Collaborate Disseminate
George Allison reports: In a new advisory, the NCSC warned that APT28, a cyber group linked to Russia’s GRU Military Unit 26165, has been exploiting vulnerabilities in edge network devices to conduct Domain Name System hijacking operations. DNS is the … Continue reading Russians hijacking routers for cyber spying
Joseph Topping’s dot-connecting analysis suggests we need to take some “little incidents” more seriously as they are the harbingers of what could be a major problem: A story about a radio station feed being hijacked popped up in my Fa… Continue reading A string of radio hijacks exposes a deeper broadcast weakness
Connor Jones reports: A Dutch healthcare software vendor has been knocked offline following a ransomware attack, officials say. ChipSoft‘s website went down on April 7 and remains unreachable at the time of writing. The company provides hospitals… Continue reading NL: Dutch healthcare software vendor goes dark after ransomware attack
RTHK reports: Police said they have arrested a man working for a contractor commissioned by the Hospital Authority for allegedly stealing the personal data of tens of thousands of patients. The data breach resulted in details of more than 56,000 patien… Continue reading HK: Man arrested over stolen patient personal data
From: CISA Date: April 7, 2026 Alert Code: AA26-097A Executive Summary: Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable l… Continue reading Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Davey Winder reports: Usually, when I report zero-day exploits, it’s because attacks by threat actors are already underway or a vendor has released a patch after becoming aware of the vulnerability. BlueHammer, however, is different. This time, it’s a … Continue reading 1 Billion Microsoft Users Warned As Angry Hacker Drops 0-Day Exploit
One of the top-ranked law firms in the country confirmed today that it has suffered a data breach. Jones Day disclosed the breach after hackers known as Silent Ransom Group (SRG) posted the data to their dark web leak site on March 30. A spokesperson … Continue reading Jones Day confirms limited breach after phishing attack by Silent Ransom Group
A press release on April 6, 2026 from Maine House Democrats: On Thursday, the Maine House voted unanimously to advance a bill from Rep. Julie McCabe, D-Lewiston, that would help prevent cybersecurity attacks on Maine hospitals and ensure continuity of… Continue reading Maine House advances McCabe bill to strengthen cybersecurity at Maine hospitals
Sergiu Gatlan reports: Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. This cybercrime gang… Continue reading Microsoft links Medusa ransomware affiliate to zero-day attacks
On January 12, Valley Family Health Care (VFHC) notified HHS after learning that the TriZetto Provider Solutions (TPS) breach had affected 4,300 of their patients. The TPS breach, which began in November 2024, involved their patients’ names, addr… Continue reading Two Breaches, One Quarter: Valley Family Health Care’s Challenging Start to 2026