Resecurity reports: Today (June 22, 2025) — the threat actors associated with the “Cyber Fattah” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. The stolen data has been leaked in the form of SQL dumps – the actors gained unauthorized access to phpMyAdmin…
Category: Miscellaneous
Largest Ever Seizure of Funds Related to Crypto Confidence Scams
WASHINGTON – The U.S. Attorney’s Office filed a civil forfeiture complaint in U.S. District Court for the District of Columbia against more than $225.3 million in cryptocurrency. According to the complaint, the U.S. Secret Service and the FBI used blockchain analysis and other investigative techniques to determine that the cryptocurrency is connected to the theft…
Copilot AI Bug Could Leak Sensitive Data via Email Prompts
Rashmi Ramesh reports: A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The vulnerability in Microsoft 365 Copilot allowed attackers to extract sensitive data through a zero-click prompt injection attack, said researchers from Aim Security. Dubbed “EchoLeak” and tracked…
Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
Hiring employees who work remotely can pose additional challenges for security and compliance with regulations. In March, Sentara Health disclosed an incident concern that resulted in the notification of 1,620 patients. They described the concern this way: In December, the Sentara Health’s Lab Services department hired an individual to process lab requisitions. Lab requisitions are…
Evoke Wellness to Pay $1.9 Million to Settle FTC Claims That They Misled Consumers Seeking Substance Use Disorder Treatment
Evoke allegedly used Google ads and telemarketing to pretend to be other clinics; court order permanently bans them from similar deceptive conduct On June 10, DataBreaches sent Evoke Wellness in Hilliard, Ohio an inquiry about an insider-wrongdoing breach reported in Ohio media but not mentioned on their website. There has been no reply as of…
Zaporizhzhia Cyber Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
The following is a machine translation from a report in Ukrainian by the country’s national police cyber department: A 35-year-old man hacked more than 5,000 customer accounts of a world-famous hosting company to generate cryptocurrency on the organization’s servers. The defendant faces up to 15 years in prison. Police officers determined that a 35-year-old native…