84% of Healthcare Organizations Spotted a Cyberattack in the Late Year

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand’s legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite…

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning – a tactic often used to…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. “This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp

The stolen firewall data is thorough but more than 2 years old now, meaning that most organizations following even basic security practices face minimal risk, hopefully.

The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren’t made, though none of the organizations that received them had active ransomware attacks.

The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.