iRhythm Holdings, a digital healthcare company specializing in cardiac monitoring services, has disclosed a data breach affecting patient information stored on third-party-hosted business applications. The company detected unauthorized access to systems containing sensitive patient data, prompting notifications to affected individuals and regulatory authorities.

The breach involved multiple categories of protected health information and personally identifiable data. Compromised information includes patient names, dates of birth, Social Security numbers, medical record numbers, health insurance details, and clinical data related to cardiac monitoring services. The extent of the breach and the exact number of affected patients has not been publicly specified.

The attack targeted business applications hosted by a third-party service provider rather than iRhythm's core clinical systems. This highlights the persistent security risks associated with vendor relationships and cloud-based infrastructure in healthcare environments. The company has not disclosed technical details about how the breach occurred, whether ransomware was involved, or the specific third-party vendor affected.

The exposure of Social Security numbers and health insurance information creates significant identity theft risks for affected patients. Combined with clinical data, the stolen information could enable targeted phishing campaigns or insurance fraud. Healthcare data breaches often have long-term consequences as medical information cannot be changed like credit card numbers.

Affected patients should immediately review their credit reports and consider placing fraud alerts or security freezes with credit bureaus. They should monitor explanation of benefits statements from insurers for unauthorized medical claims and remain vigilant against phishing emails or calls referencing their cardiac care. iRhythm is offering credit monitoring services to impacted individuals and has stated it is enhancing security measures to prevent future incidents.

Subscribe now

Source: https://www.bleepingcomputer.com/news/security/irhythm-discloses-data-breach-says-hackers-stole-patient-info/

Three healthcare providers across the United States have reported separate data breaches compromising patient information, with incidents occurring between January and April 2026. The breaches affected Clinical Registry Solutions in New York, First Sight Family Vision in Washington, and VHC Health in Virginia, exposing sensitive medical and personal data belonging to thousands of patients.

Clinical Registry Solutions, a Brooklyn-based provider of clinical data services, discovered suspicious activity on its network on April 9, 2026. The forensic investigation revealed unauthorized access and file exfiltration affecting patients of Dignity Health's St. Mary's Medical Center. While the company states that patient names, procedure dates, and medical record numbers were compromised, Social Security numbers and diagnosis information were not involved. However, the Akira ransomware group has claimed responsibility for stealing 41 GB of data, including employee passports, Social Security numbers, and driver's licenses.

First Sight Family Vision, an optometry practice in Battle Ground, Washington, was affected by a breach at its vendor RXNT, a cloud-based healthcare software provider. RXNT detected unauthorized access to customer systems between March 1 and March 3, 2026. The compromised data includes patient names, birth dates, contact information, patient IDs, prescription details, and Social Security numbers. The breach impacted at least 1,225 patients of the optometry practice, though the total number of affected individuals across all RXNT customers remains unclear.

VHC Health, serving Northern Virginia and the Washington D.C. metro area, experienced a breach through its vendor Xsolis, a utilization management services provider. On January 22, 2026, Xsolis identified unauthorized access stemming from a phishing attempt two days earlier. The incident exposed files containing names, addresses, birth dates, Social Security numbers, medical treatment information, and health insurance details. Xsolis began mailing notification letters to affected individuals on April 23, 2026, though the total number of impacted VHC patients has not been disclosed.

All three organizations have implemented or are implementing additional security measures and are offering affected individuals complimentary credit monitoring and identity theft protection services. Healthcare providers should review their vendor security practices and ensure third-party partners maintain adequate cybersecurity controls, as two of these three breaches originated from supply chain vulnerabilities. Patients who receive notification letters should enroll in the offered monitoring services and remain vigilant for signs of identity theft or fraudulent activity.

Subscribe now

Source: https://www.hipaajournal.com/clinical-registry-solutions-jason-r-egbert-od-pc-vnc-health-data-breaches/

BWH Hotels has disclosed a data breach affecting guest information across its hotel brands, including Best Western Hotels & Resorts and WorldHotels. The incident persisted for approximately six months before detection, during which unauthorized parties accessed personal details of individuals holding reservations at the chain's properties.

The breach impacts a major international hotel operator with properties worldwide. BWH Hotels serves as the parent organization for multiple hospitality brands, meaning the exposure potentially affects a significant number of travelers who booked accommodations during the compromise period. The company has begun notifying affected guests about the security incident.

While specific technical details about the attack vector remain undisclosed, the breach allowed access to personal information stored in the company's reservation systems. The type of data compromised typically includes names, contact information, and potentially payment card details or loyalty program credentials, though the exact scope has not been fully detailed in public statements. The six-month duration suggests the intrusion went undetected for an extended period, raising questions about monitoring capabilities.

The extended nature of the breach increases risk for affected individuals, as attackers had substantial time to collect and potentially weaponize guest data. Security experts warn that criminals often use hotel breach data to craft targeted phishing campaigns, as travelers expect legitimate communications about reservations, billing, or loyalty programs. The stolen information could enable convincing impersonation attempts via email, text message, or phone calls.

Guests who stayed at or booked reservations with BWH Hotels properties during the breach window should exercise heightened caution with any unsolicited communications. Recommended actions include verifying sender authenticity before clicking links or providing information, monitoring financial accounts for unauthorized transactions, and being skeptical of urgent requests for payment or personal details. Affected individuals should contact the hotel chain directly through official channels if they receive suspicious messages claiming to be from the company.

Subscribe now

Source: https://databreaches.net/2026/06/14/uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain/?pk_campaign=feed&pk_kwd=uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain

Novo Nordisk, the Danish pharmaceutical giant and leading global insulin manufacturer, has disclosed a data breach affecting patient information from clinical trials. The company confirmed that unauthorized parties gained access to data belonging to participants in certain research studies, marking a significant security incident for one of the world's most prominent pharmaceutical firms.

The breach involves patient data collected during clinical trials, though Novo Nordisk has not publicly specified which trials were affected or the total number of individuals whose information was compromised. Clinical trial data typically includes sensitive medical information such as health conditions, treatment responses, demographic details, and potentially identifying information about study participants.

The company has begun notifying affected patients whose data was accessed during the breach. Novo Nordisk stated it is working to determine the full scope of the incident and has implemented measures to address the security vulnerability. The pharmaceutical company has not disclosed how the breach occurred, when unauthorized access was first detected, or whether any data has been misused.

This incident highlights ongoing cybersecurity challenges facing pharmaceutical companies, which maintain vast repositories of sensitive patient data from clinical research programs. Healthcare and pharmaceutical organizations remain high-value targets for cybercriminals due to the valuable nature of medical records and research data. The breach could have implications for patient privacy and raises questions about data protection practices in clinical trial operations.

Patients who participated in Novo Nordisk clinical trials should watch for direct communication from the company regarding the breach. Affected individuals should monitor their medical records for any unauthorized activity and remain vigilant against potential phishing attempts or identity theft. The company has not announced whether it will offer credit monitoring or identity protection services to impacted patients. Regulatory authorities may investigate the incident to assess compliance with data protection requirements.

Subscribe now

Source: https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-novo-nordisk-discloses-security-breach/

Episource LLC, a medical coding and risk adjustment services provider owned by UnitedHealth Group's Optum division, has disclosed a cyberattack that compromised the protected health information of 6,725,572 individuals. The company detected suspicious network activity on February 6, 2025, and immediately shut down all computer systems. A forensic investigation later confirmed that unauthorized access occurred between January 27 and February 6, 2025, during which attackers exfiltrated patient data files.

The breach now ranks as the third-largest healthcare data breach of 2025, trailing only Aflac's 13.9 million-record incident and Conduent Business Services' 62.2 million-record breach. It also places 16th among the largest healthcare data breaches ever recorded. The threat actor responsible for the attack remains unidentified, though the incident appears consistent with a ransomware operation based on the pattern of data exfiltration.

Compromised data varied by individual but included names, addresses, phone numbers, email addresses, and dates of birth. Health-related information exposed in the breach included diagnosis and treatment details, prescriptions, test results, medical images, medical record numbers, and physician names. Health plan information such as policy details, member and group ID numbers, and Medicare or Medicaid payor identifiers was also accessed. Episource began notifying affected individuals on a rolling basis starting April 23, 2025, and reported the breach to California authorities on June 6, 2025.

The incident has drawn scrutiny from U.S. senators concerned about UnitedHealth Group's cybersecurity practices following multiple major breaches. In August, Senators Bill Cassidy and Maggie Hassan sent a letter to UnitedHealth Group CEO Stephen Hemsley questioning the company's ability to secure systems after acquisitions, citing both this breach and the 2024 Change Healthcare incident that affected 192.7 million people. The senators requested details about security improvements implemented since these events, though UnitedHealth Group's responses have not been made public.

Episource is offering affected individuals two years of complimentary credit monitoring and identity theft protection services. The company stated it is strengthening system security measures to prevent similar incidents. Healthcare clients confirmed to be affected include Sharp HealthCare (24,971 individuals), Sharp Community Medical Group (2,029 individuals), and Wellcare, though the full extent of client impact remains unclear. Organizations should review their vendor security assessments and ensure business associates maintain adequate cybersecurity controls to protect patient data.

Subscribe now

Source: https://www.hipaajournal.com/episource-data-breach/

An Iranian-linked hacker group called Handala claimed to have disrupted Israeli military radar systems on June 7, 2026, but security researchers have determined the evidence shows only a breach of a municipal phone system. The group announced the alleged attack via Telegram on the same day Israel and Iran resumed hostilities after a two-month ceasefire, claiming to have placed the Kfar Yona municipality under digital siege and warning that the actions were "only a first warning" to Israel and its allies.

Security firm SOCRadar investigated the claims and shared findings with Hackread.com showing significant discrepancies. The screenshots Handala posted as proof displayed an Interactive Voice Response admin panel from a Tadiran Telecom Aeonix system, which manages office telephone routing. The images showed a sample auto attendant call-routing script with Hebrew language settings and included text stating "This is a sample script to demonstrate the different possibilities in Aeonix Auto Attendant."

The Aeonix system is a digital receptionist application that automatically answers and routes incoming calls for businesses and government offices. It has no connection to military radar networks or air defense infrastructure. The evidence indicated access to a municipal phone system rather than any military target, contradicting Handala's claims of disrupting signal networks across Israel's military radar systems.

Handala has a documented history of timing cyberattack claims with real-world military events for psychological impact. The group has conducted verified operations since the current conflict began in February 2026, including a confirmed data-wiping attack against medical technology firm Stryker Corporation that prompted FBI domain seizures and Department of Justice attribution. The group also claimed responsibility for breaching FBI Director Kash Patel's personal Gmail account and leaking private documents.

Security researchers noted that publicly exposing a genuine military breach on Telegram would be operationally reckless, suggesting the exaggerated claims may be intended for propaganda purposes. Organizations should verify breach claims through independent technical analysis rather than accepting attacker statements at face value. While this particular claim appears inflated, researchers warn that Iran-linked hacking groups remain active and capable of conducting damaging operations against both private sector and government targets.

Subscribe now

Source: https://hackread.com/handala-israeli-radar-hack-evidence-phone-admin-panel/

The French government's secure messaging platform Tchap suffered a security breach after attackers gained access through a compromised user account. DINUM, France's digital affairs directorate, disclosed the incident and confirmed that hackers successfully infiltrated the encrypted communication system used by government officials.

Tchap was developed as a sovereign messaging solution for French government communications, designed to provide secure channels for official business. The platform serves as France's alternative to commercial messaging services, intended to keep sensitive government communications within national infrastructure and under French control.

The breach occurred through account hijacking, where attackers obtained credentials to a legitimate user account and used those credentials to access the platform. This method bypassed the platform's encryption by entering through an authorized account rather than breaking the encryption itself. The specific technique used to compromise the initial account has not been disclosed.

The incident raises concerns about the security of government communications and the potential exposure of sensitive official discussions. While Tchap employs end-to-end encryption for messages, a compromised account grants access to all conversations that account participates in. The extent of data accessed and the duration of unauthorized access remain under investigation.

Government users should immediately review their account security settings and enable additional authentication measures where available. Organizations using similar platforms should audit account access logs for suspicious activity and reinforce credential security through multi-factor authentication requirements. DINUM continues to investigate the breach and assess its full impact on government communications.

Subscribe now

Source: https://www.bleepingcomputer.com/news/security/french-govt-messaging-service-breached-in-account-hijacking-attack/

Instagram suffered a brief but significant security incident on June 6, 2026, when a programming error in its password reset system exposed the full contact details of users attempting to recover their accounts. The flaw affected high-profile individuals including Meta CEO Mark Zuckerberg and footballer Kylian Mbappé, whose private phone numbers and email addresses became visible to anyone who entered their usernames into the reset tool. Meta implemented an emergency fix within hours of the issue being reported on social media.

The vulnerability stemmed from a logic bug in Instagram's password reset mechanism. Under normal operation, the system masks contact information by displaying only partial details, such as showing an email address as m***@fb.com. However, the coding error disabled this protection, allowing the full, unredacted contact information to appear on screen. Screenshots of the exposed data, including Zuckerberg's login screen, circulated widely on social media platforms before Meta could contain the issue.

Security researchers have classified this as a logic flaw rather than a system breach, meaning no external attackers penetrated Meta's infrastructure to extract data. The bug revealed information that was already associated with user accounts but should have remained hidden during the password reset process. The incident also exposed previously unknown accounts, including what appears to be Mbappé's private TikTok profile not linked to his public identity. Meta has not yet assigned a CVE identifier to track this vulnerability formally.

The exposure raises compliance concerns under European data protection regulations, specifically GDPR Article 25, which requires privacy by design and default in systems handling personal data. While Meta maintains that no mass data theft occurred, the temporary visibility of contact details creates security risks for affected users. Exposed phone numbers and email addresses can be exploited for phishing campaigns, SIM-swapping attacks that hijack phone services, or cross-referencing to identify other online accounts belonging to the targets.

This incident adds to a troubling pattern of security issues at Instagram in 2026. In January, scammers exploited the password system to distribute millions of fraudulent emails, and approximately 17.5 million user records allegedly appeared on dark web forums. More recently in June, attackers used prompt injection techniques to compromise Meta's AI customer service chatbot, gaining control of high-profile accounts including the White House archive and US Space Force pages. Organizations and individuals using Instagram should review their account security settings, enable two-factor authentication using authenticator apps rather than SMS, and monitor for suspicious activity following this exposure.

Subscribe now

Source https://hackread.com/instagram-glitch-leaks-contact-info-mark-zuckerberg-users/

Meta disclosed that a critical flaw in its AI-assisted Instagram account recovery tool exposed more than 20,000 user accounts to takeover attacks over a seven-week period in 2026. The vulnerability in the High Touch Support (HTS) tool, which was designed to help users regain access to locked accounts, allowed attackers to reset passwords for any Instagram account by simply providing their own email address. The tool failed to verify whether the submitted email matched the account's registered address before sending password reset links.

The breach window extended from approximately April 17 through early June 2026, with Meta discovering the issue on May 31. During this period, attackers exploited the flaw to gain complete access to compromised accounts, including direct messages, contact information, dates of birth, posts, stories, and linked external services. Accounts without two-factor authentication enabled were particularly vulnerable, as attackers could immediately lock out legitimate owners after resetting passwords.

The technical failure represents a fundamental oversight in identity verification. The HTS system accepted any email address provided during the recovery process and sent password reset links to that address without cross-referencing it against the account's actual registered email. This allowed unauthorized parties to receive reset links for accounts they did not own and subsequently take control if 2FA was not active. The vulnerability went undetected for approximately six weeks before internal discovery.

Following discovery, Meta took immediate remediation steps by disabling the HTS tool entirely, invalidating all reset links generated through the vulnerable pathway, and forcing mandatory security checkpoints for all potentially affected accounts. The company implemented full password resets and re-authentication requirements for impacted users. Meta has also initiated a review of similar account recovery mechanisms across all its platforms, suggesting concerns about potential parallel vulnerabilities in other systems.

This incident adds to Meta's growing list of security failures, following previous penalties including a $264 million fine for a 2018 Facebook breach affecting 29 million accounts and a €91 million fine for storing hundreds of millions of passwords in plaintext. California Attorney General Rob Bonta and 39 other state attorneys general have called on Meta to strengthen protections against account takeovers. Meta is notifying affected users and recommending they enable two-factor authentication and review their security settings immediately.

Subscribe now

Source https://securityaffairs.com/193307/ai/meta-ai-recovery-tool-flaw-exposed-20000-instagram-accounts.html

The United Nations World Food Programme has confirmed a data breach affecting aid recipients in Gaza, notifying victims through Telegram messages over the weekend. The agency disclosed that unauthorized parties gained access to data stored in its self-registration application, which is used to manage humanitarian assistance distribution in the region.

The WFP operates extensive food assistance programs in Gaza, where ongoing conflict has created severe humanitarian needs. The self-registration system allows individuals and families to register for aid distribution, collecting personal information necessary for program administration and verification.

The breach compromised data stored within the registration application, though the WFP has not yet disclosed the specific types of information accessed or the number of individuals affected. Such systems typically contain names, contact details, family composition data, and potentially identification numbers or biometric information used to prevent duplicate registrations.

The incident raises serious concerns about the security of vulnerable populations whose data may now be in the hands of malicious actors. Aid recipients in conflict zones face heightened risks if their personal information is exposed, including potential targeting, discrimination, or exploitation. The breach also highlights the challenges humanitarian organizations face in maintaining cybersecurity while operating in crisis environments with limited infrastructure.

The WFP has begun notifying affected individuals and presumably launched an investigation into the security incident. Aid recipients should monitor for suspicious communications or attempts to exploit their personal information. Humanitarian organizations operating in similar contexts should review their data protection measures and consider additional safeguards for beneficiary information, particularly in high-risk environments where data exposure could endanger lives.

Subscribe now

Source https://therecord.media/un-food-agency-investigates-gaza-aid-breach

Security researchers at Sophos identified an undeclared crypto-mining executable bundled with Hola Browser during routine AppEsteem Windows Certified Application testing. The component, named me.exe, was flagged as a Potentially Unwanted Application (PUA) and exhibited multiple red flags including lack of code signing, obfuscated code, and memory-write capabilities. The file was not present in all installer distributions, suggesting inconsistencies in Hola's software delivery pipeline rather than a fixed installer payload.

Analysis revealed the binary functioned as a cryptocurrency miner based on XMRig. When executed with administrative privileges, it copied itself to the Hola program directory as HolaMonitorService.exe and created an autostart service configured to run during system idle periods. The malware also attempted to add Windows Defender exclusions to avoid detection. Sophos now detects this threat as Troj/GoMiner-B.

Hola CEO Avi Raz Cohen confirmed the incident was a supply chain compromise affecting approximately 0.1% of users. The company stated their internal security monitoring detected the anomalous activity independently, and they engaged cybersecurity firm Sygnia to conduct a forensic investigation. According to both Hola's internal review and Sygnia's findings, no user data was accessed or exfiltrated during the incident.

The discovery highlights the value of industry certification programs in identifying supply chain integrity issues. AppEsteem's testing process, which validates that shipped binaries match declared certified components, caught the discrepancy when multiple security vendors flagged the unauthorized executable. The inconsistent presence of me.exe across different test runs indicated a pipeline configuration problem rather than intentional inclusion.

Hola has since halted the affected delivery pipeline and completely rebuilt their distribution infrastructure. The company implemented advanced code-signing verification, tighter access controls, and continuous monitoring to prevent similar incidents. Organizations using Hola Browser should verify they are running the latest version and scan systems for the presence of me.exe or HolaMonitorService.exe in the Hola program directory.

Subscribe now

Source:https://www.sophos.com/blog/you-do-surprise-me-exe-an-unexpected-executable-in-hola-browser

Ultrahuman, an India-based wearable health-tech startup, has confirmed that hackers gained unauthorized access to customer wellness data after compromising an employee's laptop with malware. The breach, which occurred on March 27, affected an internal analytics system and exposed health information for approximately 700 customers, representing 0.1% of the company's roughly 700,000 monthly active users. The company notified affected customers via email on Wednesday, several days after the incident.

Founded in 2019, Ultrahuman manufactures smart rings and metabolic health-tracking devices that monitor sleep, activity, and recovery metrics. The startup competes directly with Oura Ring through its Ring Air product and recently launched the Ring Pro with enhanced sensors and battery life. The company has raised approximately $103 million from investors including Nexus Venture Partners, Steadview Capital, and Blume Ventures.

The attackers obtained credentials from an employee's malware-infected laptop, which granted them access to the internal analytics system. According to the company's FAQ, the threat actor gained read-only access to the affected system. However, Ultrahuman declined to confirm whether its investigation determined if customer data was actually exfiltrated from the system. The company also refused to specify what types of information constitute "wellness data" or whether the hackers made any contact or demands.

Ultrahuman CEO Mohit Kumar stated that the company's security alerting systems detected the incident within hours, and the team immediately closed the vulnerability and revoked all access. The company emphasized that no passwords, payment information, production systems, or Ultrahuman Ring devices were compromised during the breach. Kumar explained that the delay in notifying affected users was necessary to audit the full scope of the incident and determine exactly what data had been affected. The company said it is notifying relevant regulators about the breach.

The incident highlights ongoing security concerns with wellness tracker companies that store sensitive health data on centralized servers accessible to employees. This architecture creates potential access points for malicious actors, as well as governments and internal personnel. Organizations using similar devices should review their data handling practices and consider whether employees require access to production customer data. Companies should implement strict access controls, monitor for credential theft, and deploy endpoint protection on all devices with access to customer information.

Subscribe now

Source: https://techcrunch.com/2026/06/03/ultrahuman-says-hackers-accessed-customers-wellness-data-via-internal-tool/

A finance executive at an undisclosed stock exchange fell victim to a monthslong email compromise campaign in which attackers maintained near-continuous access to their inbox using legitimate Windows system tools. The threat actor exploited native administrative utilities to establish persistence and monitor communications while evading traditional security controls.

The attack demonstrates a growing trend among sophisticated threat actors who increasingly rely on living-off-the-land techniques rather than custom malware. By using built-in Windows tools that are normally present in enterprise environments, attackers can blend their activities with legitimate administrative tasks and avoid triggering signature-based detection systems.

The specific Windows utilities employed in this campaign were not disclosed, but such attacks typically involve tools like PowerShell, Windows Management Instrumentation, or remote access capabilities built into the operating system. These tools provide attackers with the ability to maintain persistent access, exfiltrate data, and monitor email communications without deploying easily detectable malicious software.

The compromise of a finance executive's email at a stock exchange represents a significant security incident given the sensitive nature of financial communications and potential for insider trading or market manipulation. The extended duration of the breach suggests the attacker successfully evaded detection mechanisms for an extended period, potentially accessing confidential business information, strategic plans, and market-sensitive communications.

Security teams should conduct thorough reviews of email access logs and authentication patterns to identify suspicious activity. Organizations should implement behavioral monitoring solutions that can detect anomalous use of legitimate system tools, apply strict access controls to administrative utilities, and consider application whitelisting to restrict which tools can execute in sensitive environments. Regular security awareness training should emphasize the risks of email compromise and the importance of reporting suspicious account activity.

Subscribe now

Source: https://www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign

The Police Service of Northern Ireland has issued a public warning after scammers successfully spoofed its official switchboard number to conduct fraud attempts. A victim reported receiving a call on Monday afternoon from what appeared to be the PSNI's legitimate number, with the caller claiming to be a police officer investigating a case involving the recipient. The scammer alleged the victim's name was linked to an investigation concerning money transfers to narcotic-related countries.

During the call, the fraudster requested sensitive banking information and asked the victim to purchase gift cards, claiming the codes were needed as part of the investigation process and that funds would be returned later. Inspector Walker of the PSNI confirmed the suspicious nature of this request, noting that legitimate police investigations never involve gift card purchases. The intended victim became suspicious of the unusual demands and wisely refused to share personal or banking details before blocking the caller.

Phone number spoofing allows criminals to manipulate caller ID systems to display any number they choose, including those belonging to trusted organizations like law enforcement agencies. This technique exploits the public's tendency to trust calls appearing to come from official sources. The PSNI confirmed that its switchboard number was indeed spoofed and that no actual member of the police force initiated the fraudulent call. Authorities are conducting follow-up inquiries but have not yet made any arrests in connection with the attempted fraud.

This incident represents the second major fraud warning issued by the PSNI within two days. On Monday, the force disclosed a separate case involving an elderly woman who lost over £250,000 to a fake cryptocurrency investment scheme. The criminals convinced her to send increasingly larger amounts and tricked her into downloading malware that gave them control of her devices, enabling further unauthorized transfers. According to the FBI's annual digital crimes report, cryptocurrency investment scams increased by 48 percent in complaints last year, with losses rising 25 percent, particularly affecting individuals aged 60 and over.

The PSNI advises the public never to disclose personal or financial details over the phone, in person, or by email to unknown individuals. Inspector Walker emphasized that guarding personal and banking information is essential. Anyone who falls victim to digital fraud in the UK should immediately contact local police, their bank, and Action Fraud for assistance. Remaining vigilant to unsolicited calls requesting sensitive information or unusual payment methods like gift cards can help prevent falling victim to these increasingly sophisticated scams.

Subscribe now

Source: https://www.theregister.com/security/2026/06/02/northern-ireland-cops-issue-psa-after-official-phone-number-spoofed-by-scammers/5249999

Edmunds, a major automotive research and car-shopping platform, has been compromised in a data breach that exposed personal information belonging to 178,000 users. The ShinyHunters hacking group claimed responsibility for the attack in January 2026 and subsequently published the stolen data publicly.

The breach affects users who maintained accounts on the Edmunds platform for vehicle research and shopping purposes. The exposed dataset contains a significant amount of personally identifiable information that could be exploited for various malicious purposes, including identity theft and targeted phishing campaigns.

The compromised data includes email addresses, usernames, hashed passwords, IP addresses, phone numbers, and vehicle-related records. The inclusion of passwords is particularly concerning, as many users reuse credentials across multiple online services. IP addresses can reveal geographic locations and browsing patterns, while phone numbers enable direct contact for social engineering attacks. Vehicle-related records may contain information about car ownership, purchase history, and personal preferences.

ShinyHunters is a known cybercriminal group with a history of high-profile data breaches and subsequent public data dumps. The group's decision to publish the Edmunds data publicly rather than selling it privately increases the risk to affected users, as the information is now accessible to any threat actor. This pattern of behavior has been observed in previous ShinyHunters operations targeting various online platforms.

Users who have accounts on Edmunds should take immediate action to protect themselves. First, change your Edmunds password and any other accounts where you used the same or similar credentials. Enable two-factor authentication wherever possible to add an extra layer of security. Monitor your email and phone for suspicious messages or phishing attempts that reference your vehicle interests or Edmunds activity. Consider placing fraud alerts with credit bureaus if you provided financial information to the platform. Organizations should review their security posture and implement robust monitoring to detect similar intrusion attempts.

Subscribe now

Source: https://haveibeenpwned.com/Breach/Edmunds

A cyberattack that disrupted Los Angeles public transit systems in March 2024 has been linked to Iranian intelligence services, according to research published by Tel Aviv-based cybersecurity firm Gambit Security. The attack targeted the Los Angeles County Metropolitan Transportation Authority (LACMTA), forcing temporary shutdowns of network portions and disrupting digital services used by passengers throughout the city. A hacking group calling itself "Ababil of Minab" claimed responsibility approximately two weeks after LACMTA detected the intrusion on March 16.

Gambit Security's investigation revealed that attackers exfiltrated at least 700 gigabytes of sensitive information, including emails, backups, databases, and internal files. Researchers discovered the stolen data after it was accidentally exposed online, with forensic evidence connecting the exposed server to a previously identified hacking campaign attributed to Tehran by Israeli officials and cybersecurity experts. The group's name references a 2023 bombing at a girls' school in Minab, Iran, where officials reported over 175 casualties.

The attack went beyond simple data theft, according to Gambit's findings. Attackers deliberately deleted virtual machines, databases, and storage volumes while damaging backup infrastructure to impair LACMTA's recovery capabilities. The hackers also released a video purportedly showing them navigating through the transit agency's network during the operation. Passenger-facing systems affected included train and bus arrival time displays and digital transit card funding functions, though LACMTA stated that actual transportation operations continued without interruption.

LACMTA has not confirmed Gambit's attribution findings and declined to comment on the research. In a statement released last month, transit authority officials said they were collaborating with law enforcement agencies and cybersecurity specialists to restore affected systems, adding that "attribution is part of the investigation, and we will not speculate." The agency has maintained there was no indication that customer or employee data was compromised, contradicting Gambit's assessment of the breach's scope.

The attack has raised concerns among cybersecurity experts given Los Angeles' role as a host city for the FIFA 2026 World Cup, which begins June 11, 2026. Transportation infrastructure may become an increasingly attractive target ahead of major international events. Eyal Sela, Gambit's director of threat intelligence, noted that while a connection between Ababil and the Iranian state had been a working assumption among analysts, the firm's research provides forensic evidence to support that attribution. The group claims to operate as an independent activist organization, though researchers say its rhetoric and tactics closely resemble those of vigilante hacking groups believed to serve as fronts for Iranian intelligence services.

Subscribe now

Source: https://thecyberexpress.com/la-public-transport-cyberattack/

Motorola has disabled functionality in its preinstalled Smart Feed app after security researchers and users discovered it was intercepting Amazon Shopping app launches to insert affiliate referral codes without user consent. The app silently modified user traffic to redirect a portion of Amazon purchase commissions to Motorola, effectively monetizing user shopping activity through undisclosed affiliate marketing.

The Smart Feed app comes preinstalled on many Motorola Android devices as part of the manufacturer's software bundle. When users attempted to open the legitimate Amazon Shopping app, Smart Feed would intercept the launch and inject affiliate tracking codes into the session. This type of traffic manipulation allows the device manufacturer to earn referral commissions on purchases users make through Amazon, with users unaware their shopping activity was being monetized by a third party.

The technical mechanism involved the Smart Feed app monitoring for Amazon app launches and inserting itself into the process to modify outbound traffic. This represents a form of on-device ad tech that operates at the system level, taking advantage of the app's preinstalled status and elevated permissions. Security researchers flagged the behavior as a violation of user trust, particularly because it occurred silently without disclosure in app permissions or privacy policies that users would reasonably review.

The discovery adds to ongoing concerns about bloatware and preinstalled apps on Android devices from major manufacturers. These apps often cannot be fully uninstalled by users and may have system-level permissions that enable intrusive behavior. The incident affects Motorola phone owners who had Smart Feed installed, though the exact number of impacted devices remains unclear. Motorola has not issued a public statement detailing the scope or duration of the affiliate injection program.

Users with Motorola devices should immediately check for updates to the Smart Feed app, which should include the disabled affiliate injection functionality. Review all permissions granted to preinstalled apps and consider using Android's disable function for bloatware that cannot be uninstalled. Organizations deploying Motorola devices should audit preinstalled software and consider enterprise management policies that restrict or remove manufacturer bloatware. This incident highlights the need for greater transparency in how device manufacturers monetize preinstalled software and the importance of user consent in affiliate marketing programs.

Subscribe now

Source: https://gbhackers.com/motorola-app-allegedly-hijacks-amazon-app-activity/

GitHub Actions suffered a major outage lasting more than three hours on May 26, 2025, disrupting continuous integration and deployment pipelines for development teams globally. The service failure began around 1030 UTC and was not officially acknowledged until 1057 UTC, when GitHub reported degraded performance for Actions and Pages. The company later revised its status to indicate the majority of Actions runs were impacted due to authentication problems.

The outage had widespread impact because GitHub Actions serves as the control plane for all workflow executions, including those using self-hosted or external runners. Unlike repository access issues where developers can continue working locally, a CI/CD service failure completely blocks automated build, test, and deployment processes. One on-call engineer reported their company's continuous integration was essentially paralyzed during the incident.

Adding to user frustration, the service displayed misleading error messages stating "Your account was suspended" when workflows failed. This false alarm caused significant concern among developers, as actual account suspensions by cloud providers typically require days to resolve and involve navigating automated support systems. One developer shared they had previously experienced a four-month GitHub account suspension that support later admitted was a mistake.

GitHub attributed the outage to authentication issues and declared the incident resolved at 1318 UTC. However, the company acknowledged that some issues, pull requests, comments, and discussions were incorrectly marked as hidden and required correction. This marks another reliability incident for GitHub in 2025, following previous outages attributed to increased activity from AI coding tools, automated agents, and data scraping bots training large language models.

Organizations should review their CI/CD dependencies and consider implementing fallback strategies for critical workflows. While GitHub alternatives and self-hosted solutions are discussed after each major outage, migration costs and GitHub's generous free tier keep most teams locked into the platform. GitHub COO Kyle Daigle reported platform activity continues surging, with Actions usage growing from 500 million minutes per week in 2023 to 2.1 billion minutes in recent weeks, largely driven by AI-generated code.

Subscribe now

Source: https://www.theregister.com/devops/2026/05/27/github-actions-outage-told-devs-your-account-is-suspended/5246867

Lithuania is investigating a significant data breach that exposed more than 600,000 entries from national government registers, with authorities indicating they suspect foreign actors may be behind the incident. The breach affects data stored in official state databases, though Lithuanian officials have not yet publicly detailed which specific registers were compromised or what types of citizen information were exposed.

The scale of the breach represents a substantial portion of Lithuania's population of approximately 2.8 million people, suggesting that a significant percentage of citizens may have had their personal data compromised. National data registers typically contain sensitive information including identification details, addresses, tax records, and other government-held citizen data. The suspected foreign involvement adds a geopolitical dimension to the incident, though authorities have not attributed the breach to any specific nation or group.

Lithuanian cybersecurity teams are working to determine the full scope of the breach, including how the attackers gained access to the systems, what specific data was exfiltrated, and whether the information has been published or sold. The investigation will likely focus on identifying security vulnerabilities in the national register systems and determining whether the breach was part of a targeted espionage operation or a financially motivated attack.

The incident highlights ongoing concerns about the security of government databases, particularly in countries near geopolitical tension zones. Lithuania, as a NATO member bordering Russia and Belarus, has previously been targeted by cyberattacks and disinformation campaigns. The breach could enable various malicious activities, from identity theft and financial fraud to more sophisticated social engineering attacks against Lithuanian citizens and organizations.

Affected individuals should remain vigilant for phishing attempts, identity theft, and fraudulent communications that may reference their personal information. Organizations operating in Lithuania should review their security protocols and prepare for potential targeted attacks using the leaked data. Lithuanian authorities are expected to provide additional guidance as the investigation progresses and more details about the compromised information become available.

Subscribe now

Source: https://www.securityweek.com/lithuania-suspects-foreign-involvement-in-data-leak-of-over-600000-national-register-entries/

7-Eleven has confirmed a data breach that compromised information belonging to its franchisees, according to Chief Information Security Officer Jim Kastle. The company has initiated an investigation with the assistance of third-party cybersecurity specialists and has notified law enforcement authorities about the incident.

The breach represents a significant security event for one of the world's largest convenience store chains, which operates thousands of locations through a franchise model. While 7-Eleven has acknowledged the incident, the company has not yet released comprehensive details about the nature of the attack, the number of franchisees affected, or the specific types of data that were accessed by unauthorized parties.

The involvement of external cybersecurity specialists suggests the company is conducting a thorough forensic investigation to determine the full scope of the breach. This standard response protocol helps organizations identify how attackers gained access, what data was compromised, and whether any systems remain vulnerable. Law enforcement notification is required under various data breach regulations and can assist in tracking down perpetrators.

Franchisees face potential risks from this breach depending on what information was exposed. Typical franchisee data could include financial records, business agreements, personal identification information of franchise owners, and operational details. If such information falls into the wrong hands, it could be used for identity theft, financial fraud, or targeted phishing attacks against franchise operators.

Affected franchisees should immediately review their financial accounts for unauthorized transactions and consider placing fraud alerts on their credit reports. They should also be vigilant against phishing emails or phone calls that may reference the breach to appear legitimate. 7-Eleven is expected to provide additional guidance and potentially offer credit monitoring services as the investigation progresses and more details become available about the extent of the compromise.

Subscribe now

Source: https://www.mobilityplaza.org/news/44889