Metomic reports that healthcare organizations continue to expose their most sensitive data, putting their business and patients at risk. Twenty-five percent of healthcare organizations' publicly shared files contain Personally Identifiable Information (PII). PII was found in 68 percent of externally shared private files and 77 percent of private files shared internally. Publicly shared files with sensitive data pose the biggest risk for healthcare organizations and highlight the need for data security.

According to researchers at the University of the Republic of Uruguay, hackers can apply Artificial Intelligence (AI) to spy on a user's display by capturing leaked electromagnetic radiation from a PC's HDMI cable. Hackers can carry out the attacks using various methods, such as placing an antenna outside a building to intercept signals from the HDMI cable. Once they have successfully intercepted the data, hackers can take additional steps to gain access to users' sensitive data.

The nation-state threat actor "SideWinder" is behind a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. According to the BlackBerry Research and Intelligence Team, the spear-phishing campaign has targeted Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and more. SideWinder, also known as "APT-C-17," "Baby Elephant," "Hardcore Nationalist," "Rattlesnake," and "Razor Tiger," is believed to be linked to India. This article continues to discuss findings regarding the SideWinder spear-phishing campaign.

The new red team post-exploitation framework "Specula," released by the cybersecurity company TrustedSec, uses Microsoft Outlook as a Command-and-Control (C2) beacon for Remote Code Execution (RCE). The C2 framework creates a custom Outlook Home Page using WebView by exploiting an Outlook security feature bypass vulnerability patched in October 2017. This article continues to discuss the new Specula tool.

According to Microsoft's threat intelligence team, ransomware groups are exploiting a critical vulnerability in ESXi hypervisors to gain full administrative access on domain-joined systems less than a week after VMware shipped patches for the flaw. Multiple ransomware groups have exploited the vulnerability, tracked as CVE-2024-37085 with a CVSS severity score of 6.8, to deploy data-extortion malware on enterprise networks. This article continues to discuss the exploitation of a recently patched VMware ESXi flaw by ransomware groups.

IBM released its annual "Cost of a Data Breach Report," which revealed that the global average cost of a data breach hit $4.88 million in 2024, as breaches become more disruptive and place additional demands on cyber teams. Breach costs increased 10 percent over the previous year, the largest annual increase since the pandemic, with 70 percent of breached organizations reporting significant or very significant disruption. This article continues to discuss key findings from IBM's report regarding data breach costs.

Cybercriminals are selling stolen Generative Artificial Intelligence (GenAI) platform account credentials on underground markets. According to eSentire's Threat Response Unit (TRU), about 400 GenAI account credentials are sold on dark web platforms, including GPT, Quillbot, Notion, HuggingFace and Replit credentials. These credentials often come from corporate users' computers infected with infostealer malware. This article continues to discuss cybercriminals capitalizing on the growing use of GenAI platforms by selling stolen account credentials on underground markets.

In a massive scam campaign dubbed "EchoSpoofing" by Guardio Labs, an unknown threat actor has sent millions of messages spoofing Best Buy, IBM, Nike, Walt Disney, and other popular companies by exploiting an email routing misconfiguration in email security vendor Proofpoint's defenses. According to Guardio Labs researcher Nati Tal, the emails were echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, dodging security protections. This article continues to discuss findings regarding the EchoSpoofing campaign.

On the 270th day after President Biden's Executive Order (EO) on the Safe, Secure, and Trustworthy Development of Artificial Intelligence (AI), the US Department of Commerce announced the release of new guidance and software to help improve the safety, security, and trustworthiness of AI systems. The department's National Institute of Standards and Technology (NIST) has released three final guidance documents that were first made available for public comment in April, along with a draft guidance document from the US AI Safety Institute to help mitigate risks.

Phishing campaigns involving Microsoft Forms have increased to steal Microsoft 365 login credentials. Threat actors use breached business partners' and vendors' email accounts to send phishing emails. The latest campaigns use emails in the form of fake mail error notifications from Microsoft and bid invitations. This article continues to discuss findings regarding the phishing campaigns leveraging Microsoft Forms to trick targets into sharing their Microsoft 365 login credentials.