183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report

Blog

By January 16, 2025

Post Content

Blog

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that even possible” moments, attackers leaning on platforms and tools you’d normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more…

Read More ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Blog

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395….

Read More Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
Blog

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. “Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise

Read More eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
Blog

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the complete Holiday Season Security Playbook here. Bottom Line Up…

Read More Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Blog

Google Pays Out Nearly $12M in 2024 Bug Bounty Program

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.

Read More Google Pays Out Nearly $12M in 2024 Bug Bounty Program
Blog

Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material (CSAM). “A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025,” Europol said in a statement. “On March 11, 2025, the server, which contained around…

Read More Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

Related