Ransomware DataBreachToday.com

VulnCheck's Garrity on the Uncertainty of the CVE Ecosystem and EUVD's Limitations
Funding shortages and incomplete coverage in critical vulnerability databases are increasing the risk for defenders. Patrick Garrity, security researcher at VulnCheck, discusses how data gaps and scoring confusion hinder response strategies for potential cyberattacks.

NextJenSecurity Founder Calls for Global Policy Shifts to Reduce Vulnerabilities
Governments worldwide are shifting from reactive responses to preventive strategies to tackle ransomware attacks. Jen Ellis, founder of NextJenSecurity, stresses the need for vulnerability accountability and secure-by-design policies to tackle systemic cybersecurity flaws.

Also: 5 Guilty Pleas in Cambodia-linked $36.9 Million Scam
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, charges against a crypto firm founder in a $530M sanctions evasion and money laundering case, guilty pleas in a $36.9M scam, an $8.3M exploit of Alex Lab, and Cetus Protocol relaunched after a $223M hack.

32 Suspects Arrested Across Asia-Pacific During Interpol-Coordinated Crackdown
Interpol on Wednesday unveiled Operation Secure, an information-stealing malware crackdown that it coordinated, resulting in the arrest of 32 suspects and the seizure of over 20,000 malicious IP addresses and 41 servers tied to infostealer-fueled crime.

Researchers Turn to AI to Fix a Zombie Flaw that AI Helped Propagate
Artificial intelligence tools that inadvertently perpetuated a decade-old bug may now also help eliminate it. The path traversal vulnerability became so embedded in developer culture that it found its way into training data for today’s AI models.

Another Top Cybersecurity and Infrastructure Security Agency Official Departs
The U.S. Cybersecurity and Infrastructure Security Agency notched another high-level departure with the departure of Bridget Bean, CISA's acting director since the Trump administration took power in January. The agency lists Madhu Gottumukkala, CISA deputy director, as the new acting director.

Group's Advisory Follows an Updated Joint Alert from US, Australian Agencies
The American Hospital Association is warning hospitals and other healthcare sector organizations of rising double-extortion attack threats involving the Play ransomware group. The AHA alert follows an updated joint government advisory issued last week about Play's latest tactics.

Lawmakers Quiz Execs on Security; State AG Seek to Block Sale of Bankrupt Firm
While a Congressional committee grilled 23andMe executives on Tuesday about security and privacy, 28 states filed a lawsuit to stop the sale of the bankrupt genetics testing firm unless the company obtains explicit consent from each customer for the transfer or their information to a third party.

Crash Records and Driver Data Exposed in Texas Transportation Hack
Hackers accessed the Texas Department of Transportation's crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals.

Experts Call for Continuous Assessments of Vendor Risk - Not Just at Onboarding
As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they're onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may change over time.

Team Cymru's Thomas on Social Engineering, Insider Threats and Supplier Compromise
Social engineering attacks against major British retailers have exposed critical vulnerabilities in corporate cybersecurity defenses. The attacks typically begin with threat actors calling IT help desks to reset employee credentials, said Will Thomas of Team Cymru.

Frost & Sullivan's Stahnke on How Human Risk Insights Drive Better Threat Response
Legacy cybersecurity training often fails because users skip the content or treat it as a compliance task. Forward-looking organizations now recognize that human behavior is a critical piece of their security posture, said Claudio Stahnke, industry analyst at Frost & Sullivan.

Malicious Accounts Linked to Malware, Influence Operations
OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI's tools for malware development and social media manipulation.

Software Supply Chain Providers Under Fire by Ransomware Rings, Nation-State Groups
Hackers are doubling down on software supply chain attacks, with known attacks surging from over 12 last year to more than 24 per month in April and May, threat intelligence researchers report. Ransomware-wielding groups and nation-state hackers, alike, have been tied to such attacks.

NHS in England Urging One Million People to Donate Blood to 'Secure' Supply
The National Health System in England is still dealing with blood supply issues one year after a ransomware attack on a British pathology laboratory services provider disrupted patient care and testing services at several London-based hospitals and triggered a nationwide blood shortage.

Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups
Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn't appear to have resulted in any infiltration of its own, corporate network.

United Natural Foods Inc. Launches Investigation, Confirms IT Systems Breach
A cyberattack on United Natural Foods, the largest U.S. health food distributor and a key Whole Foods supplier, has disrupted the company's fulfillment operations, prompting a notification to law enforcement and a forensic investigation as it works to restore affected systems.

A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 Devices
A Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in April 2024.

Over 1 Million Infected Off-Brand Android Devices Pose Global Fraud Risk
A China-based botnet operation called BADBOX 2.0 has infected more than 1 million off-brand Android smart devices globally. In an alert, the FBI advised consumers to check their home networks for suspicious activity that could be linked to multiple fraud schemes.

White House Limits Cyber Sanctions, Cuts Digital ID Mandates and Refocuses AI Rules
President Donald Trump signed an executive order on Friday that rewrites key cyber policies from the previous White House administration, removing digital ID mandates, mandating secure software standards and narrowing cyber sanctions to foreign actors.