Tushar Subhra Dutta reports: The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service operation, which has accumulated over 310 victims since its emergence, has…
Author: Dissent
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
By the end of yesterday, federal agencies should all have patched. But did they? And how many others have yet to patch? Bill Toulas reports: The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day…
McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
Loraine Centeno reports: McDonald’s just got a supersized reminder to beef up its digital security after its recruitment platform allegedly exposed the sensitive data of 64 million applicants. Security researchers Ian Carrol and Sam Curry, known for their work in vulnerability investigations and ethical hacking, recently revealed a major flaw in McDonald’s new McHire recruitment…
Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
On December 6, 2023, the Medusa Blog added ACCU Reference Medical Laboratory to their leak site with some screenshots as proof of claims. Claiming to have 1.2 TB of data, Medusa demanded $1 million to delete or download the data. When no payment was forthcoming, they leaked the data on their website and Telegram channel…
Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
[Google machine translation of notice on government site:] Public Announcement (Data Breach Notification) – Louis Vuitton Çantacılık Ticaret Anonim Şirketi As is known, Article 12, paragraph (5) of the Law on the Protection of Personal Data No. 6698, titled “Obligations regarding data security,” stipulates that “If processed personal data is obtained by others through illegal…
Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
Swati Nair reports: Infosys announced that its subsidiary, Infosys McCamish Systems (IMS), has reached an agreement with the US State of Vermont’s Department of Financial Regulation (DFR). This agreement, known as a stipulation and consent order, resolves issues related to a cyber incident without requiring a hearing. IMS is obligated to pay a USD 125,000…