Information security

Information security

Data from 28,000 internal projects at Red Hat has been stolen. The hacker group Crimson Collective claims to have stolen nearly 570GB of data. The stolen information is not only affecting Red Hat: BleepingComputer reports that customer data from around 800 Customer Engagement Reports has also been stolen. The hackers claim that the breach took place around two weeks ago. Customer Engagement Reports (CERs) are documents that contain infrastructure details, configuration data, authentication keys, and other sensitive customer information.

From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing - no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome's settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real time, but privacy fights over data access and surveillance are heating up just as fast.

JFrog said in an analysis. The executable ("_AUTORUN.EXE") is a compiled Go file that, besides including a SOCKS5 implementation as advertised, is also designed to run PowerShell scripts, set firewall rules, and relaunch itself with elevated permissions. It also carries out basic system and network reconnaissance, including Internet Explorer security settings and Windows installation date, and exfiltrates the information to a hard-coded Discord webhook.

Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware malware strains establish persistent access to compromised Android devices and exfiltrate data. "Neither app containing the spyware was available in official app stores; both required manual installation from third-party websites posing as legitimate services," ESET researcher Lukáš Štefanko said. Notably, one of the websites distributing the ToSpy malware family mimicked the Samsung Galaxy Store, luring users into manually downloading and installing a malicious version of the ToTok app.

Healthcare Interactive, a company that develops AI-based medical insurance benefit enrollment and billing solutions, confirmed last week that it experienced a data breach that involved personal data from customers being moved offsite by hackers. The exact number of impacted individuals was not revealed. However, the company said stolen data included names, dates of birth, Social Security numbers, contact information and health insurance enrollment data-including ID numbers.

A Chinese state-sponsored hacking group tracked as 'Phantom Taurus' has been targeting government and telecommunications organizations for espionage for more than two years, Palo Alto Networks reports. Initially observed in 2023, the APT was only recently linked to Chinese hacking groups through shared infrastructure, as its tactics, techniques and procedures (TTPs) differ from those typically associated with threat actors operating out of China. "These enable the group to conduct highly covert operations and maintain long-term access to critical targets," says Palo Alto Networks.

Two of the vulnerabilities have been assigned a 'moderate severity' rating. One of them is CVE-2025-9231, which may allow an attacker to recover the private key. OpenSSL is used by many applications, websites and services for securing communications and an attacker who can obtain a private key may be able to decrypt encrypted traffic or conduct a man-in-the-middle (MitM) attack.

The continued surge in hybrid work, bring your own device (BYOD) and contractor reliance has undeniably made businesses more agile and flexible, but it has also introduced a wave of unmanaged devices into enterprise environments that frequently lack security controls, creating exposure to data loss and regulatory risk. To mitigate these issues, Cato Networks has launched Browser Extension, what it calls "a lightweight onramp" to the company's core secure access service edge (SASE) platform.

Hackers who attempted to extort a nursery chain by posting stolen images and data about children on the darknet have removed the posts and claim to have deleted the information. The criminals began posting profiles of the children to their website last Thursday, adding another 10 children days later and vowing to continue until Kido Schools paid a ransom in Bitcoin. The criminals also contacted parents directly with threatening phone calls whilst trying to get their ransom paid.

Thanks to modern wallets and managed platforms, getting up and running can be low friction, secure and even enjoyable. But the moment you decide to take on the role of routing payments for others - hoping to earn satoshis from fees - the game changes completely. The Hidden Pitfalls of Running a Remote Lightning Node Running a remote Lightning node can be a powerful way to participate in the Bitcoin ecosystem.

Businesses seeking a powerful rack-optimised server will find HPE's ProLiant Compute DL360 Gen12 could be just what they're looking for. Supporting up to 144-core Xeon 6 CPUs, this dual-socket 1U server targets a diverse range of high-performance workloads such as server consolidation, hybrid cloud, databases, VDI, data analytics, and virtualization. The Gen12 portfolio comprises eight servers and introduces a wealth of new features, including enhanced platform security.

The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence. In research published Tuesday, the identity services provider said nearly half of the companies (48 percent) targeted by the scam fall outside the IT sector, and fraudsters are increasingly applying for remote jobs in finance, healthcare, public administration and professional services.

The UK is one of the world's worst performers when it comes to protecting against bots - though most countries are pretty poor. That's according to DataDome, which states that only 1.8% of large UK domains are fully protected against bots, compared with a Europe-wide average of 2.5% and a global average of 2.8%. Bigger organizations are no better than smaller ones, with only 2% of domains with more than 30 million monthly visits fully protected.

In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections-which work by storing certain data and processes inside encrypted enclaves known as TEEs ( Trusted Execution Enclaves)-are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp.

A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can download the full report here. The research, conducted primarily among US-based organizations, shows that AI adoption in security operations has shifted from experimental to essential as teams struggle to keep pace with an ever-growing stream of security alerts.

Researchers at Arctic Wolf are sounding the alarm about a ransomware campaign that has been ongoing since July 2025 and is still claiming victims. What started as a series of breaches via SonicWall firewalls has now grown into one of the fastest and most dangerous attacks currently in circulation. New research shows that even devices with the latest firmware remain vulnerable.