Ransomware DataBreachToday.com

Malware Hides in Memory, Evades Detection by Endpoint Tools
A Chinese state-backed hacking group tracked as UNC5174 relaunched its operations after a year of silence with a campaign using a memory-only remote access Trojan that evades traditional detection mechanisms, according to new research from cybersecurity firm Sysdig.

Complaint Says Russia-Based IP Address Attempted to Gain Access as DOGE Took Data
A whistleblower has accused staffers from the Department of Government Efficiency of attempting to cover their tracks while collecting troves of sensitive data from the independent labor agency's computer systems, raising significant security concerns.

Symbolic Links Planted by Attackers Survived Patching, Provide Read-Only Access
Attackers have been using a new type of post-exploitation technique to maintain remote access to hacked Fortinet FortiGuard devices - even if they had the latest patches - by dropping symbolic links in the device's filesystem designed to survive the patching process, the vendor has warned.

LLMs Falter on Real-World Bugs, Even With Debugger Access: Microsoft
Artificial intelligence can code but it can't debug says Microsoft after observing how large language models performed when given a series of real world software programming tests. Most LLMs struggle to resolve software bugs, even when given access to traditional developer tools such as debuggers.

Goffee Targets Russian Entities With USB-Based PowerShell Malware
A threat actor that focuses on Russian targets is spreading a new PowerShell implant that includes modules for stealing files from thumb drives and propagating itself through a USB worm. Its targets include critical infrastructure sectors such as energy, telecommunications and government.

Domain Controllers Commandeered to Distribute Malware, Warns Microsoft
Ransomware hackers are hitting up Active Directory domain controllers to boost privileges within compromised networks, warns Microsoft. Nearly eight out of every 10 human-operated cyberattacks involve a breached domain controller. Securing the servers is a challenge.

Also: Ransomware Profits Down, Meta's Benchmarking Controversy
In this week's update, ISMG editors previewed our return to the RSAC Conference studios in San Francisco, explored cracks in the ransomware business model, and unpacked the debate over Meta's Llama 4 benchmarks and their implications for AI transparency.

Senior Technology, Cybersecurity Officials Removed From Interior Department
The U.S. Department of Interior has reportedly removed several key cybersecurity and technology officials from their posts following a reported dispute with staffers from the Department of Government Efficiency over its access to government systems and sensitive federal data.

HHS Cites Security Risk Analysis Failures in Hack That Affected Nearly 300,000
A medical imaging practice with offices in New York and Connecticut has agreed to pay $350,000 to federal regulators and implement a corrective action plan to settle potential HIPAA violations uncovered in an investigation of a 2020 hacking incident that affected nearly 300,000 people.

Laboratory Services Cooperative Says 1.6 Million Patients, Workers, Others Affected
A laboratory that provides medical testing services to Planned Parenthood is notifying 1.6 million patients, workers and those who paid for healthcare on behalf of another person that their sensitive personal and health information was accessed or removed in an October 2024 hacking incident.

Chris Krebs and SentinelOne Targeted as Trump Still Trumpets 2020 Election Lies
The White House said President Trump has ordered a probe into former Cybersecurity and Infrastructure Security Agency Director Chris Krebs' government service, revoked any security clearances he holds and suspended security clearances issued to his employer, SentinelOne.

Also: PoisonSeed Phishing Campaign, FTX Clients Face Reimbursement Hurdle
This week, Trump administration disbanded a Justice Department crypto unit, the U.S. Securities and Exchange Commission will review crypto guidance, Usual pledged up to $16M in bug bounties, a PoisonSeed phishing campaign, FTX repayment plan troubles and a Coinbase 2FA error.

Also, Oracle Denies Cloud Breach, Blames Hack on Obsolete Servers
This week, Port of Seattle notified victims, Oracle blamed hack on obsolete servers, Google and Microsoft released April patches, WK Kellogg breached, six arrested in Spain for AI-investment scam, Scattered Spider's "King Bob" pleaded guilty, SmokeLoader users busted.

California Health Plan With 6 Million Members Blames Software Configuration Error
Blue Shield of California is notifying health plan members that their protected health information was potentially shared for nearly three years with Google for advertising purposes because of the way Google Analytics online tracking tools were configured on the insurer's websites.

Emerging AI Tools Can Transform SOC Analysts' Jobs but Require New Sets of Skills
In a job market known for its talent shortage and skills gap, the shift to AI-based solutions represents both an opportunity and a call to action. While AI can tackle grunt work with remarkable accuracy, it also demands a new set of skills from the cybersecurity workforce.

Largest Palo Alto Purchase Since 2020 Would Aid AI Model Security and Governance
Palo Alto Networks is eyeing its largest startup deal since December 2020, with the platform giant targeting Protect AI, a startup that offers AI scanning, LLM security and gen AI red teaming. Palo Alto Networks is prepared to pay between $650 million and $700 million for Protect AI, Globes reported.

Tech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows Tool
Ransomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.

Academics Map Out Holistic Cyber Education for Future Defenders in the Age of AI
Cybersecurity education can't be built on tools alone. It must prepare students to think critically, navigate complex systems and address the human dimensions of security. That's the vision behind the new textbook "Cyber Security Foundations: Fundamentals, Technology and Society."

OT Operators Can't Count on Isolation to Protect Network
Rare is the OT environment truly isolated from a business network. Experts say real-time, contextual threat intelligence is now essential for securing OT systems, enabling faster detection, more accurate responses and coordinated action across IT and OT teams.