ICYMI: China-linked Cyber Espionage Group Compromise Multiple Organizations In SE Asia

A known data breach affecting a major insurance administrator may have compromised the personal information of nearly twice as many people as previously reported, according to an article from Lifehacker. A May 2024 cyberattack on Landmark Admin is believed to include at least 1.6 million people's data, according to an updated filing with the Maine attorney general's office. Landmark Admin is a Texas-based third-party administrator (TPA) for life insurance and annuity companies like Liberty Bankers Life and American Benefit Life, which offer policies nationwide. A TPA offers insurers support with accounting, regulatory reporting, reinsurance, and IT. That means that while you may not ever have dealt directly with Landmark Admin, your information could still have been leaked.

HP Inc. has agreed to pay $4 million to settle a class-action lawsuit in the US that alleged it used deceptive pricing tactics on its website, including fake discounts and misleading limited-time offers, according to an article from The Register. As a result, customers who bought specific PC models [PDF], as well as some mice and keyboards, between June 5, 2021, and October 28, 2024, may be able to get a few bucks back, assuming the judge approves the settlement and affected customers file the necessary claim form. HP did not admit any wrongdoing as part of the deal. The dispute began on September 7, 2021, when Rodney Carvalho purchased a desktop PC from HP Inc's website for $899.99, advertised as $100 off the regular price of $999.99. However, he alleged in a lawsuit – brought against the computer titan in California a year later – that HP had been selling the same model at $899.99 for months, making the advertised discount misleading.

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins, according to an article from Bleeping Computer. The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials. The fraudulent message appeared to come from “no-reply@google.com” and passed the DomainKeys Identified Mail (DKIM) authentication method, but the real sender was different.

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025, according to an article from The Hacker News. “Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company,” the Symantec Threat Hunter Team said in a new report shared with The Hacker News. “The attacks involved the use of multiple new custom tools, including loaders, credential stealers, and a reverse SSH tool.” The intrusion set is also said to have targeted a news agency located in another country in Southeast Asia and an air freight organization located in another neighboring country.

The European Union is determined to enforce its full digital rule book no matter who is in charge of companies such as X, Meta, Apple, and TikTok or where they are based, Commission President Ursula von der Leyen told Politico, according to an article from Reuters. “That's why we've opened cases against TikTok, X, Apple, Meta just to name a few. We apply the rules fairly, proportionally, and without bias. We don't care where a company's from and who's running it. We care about protecting people,” Politico quoted von der Leyen as saying on Sunday.

Notion Mail is finally out in the wild, for anyone who has a Gmail account, according to an article from Lifehacker. And it's quintessential Notion. If you've used the standard Notion app, you really can't confuse it for anything else. Notion Mail is a minimalist and text-based take on the Mail app that isn't trying to do anything revolutionary. There are no AI summaries, and no complicated split views like in Superhuman. It's just your email, sorted in a way that you like. What does it mean, though, to apply the Notion philosophy to email, and is it good enough for you to make the switch? That is, if you even can. Currently, Notion Mail only works on the Web and on Mac, and it only supports Gmail accounts (leaving out Outlook and enterprise emails). Notion Mail's iOS app is on the way, and the Android app will launch in 2025 as well. But there's no app for Windows on the roadmap.

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertising platforms, according to an article from Bleeping Computer. The nonprofit health plan, which serves nearly 6 million members across California, published a data breach notification on its website stating that member data was exposed between April 2021 and January 2024. In late April 2025, the United States Department of Health and Human Services breach portal was updated to state that the leak exposed 4.7 million members' protected health data. According to the notice, the exposure was caused by a misconfiguration of Google Analytics on certain Blue Shield sites. This resulted in the sensitive data potentially being shared with Google advertising platforms and advertisers.

It looks like Google Photos is rolling out the ability to convert standard photos into Ultra HDR after they’ve been taken, according to an article from Android Authority. The feature seems to have started appearing for some users. Google Photos has been working on an “Ultra HDR” editing feature for a while now. We first spotted signs of the feature in the app last September, but at the time, the option wasn’t functional, and it wasn’t clear what it was supposed to do. Still, we had a hunch it was tied to the Ultra HDR file format Google introduced with Android 14. Ultra HDR allows for capturing and displaying photos with a wider range of light and color. The result is more vibrant, lifelike images, especially noticeable on devices with high dynamic range (HDR) displays. But Ultra HDR is also backward-compatible, meaning it can still display normally on older, non-HDR devices. It does this by packing both SDR and HDR versions of the image into a single file.

In a surprising twist at Google’s ongoing antitrust trial, an OpenAI executive revealed that the company would be interested in buying Google’s Chrome browser if regulators force its sale, according to an article from TechRepublic. The bombshell statement came as the US government pushes for drastic measures to break up Google’s dominance in online search. Nick Turley, head of product for ChatGPT, testified in court on Tuesday that OpenAI would jump at the chance to acquire Chrome if it ever hits the market. “Yes, we would, as would many other parties,” Turley said, according to Bloomberg. He added that owning Chrome could help OpenAI create an “AI-first” browsing experience, offering users something truly unique.

Google has made an unusual announcement about browser cookies, but it may not come as much of a surprise given recent events, according to an article from Ars Technica. After years spent tinkering with the Privacy Sandbox, Google has essentially called it quits. According to Anthony Chavez, VP of the company's Privacy Sandbox initiative, Google won't be rolling out a planned feature to help users disable third-party cookies. Instead, cookie support will remain in place as is, possibly forever. Beginning in 2019, Google embarked on an effort under the Privacy Sandbox banner aimed at developing a new way to target ads that could preserve a modicum of user privacy. This approach included doing away with third-party cookies, small snippets of code that advertisers use to follow users around the web. Google struggled to find a solution that pleased everyone. Its initial proposal for FLoC (Federated Learning of Cohorts) was widely derided as hardly any better than cookies. Google then moved on to the Topics API, but the company's plans to kill cookies have been delayed repeatedly since 2022. Until today, Google was still planning to roll out a dialog in Chrome that would prompt users to turn off third-party cookies in favor of Google's updated solution. According to Chavez, Google has been heartened to see the advertising industry taking privacy more seriously. As a result, Google won't be pushing that cookie dialog to users. Users can still choose to disable third-party cookies in Chrome, though.

Data breaches targeting healthcare and compromising patient information seem to be coming fast and furious, the latest of which occurred at Yale New Haven Health (YNHHS), a massive nonprofit healthcare network in Connecticut. Hackers stole the data of more than 5.5 million individuals during an attack in March 2025, according to an article from Lifehacker. The organization discovered “unusual activity” on its system on March 8, 2025, which was later identified as unauthorized third-party access that allowed bad actors to copy certain patient data. While the information stolen varies by individual, it may include name, date of birth, address, phone number, email address, race, ethnicity, Social Security number, patient type, and medical record number. YNHHS says the breach did not include access to medical records, treatment information, or financial data (such as account and payment information).

DuckDuckGo may face a user backlash after security researchers discovered a hidden tracking agreement with Microsoft, according to an article from TechRadar. The privacy-focused company offers a search engine that claims not to track people’s searches, or behavior, and also doesn't build user profiles that can be used to display personalized advertising. Search engine aside, DuckDuckGo also offers a mobile browser of the same name, but this has raised concerns, as although this promises to block hidden third-party trackers, some from a certain tech giant are allowed to continue operating. Namely, while Google’s and Facebook’s trackers are being blocked, those of Microsoft are allowed to continue running. Zach Edwards, the security researcher who first discovered the issue, later also found that trackers related to the bing.com and linkedin.com domains were also being allowed through the blocks. The news quickly drew in crowds of dissatisfied users, with DuckDuckGo founder and CEO Gabriel Weinberg, soon chiming in to confirm the authenticity of the findings. Apparently, DuckDuckGo has a search syndication agreement with the software giant from Redmond, with Weinberg adding that the restrictions are only found in the browser, and are not related to the search engine. What remains unknown is why the company who is known for its transparency decided to keep this agreement a secret for as long as it could.

The European Union has fined Apple and Meta a combined $800 million for violating its antitrust laws. The bloc took issue with Apple’s restrictions on app developers informing users about offers outside the App Store and Meta’s advertising model, which compels users to pay to prevent their data from being sold to advertisers, according to an article from TechRepublic. Both companies were formally charged last summer for these violations of the Digital Markets Act, and the fines are the first under the 2022 legislation. The act aims to promote fairness and competition among digital products and services by enforcing rules on certain influential tech firms, called “gatekeepers.” Apple and Meta now have 60 days to comply or could face additional penalties. Fines for DMA breaches can be up to 10% of a company’s total worldwide turnover, or 20% for repeated offences, but those handed to Apple and Meta are nowhere near this.

A new study in which artificial intelligence outperformed expert virologists in specialized laboratory tasks is raising hopes for faster biomedical breakthroughs and fears about bioweapon risks, according to an article from eWeek. Researchers tested leading AI models against the Virology Capabilities Test, a benchmark designed to assess expert-level knowledge in virology and wet lab protocols. The results suggest that AI models like OpenAI’s GPT-4o surpassed the accuracy of most human virologists.

According to an article from Reuters, Apple aims to make most of its iPhones sold in the United States at factories in India by the end of 2026, and is speeding up those plans to navigate potentially higher tariffs in China, its main manufacturing base, a source told Reuters. The U.S. tech giant is holding urgent talks with contract manufacturers Foxconn and Tata to achieve that goal, the person, who declined to be named as the planning process is confidential, said on April 25.

OpenAI, Perplexity, and Yahoo have expressed an interest in possibly buying Chrome if Google’s browser is for sale, according to an article from TechRepublic. With roughly two-thirds of the global browser market, Chrome is the default browser for billions of users. That’s why OpenAI, Perplexity, and even Yahoo see it as a golden opportunity. Owning Chrome would give any company instant access to a massive audience, letting them push their own search engines, AI tools, or other services. Nick Turley, head of product at OpenAI, testified that his company would be eager to buy Chrome if it becomes available. “Yes, we would, as would many other parties,” Turley said in court. He added that owning Chrome could help OpenAI build an “AI-first” browsing experience. AI search startup Perplexity is also interested in buying Chrome. Dmitry Shevelenko, Perplexity’s chief business officer, said, “I think we could do it” when asked if Perplexity could run Chrome without sacrificing quality, according to The Verge. Perplexity is already working on its own browser, but buying Chrome would be a shortcut to billions of users. Yahoo is another potential buyer. Brian Provost, Yahoo Search’s general manager, testified that buying Chrome would cost “tens of billions of dollars” but said it could happen with backing from Apollo Global Management, Yahoo’s owner, The Verge reported.

Amazon’s Kuiper broadband internet constellation is starting to take shape, with its first batch of satellites shipped and deployed into space on April 28, according to an article from The Verge. The launch is just the first of 80 that Amazon has lined up to take all 3,236 Project Kuiper satellites into low-Earth orbit as part of the retail giant’s effort to compete with Starlink — SpaceX’s market-dominating satellite internet business. The United Launch Alliance (ULA) Atlas V rocket carrying Amazon’s first 27 Kuiper satellites was launched from Florida’s Cape Canaveral Space Force Station at 7PM ET on April 28th, after its first attempt on April 9th was scrubbed due to poor weather conditions.

In February, It's Foss News reported that a WSL image for Arch Linux was on its way, and as of now, it has become official — Arch Linux is available, according to an article from ZDNet. Windows Subsystem for Linux is a compatibility layer that allows the running of a full-blown Linux environment. Up until this point, the only images available for WSL have been Ubuntu, Debian, Fedora Remix, openSUSE, Kali Linux, and Pengwin. The addition of Arch delivers a rolling release distribution that should excite plenty of users, developers, and admins who want to finally try Arch.

Apple sent spyware alerts to users in 100 countries. If you received one, don't ignore it, according to an article from Lifehacker. As much as this situation sounds like classic spam, it's very much not: Apple actually did send alerts to users on April 30, 2025, warning them they might be targeted by “mercenary spyware attacks.” Two of the users Apple alerted were Ciro Pellegrino, an Italian journalist for Fanpage, and Eva Vlaardingerbroek, a Dutch right-wing activist. An excerpt of the alert reads, “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-…This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”

While we know the shingles vaccine is effective at preventing shingles, evidence is mounting that it might also reduce the risk of dementia. Yes, a vaccination to prevent shingles may lessen your risk of dementia, according to an article from Harvard Health. A vaccine to prevent shingles is recommended for adults ages 50 and older, and for people 19 and older who have an impaired immune system. Some (though not all) studies have found that having shingles increases your risk of dementia in the future. And that's led researchers to explore the possibility that preventing shingles through vaccination might reduce dementia risk. Several studies suggest this is true.

Converting a .pdf to a .docx and back again may seem like a quick and easy thing you can do online for free — but that doesn't mean it's safe. A new notice from the FBI Denver Field Office warns that some online document converters are also loading malware onto unsuspecting users' computers, giving bad actors access to your device and your data, according to an article from Lifehacker. The tools may also scrape files submitted for conversion for sensitive information, such as Social Security numbers, birthdates, email addresses, passwords or tokens to bypass multi-factor authentication, banking information, and cryptocurrency seed phrases and wallet addresses. This scheme may be easy to miss, as the malicious file converters will do what they advertise, such as converting a .docx to a .pdf or joining multiple files into one. However, the file you download may contain hidden ransomware, adware, or riskware that exposes your computer to attackers. You may also be prompted to download a conversion tool (that is actually malware) to your device or install a malicious browser extension. According to a Malwarebytes Labs report on the scam, the following domains have been found to contain malware: Imageconvertors[.]com (Phishing), convertitoremp3[.]it (Riskware), convertisseurs-pdf[.]com (Riskware), convertscloud[.]com (Phishing), convertix-api[.]xyz (Trojan), convertallfiles[.]com (Adware), freejpgtopdfconverter[.]com (Riskware), primeconvertapp[.]com (Riskware), 9convert[.]com (Riskware), and Convertpro[.]org (Riskware). While these are known scams, that doesn't mean there aren't other free, malware-containing file converters out there waiting to infect your device. The best thing you can do is avoid these tools entirely and utilize trusted software instead. Fortunately, under Linux, there are other, better ways to perform file conversions with bona fide Linux tools.

New research suggests that octopuses and humans may share an ancient evolutionary connection that helps explain the remarkable intelligence of cephalopods, says an article from Daily Galaxy. According to findings discussed by New Scientist, both species could trace their cognitive complexity back to a common ancestor that lived around 518 million years ago. The key to this complexity lies in microRNAs (miRNAs) — small, regulatory molecules that control how genes are expressed. A study led by Nikolaus Rajewsky at the Max Delbrück Centre for Molecular Medicine revealed that soft-bodied cephalopods like octopuses experienced a “massive expansion of the miRNA gene repertoire.” This significant increase appears to be a major driver behind the evolution of their advanced brains, allowing for the creation of more diverse neuron types.

If you receive an email about your Social Security statement, proceed with caution, states an article from Lifehacker. According to a new report from Malwarebytes Labs, hackers are impersonating the Social Security Administration (SSA) to trick people into installing a remote access tool and handing over full control of their devices. The SSA is no stranger to phishing scams — the Office of the Inspector General put out an alert last month warning the public of fraudulent emails purporting to include Social Security statements that in reality led to fake websites.

OpenAI is reversing a controversial shift toward becoming a fully for-profit company, saying its founding nonprofit will remain in charge of the AI powerhouse behind ChatGPT, according to an article from TechRepublic. The announcement follows months of mounting criticism about OpenAI’s possible for-profit pivot from former employees, AI experts, and co-founder Elon Musk. In a statement, board chair Bret Taylor reaffirmed the nonprofit’s authority: “OpenAI was founded as a nonprofit, and is today overseen and controlled by that nonprofit. Going forward, it will continue to be overseen and controlled by that nonprofit.”

Scammers can make good money by selling you something you can actually get for free — like government services. The Federal Trade Commission is alerting consumers to fraudulent websites that are claiming to be associated with the IRS and charging up to $300 to file paperwork for obtaining an Employer Identification Number (EIN), according to an article from Lifehacker. The EIN application is available for free on the real IRS website and requires just a few minutes to complete. An EIN, which is a corporate identifier for filing taxes, is required for anyone opening a business, estate, or nonprofit as well as those with household employees (such as a family hiring a nanny).

Web browsers collect a lot of data and share it with the sites we visit, so if you're concerned about your privacy, it's worth wondering which browsers are best for keeping our online habits to ourselves, according to an article from Lifehacker. Whether you're an activist concerned about surveillance, someone doing research in a country where your topic can get you in trouble, or simply a person who doesn't want spying eyes on their search history, using a more private browser can be one of the simplest steps you can take towards less worry.

According to an article from TechCrunch, Microsoft employees aren’t allowed to use DeepSeek due to data security and propaganda concerns, Microsoft Vice Chairman and President Brad Smith said in a Senate hearing on May 8, 2025. “At Microsoft we don’t allow our employees to use the DeepSeek app,” Smith said, referring to DeepSeek’s application service (which is available on both desktop and mobile). Smith said Microsoft hasn’t put DeepSeek in its app store over those concerns, either. Although lots of organizations and even countries have imposed restrictions on DeepSeek, this is the first time Microsoft has gone public about such a ban.

Email-based attacks continued to cost enterprises big bucks in 2024, according to new cyber-insurance claims data, according to an article from Dark Reading. Cyber-insurance carrier Coalition published its “2025 Cyber Claims Report” on May 7, showing that business email compromise (BEC) attacks and fund transfer fraud (FTF) accounted for 60% of all the company's claims last year. BEC attacks were particularly problematic for customers, according to Coalition; claims severity for such threats increased 23%, with incident's costing organizations, on average, $35,000. That dollar figure is a far cry from the average loss for ransomware attacks in 2024, which Coalition said was $292,000. However, the claims report, which features data from customers in the US, the UK, Canada, and Australia, offered some encouraging data points, including a 7% drop in ransomware claims severity and a 3% decline in claims frequency.

Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine, according to an article from Security Week. Google on Monday started rolling out a fresh security update for Android phones, with fixes for roughly 50 vulnerabilities, including a bug exploited in the wild. Resolved as part of the update’s first part, which arrives on devices as the 2025-05-01 security patch level, the exploited flaw is tracked as CVE-2025-27363 (CVSS score of 8.1) and impacts the FreeType software development library. The issue is described as an out-of-bounds write in the open source rendering engine’s versions up to and including 2.13.0 that could lead to arbitrary code execution. “There are indications that CVE-2025-27363 may be under limited, targeted exploitation,” Google notes in Android’s May 2025 security bulletin. The internet giant rolled out patches for the bug roughly two months after Facebook parent company Meta warned that it had been exploited as a zero-day, urging organizations to update to FreeType version 2.13.3 or later.

Elementl Power Inc. is a “technology agnostic” nuclear project developer looking to bring more than 10 gigawatts of new nuclear power on line in the United States by 2035, and Google wants to see more baseload nuclear power supplying its data centers, according to an article from NuclearNewswire. The two companies announced May 7 that they have signed a strategic agreement to “pre-position” three project sites for advanced nuclear energy. Google plans to provide “early-stage capital” to help Elementl prepare three potential U.S. nuclear reactor projects, each with “at least 600 MW” of capacity. While the locations have not been announced, they are likely to be where Google wants more baseload power for data centers. The agreement gives Google the option for commercial off-take once the projects are complete, as part of “continued work to source 24/7 baseload energy to support our operations and strengthen power grids,” Google said.

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and maintaining their facial recognition data without consent, according to an article from The Hacker News. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid $391 million to a group of 40 states. In January 2023, it paid $29.5 million to Indiana and Washington. Later that September, it forked out another $93 million to settle with California. The case, originally filed in 2022, related to unlawful tracking and collection of user data, regarding geolocation, incognito searches, and biometric data, tracking users' whereabouts even when the Location History setting was disabled and collecting the biometric data without informed consent.

The FBI is warning owners of some internet routers their devices could leave them vulnerable to cyber attacks, according to an article from AL.com. The new bulletin from the FBI’s Cyber Division said some old routers – known as End-of-Life routers or EOLs – have known vulnerabilities that can make them easy to infiltrate and install malware. Then, the routers can be used to “launch coordinated attacks or sell access to the devices as proxy services,” the bulletin noted. Routers that were made years ago are not supported by vendors with software updates or patches to fix known vulnerabilities. Scammers, aware of this lack of protection, can hijack the routers and then sell off the access.

Three Russian nationals as well as a Kazakhstani citizen were arrested and charged with conspiracy and other cybercrimes, according to a recently unsealed domain seizure warrant and indictment, says an article from Dark Reading. Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov were charged with conspiracy and damage to protected computers for their involvement in botnet services known as Anyproxy and 5socks. Additionally, Chertkov and Rubtsov were charged with false registration of a domain name after they allegedly falsely identified themselves when they registered and used the domains to commit their crimes. According to the indictment, a botnet was created by installing malware on older-model wireless Internet routers without the victims' knowledge, allowing the routers to be reconfigured and granting the threat actor unauthorized access to third parties as well as “making the routers available for sale as proxy servers on the Anyproxy.net and 5socks.net websites.” The threat actor was able to do this to routers globally, including in the United States. In fact, the website domains for both botnet domains were managed by a company based in Virginia, while hosted on computer services worldwide.

NASA’s Webb space telescope has captured haunting new views of Jupiter’s auroral display, revealing the bright light show in exquisite, never-before-seen details, according to an article from Gizmodo. Using the telescope’s most recent observations of the gas giant, scientists uncovered a curious discrepancy between how Jupiter’s auroras appear to Webb versus Hubble. Webb’s NIRCam (Near-Infrared Camera) zoomed into Jupiter’s poles to capture the planet’s fast-varying auroral features, which are 100 times brighter than the ones seen on Earth. The team plans on carrying out follow-up observations of Jupiter’s auroras using Webb and comparing them to data collected by the ongoing Juno mission. The spacecraft has been orbiting the gas giant since 2016, capturing Jupiter and its moons in exquisite detail. Webb previously captured images of Jupiter’s glowing auroras at its north and south poles, providing scientists with a new perspective of the planet’s light display in infrared wavelengths.

A new study inspired by a student's question has found something surprising about human fingers, and how they wrinkle after being placed in water, according to an article from IFL Science. When you put your fingers into water for a reasonable amount of time, you probably notice that they begin to go wrinkly, or “prune-like” in appearance. While you may reasonably guess that this is because of your fingers becoming waterlogged, this is not the case. In 1935, doctors noticed that patients with damage to the median nerve running down the arm to the hand do not get wrinkles on their fingers after their hands are submerged in water, suggesting that the phenomenon is controlled by our nervous systems. If it were a case of skin being waterlogged, water-induced prune fingers would not be absent in patients with nerve damage.

People who live near golf courses may be 126% more likely to develop Parkinson’s disease, due to the pesticides used on the expansive lawns, according to an article from People. Researchers looked at Parkinson’s disease cases diagnosed near golf course locations and residential areas that share water sources with the courses, for a study published in the Journal of the American Medical Association, using data from 27 counties in Wisconsin and Minnesota. Parkinson’s disease is a degenerative nervous system disorder that impacts movement. Initial symptoms are tremors or other involuntary movements. As Mayo Clinic explains, there is no cure, but surgery and treatments can help symptoms.

Ransomware attacks, which restrict data access and encrypt information unless ransom payments are made, increasingly threaten health care operations, according to a study published on JAMA Network. In February 2024, a ransomware attack on Change Healthcare compromised the protected health information (PHI) of 100 million individuals, disrupted care delivery nationwide, and incurred $2.4 billion in response costs. Although hacking or information technology (IT) incidents became the leading cause of health care data breaches in 2017, the proportion involving ransomware remains unclear. Prior research identified 376 ransomware attacks on health care delivery organizations from 2016 to 2021, but health plans and clearinghouses have also been victims. This study analyzes ransomware attacks across all Health Insurance Portability and Accountability Act (HIPAA)–covered entities from 2010 to 2024 and examines their contribution to PHI data breaches.

Cybernews researchers have uncovered a massive data leak, which was traced back to HireClick, a recruitment platform for small to mid-sized businesses, according to an article from Cybernews. The platform helps businesses manage job listings, candidate applications, and the hiring process. The company left over 5.7 million files wide open for anyone on the internet thanks to a misconfiguration of Amazon AWS S3 storage bucket. The leaked files exposed sensitive and private information of job seekers, mainly resumes.

Data breaches are most often the work of external bad actors, but sometimes the call comes from inside the house. Cryptocurrency exchange Coinbase has disclosed that hackers paid off support agents — both employees and contractors located outside the U.S. — who had access to company systems to provide customer data and then demanded a $20 million ransom not to leak the information, according to an article from Lifehacker. Coinbase was notified of the ransom demand on May 11, just a few days before reporting the incident to the Securities and Exchange Commission (SEC). The company has said the staff involved were fired and reported to law enforcement when their unauthorized access was detected, but they were still able to provide information to attackers.

Following an advisory from the FAA, TSA says it is now banning passengers from storing portable chargers and power banks that use lithium batteries in their checked bags, according to an article from Yahoo! News. Any lithium-ion and lithium-metal batteries, including power banks and portable charging devices, now must be stored in carry-on luggage only. “When a carry-on bag is checked at the gate or at planeside, all spare lithium batteries and power banks must be removed from the bag and kept with the passenger in the aircraft cabin. The battery terminals must be protected from short circuit,” the FAA stated. “This covers spare lithium metal and spare rechargeable lithium-ion batteries for personal electronics such as cameras, cell phones, laptop computers, tablets, watches, calculators, etc. This also includes external battery chargers (portable rechargers) containing a lithium-ion battery.”

There's a lot of advice out there for proper password management: Each of your passwords should be strong and unique; use a secure manager to store your passwords; use two-factor authentication (2FA) to add an extra layer of security to your accounts. But there's another piece of advice that is held in the same regard as the others: Change your passwords often — perhaps once every three months. This habit is so emphasized, many companies and organizations will make you change your passwords multiple times a year in the name of security. The thing is, in all likelihood, this isn't actually doing anything to help your security, according to an article from Lifehacker. This idea that changing your passwords multiple times a year is a cornerstone of your security, might be engrained in some of you. After all, it's not new advice. As PCMag examined, the practice goes back a long time: When security experts write about passwords, they often write about changing passwords, too. It's just the way the advice has been presented. But that's likely because it's anticipating and responding to bad security habits.

In a shocking revelation for the cybersecurity community, it has been discovered that Procolored, a popular printer manufacturer, unknowingly distributed malware-infected printer drivers for over six months, according to an article from Freedium. These malicious packages were bundled with software for multiple printer models and included Remote Access Trojans (RATs) and a cryptocurrency-stealing malware called SnipVex. The malware fiasco came to light when Serial Hobbyism, a YouTube tech creator, attempted to install drivers for his $7,000 Procolored UV printer. His security software immediately flagged the files as malicious, citing the Floxif USB worm — a red flag that couldn't be ignored.

23andMe’s new buyer, paying $256 million for the company’s assets, is Regeneron, according to an article from Lifehacker. Regeneron is a biotech company perhaps best known for developing an antibody treatment for COVID early in the pandemic. That treatment never made it all the way to market, but the company does market other antibody- and protein-based treatments for conditions like Ebola virus, genetic disorders, and cancers. Regeneron’s website states that they “are shaping the next frontier of medicine with data-powered insights from the Regeneron Genetics Center® and pioneering genetic medicine platforms, enabling us to identify innovative targets and complementary approaches to potentially treat or cure diseases.” That explains why they’re interested in 23andMe, since it provides a trove of genetic data. Many 23andMe users had also signed up to provide more of their personal medical information for research purposes (this was a separate thing that you would have had to opt in to provide). Regeneron says they plan to “continue all consumer genome services uninterrupted,” rather than shut down the company. Lemonaid health, also owned by 23andMe, is not included in the sale. Importantly, Regeneron says they will respect the company’s privacy policy (“and applicable laws”) and the 23andMe press release also says that Regeneron will not be making any changes to the privacy policy.

If you get a text or voice message from someone claiming to be a U.S. government official, they probably aren't who they say they are, according to an article from Lifehacker. The FBI is warning the public about an ongoing campaign in which scammers are using AI-generated voice messages to impersonate senior government staff in an attempt to gain access to personal accounts and, by extension, sensitive information or money. Many of those targeted have been other current and former government officials—both federal and state—and their contacts, but that doesn't mean this scam or something like it won't land in your inbox or on your phone sooner or later.

A trio of phone surveillance apps, which was caught spying on millions of people’s phones earlier this year, has gone offline, according to an article from TechCrunch. Cocospy, Spyic, and Spyzie were three near-identical but differently branded stalkerware apps that allowed the person planting one of the apps on a target’s phone access to their personal data — including their messages, photos, call logs, and real-time location data — usually without that person’s knowledge. Stalkerware apps, like Cocospy and its clones, are designed to stay hidden from device home screens, making the apps difficult to detect by their victims but all the while making the phone’s contents continually available to the person who planted the app.

Security researcher Jeremiah Fowler found a public online database housing over 180 million records (184,162,718 to be exact) which amounted to more than 47GB of data, according to an article from Lifehacker. There were no indications about who owned the data or who placed it there, which Fowler says is atypical for these types of online databases. Fowler saw emails, usernames, passwords, and URLs linking to the sites where those credentials belonged. These accounts included major platforms like Microsoft, Facebook, Instagram, Snapchat, Roblox, Apple, Discord, Nintendo, Spotify, Twitter, WordPress, Yahoo, and Amazon, as well as bank and financial accounts, health companies, and government accounts from at least 29 countries. That includes the U.S., Australia, Canada, China, India, Israel, New Zealand, Saudi Arabia, and the UK.