"CEO of cybersecurity firm charged with installing malware on hospital systems."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  

Content and Source provided by email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Site URL--https://securityaffairs.com.

Please check email link, URL, or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

72K followers25 articles per week

#security#tech

28

Most popular

CEO of cybersecurity firm charged with installing malware on hospital systems

Cybersecurity CEO arrested for malware

•

300+by Pierluigi Paganini / 4d

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital . The man is accused of having installed the malware on

France links Russian APT28 to attacks on dozen French entities

12 TTPs

•

by Pierluigi Paganini / 6h

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states. In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and Europe. Since 2

Indian Court ordered to block email service Proton Mail

Karnataka HC orders Proton Mail ban

•

by Pierluigi Paganini / 7h

Indian Court ordered a nationwide block of the privacy-oriented email service Proton Mail on April 29, 2025, following a legal complaint. Proton Mail is a Swiss-based email service offering end-to-end encryption to ensure that only the sender and recipient can read the messages. Founded in 2013 by scientists from CERN, it operates under Proton AG and is headquartered in Geneva. The company employ

Yesterday

AirBorne flaws can lead to fully hijack Apple devices

6 TTPs

•

by Pierluigi Paganini / 14h

Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data,

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

13 TTPs

•

by Pierluigi Paganini / 20h

•

CVE-2025-31324

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SAP NetWeaver flaw, tracked as CVE-2025-31324 , to its Known Exploited Vulnerabilities (KEV) catalog . Last week, researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS

SentinelOne warns of threat actors targeting its systems and high-value clients

SentinelOne detects Chinese espionage campaign

•

by Pierluigi Paganini / 1d

SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future atta

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

3 TTPs

•

by Pierluigi Paganini / 1d

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms, though attacks on enterprise tech are risi

VeriSource data breach impacted 4M individuals

VeriSource data breach affects 4 million

•

by Pierluigi Paganini / 1d

VeriSource breach exposed data of 4M people in Feb 2024; stolen info includes personal details from an employee benefits services provider. VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data was stolen on February 27, 2024, and the incident was discovered on February 28, 2024. The company launched an investigation into the security bre

Apr 28, 2025

U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

7 TTPs

•

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catal

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

by Pierluigi Paganini / 1d

BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums emerged, some demanded entry fee

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

19 TTPs

•

35by Pierluigi Paganini / 2d

•

Earth Kurma APT targets Southeast Asia

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasio

A large-scale phishing campaign targets WordPress WooCommerce users

2 TTPs

•

by Pierluigi Paganini / 2d

with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. Threat actors urge recipients to download a “critical patch” that hides a backdoor. The experts noted that this campaign resembled another one the team monitored in December 2023

PoC rootkit Curing evades traditional Linux detection systems

6 TTPs

•

by Pierluigi Paganini / 2d

•

Linux io_uring enables stealthy rootkits

Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without usi

Apr 27, 2025

Attackers chained Craft CMS zero-days attacks in the wild

by Pierluigi Paganini / 2d

Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise. Today Craft announces a RCE vulnerability affecting CMS – known as #CVE -2025-3

Storm-1977 targets education sector with password spraying, Microsoft warns

IoC > 1 domain

•

by Pierluigi Paganini / 3d

•

7 TTPs

•

Storm-1977 targets education cloud security

Microsoft warns that threat actor Storm-1977 is behind password spraying attacks against cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector. AzureChecker.exe connected to sac-auth[.]nodefunction[.]vi

Apr 26, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43

by Pierluigi Paganini / 3d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation New Rust Botnet “RustoBot” is

Security Affairs newsletter Round 521 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 3d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. African multinational telco giant MTN Group disclosed a data breach CEO of cybersecurity firm charged with installing malware on hospital systems JPCERT w

African multinational telco giant MTN Group disclosed a data breach

by Pierluigi Paganini / 4d

African multinational telecommunications company MTN Group disclosed a data breach that exposed subscribers’ personal information. MTN Group Limited is a South African multinational telecommunications company headquartered in Johannesburg. Founded in 1994, it has grown to become Africa’s largest mobile network operator, serving over 290 million subscribers across 18 countries in Africa and the Mi

Apr 25, 2025

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

13 TTPs

•

by Pierluigi Paganini / 5d

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024. The vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0), is a st

SAP NetWeaver zero-day allegedly exploited by an initial access broker

13 TTPs

•

by Pierluigi Paganini / 5d

•

CVE-2025-31324

A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader stems f

Operation SyncHole: Lazarus APT targets supply chains in South Korea

12 TTPs

•

by Pierluigi Paganini / 5d

•

Lazarus targets South Korean supply chains

The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at least November 2024, Lazarus Group is targe

Apr 24, 2025

Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita

2 TTPs

•

by Pierluigi Paganini / 5d

•

Interlock ransomware attacks DaVita Kidney Care

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. DaVita Inc . provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. DaVita specializes in treating end-st

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 6d

•

Yale New Haven Health data breach

Yale New Haven Health (YNHHS) announced that threat actors stole the personal data of 5.5 million patients in a cyberattack. Yale New Haven Health (YNHHS) disclosed a data breach that exposed personal information of 5.5 million patients following a cyberattack that occurred earlier this month. Yale New Haven Health System (YNHHS) is a nonprofit healthcare network headquartered in New Haven, Conne

Crooks exploit the death of Pope Francis

8 TTPs

•

by Pierluigi Paganini / 6d

, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. After Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public curiosity, grief, and confusion. Cybercriminals are ready to exploit any event of global interest, it has already happened in the past during events like Queen Elizabeth II’s death or the COVID-

WhatsApp introduces Advanced Chat Privacy to protect sensitive communications

WhatsApp enhances privacy features

•

by Pierluigi Paganini / 6d

WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called “Advanced Chat Privacy” for both individual and group chats that enhances content protection. The feature blocks chat exports, auto-media downloads, and the use of messages in AI features, ensuring conversations stay p

Apr 23, 2025

Android spyware hidden in mapping software targets Russian soldiers

Spyware targets Russian military app

•

by Pierluigi Paganini / 6d

A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, targeting Russian military personnel. The malicious code was hidden in a trojanized Alpine Quest app and spread via Russian Android catalogs. The malware steals contacts, geolocation, and fil

Crypto mining campaign targets Docker environments with new evasion technique

IoC > 1 domain

•

by Pierluigi Paganini / 7d

•

6 TTPs

•

Docker malware exploits crypto mining

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected to Teneo, a decentralized infrastr

End of feed