Maristel Policarpio, Sarah Pearl Camiling, and Sophia Nilette Robles write: A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery. Given its brief history and…
Category: Commentaries and Analyses
The Growing Cyber Risks from AI — and How Organizations Can Fight Back
Joseph J. Lazzarotti writes: Artificial Intelligence (AI) is transforming businesses—automating tasks, powering analytics, and reshaping customer interactions. But like any powerful tool, AI is a double-edged sword. While some adopt AI for protection, attackers are using it to scale and intensify cybercrime. Here’s a high-level discussion at emerging AI-powered cyber risks in 2025—and steps organizations…
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Claims of “negligence” are often raised in lawsuits. DataBreaches is not a lawyer, of course, but wonders whether by now, we should consider a plastic surgeon “negligent” in their data security if they store nude photos of their patients with patient names and identity information in plain text and no strong encryption or suitable alternative…
A guilty plea in the PowerSchool case still leaves unanswered questions
On June 6, 19-year-old Matthew D. Lane pleaded guilty in federal court in Massachusetts to one count each of conspiracy to commit cyber extortion, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The first two charges were related to an unnamed telecom company identified as “Victim 1.” The third and fourth charges…
Dutch police identify users on Cracked.io
Excerpts from a press release today by the Dutch Police after several investigations by the Cybercrime Team of the Zeeland-West-Brabant unit revealed that suspects had an account on the Cracked.io platform. Dutch police, in collaboration with other countries involved in Europol, were able to secure and take down servers and identify individual users. Ultimately, 126 individual…
Resource: Insider Threat reports
On a daily or weekly basis, DataBreaches highlights insider wrongdoing incidents and the harm they can cause. For more comprehensive compilation and analysis of the topic, readers may be interested in the Insider Threat Incidents For May 2025 report produced by the National Insider Threat Special Interest Group and Insider Threat Defense Group. Their previous…