group’s BlueNoroff sub-group have orchestrated a series of cyberattacks targeting small and medium-sized enterprises across the globe. The objective of these attacks is to siphon cryptocurrency assets, marking a significant maneuver by this recognized North Korean state-sponsored actor. Kaspersky, a prominent…
Cybersecurity Alert: The Rising Threat of Stolen Credentials Recent trends in cybercrime highlight the concerning prevalence of stolen account credentials as a primary vector for initial access attacks. A single compromised set of credentials poses significant risks, potentially jeopardizing an entire organization’s network security. The 2023 Verizon Data Breach Investigation…
Microsoft has issued a warning about a sophisticated scam known as “Payroll Pirate,” which is currently targeting employees by redirecting their paycheck deposits into accounts controlled by fraudsters. This attack begins with the compromise of employee profiles on platforms like Workday or other cloud-based HR services. The scammers initiate the…
Generative AI is poised to empower individuals to perpetrate advanced phishing attacks, which will only be thwarted by next-generation multi-factor authentication devices. In 2023, ransomware incidents soared to unprecedented levels, resulting in record-breaking damages. Weekly headlines highlighted high-profile organizations such as MGM, Johnson Controls, Clorox, Hanes Brands, and Caesars Palace,…
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued a warning regarding cyber attacks orchestrated by Belarusian state-sponsored hackers, aimed at military personnel and associated individuals amid the ongoing conflict in Ukraine. This phishing campaign is significant as it targets accounts affiliated with the Ukrainian military, specifically personal accounts hosted on…
