Security news.
Today's security brief highlights significant data breaches, critical vulnerabilities, and state-sponsored cyber activities. The FBI is investigating suspicious activity on a sensitive surveillance system, while a major healthcare IT company exposed data for millions. CISA has also issued urgent warnings for actively exploited iOS and industrial control system flaws.
FBI Investigates Cyber Activity on Sensitive Surveillance System
The FBI is probing "suspicious" cyber activity on a system containing sensitive surveillance information, working to determine the scope and impact of the incident.
Cognizant TriZetto Breach Exposes 3.4 Million Patient Records
TriZetto Provider Solutions, a healthcare IT company, suffered a data breach that exposed sensitive health information belonging to over 3.4 million individuals.
CISA Warns of Actively Exploited iOS Flaws
CISA has added three iOS security flaws, exploited in cyberespionage and crypto-theft attacks using the Coruna exploit kit, to its Known Exploited Vulnerabilities Catalog, urging federal agencies to patch immediately.
Rockwell ICS Vulnerability Exploited in Attacks
A Rockwell vulnerability (CVE-2021-22681) allowing remote ICS hacking, disclosed and mitigated in 2021, has now been confirmed as actively exploited in the wild.
Transparent Tribe Uses AI for Mass Malware Production
The Pakistan-aligned threat actor Transparent Tribe is leveraging AI-powered coding tools to mass-produce malware implants in lesser-known programming languages, targeting India.
Iran-Linked MuddyWater Targets U.S. Networks
The state-sponsored hacking group MuddyWater (aka Seedworm) has been found embedding itself in several U.S. companies' networks, including banks and airports, using a new Dindoor backdoor.
China-Linked Hackers Target South American Telecoms
A China-linked APT actor, UAT-9244, has been targeting critical telecommunications infrastructure in South America since 2024, deploying TernDoor, PeerTime, and BruteEntry implants on Windows, Linux, and edge devices.
Fake Claude Code Install Guides Push Infostealers
Threat actors are using a new "InstallFix" social engineering technique, disguised as legitimate CLI tool installation guides for "Claude Code," to trick users into running malicious commands that deploy infostealers.