Calling all of the groups ‘lower-tier’ may have been inaccurate. Please be sure to read the update at the bottom of this post. We’ve seen a few announcements this year heralding cartels or alliances in the ransomware ecosystem. Two such announcements involved DragonForce, but as SuspectFile reported, there was no evidence of a cartel, and…
Safaricom-Backed M-TIBA Victim of a Possible Data Breach Affecting Millions of Kenyans
Linet Amuli reports: Kenya’s digital health sector is facing a major cybersecurity crisis after hackers claimed to have stolen a massive trove of personal and medical data from M-TIBA, a Safaricom-backed mobile health platform. The alleged breach, said to involve over 2.15 terabytes of information, could expose the records of up to 4.8 million users,…
US declines to join more than 70 countries in signing UN cybercrime treaty
Jonathan Greig reports: More than 70 countries signed the landmark UN Convention against Cybercrime in Hanoi this weekend, a significant step in the yearslong effort to create a global mechanism to counteract digital crime. The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention, which lays out new…
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
Another plastic surgeon has become the victim of a cyberattack that involved patient information and photographs. On October 23, Michael R. Schwartz, MD, FACS, notified the California Attorney General’s Office that, on August 25, they became aware of remote, unauthorized access to one of their computers. Investigators found that an unauthorized party had accessed patient…
How a hacking gang held Italy’s political elites to ransom
Antoneta Roussi and Hannah Roberts report: Nothing about the sand-colored façade of the palazzo tucked behind Milan’s Duomo cathedral suggested that inside it a team of computer engineers were building a database to gather private and damaging information about Italy’s political elite — and use it to try to control them. The platform, called Beyond,…
Uncovering Qilin attack methods exposed through multiple cases
Takahiro Takeda, Jordyn Dunk, James Nutland, Michael Szeliga of Talos write: In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has…