Leveraging Knowledge to Manage Your Data Risks
The American Hospital Association (AHA) is advising hospitals and healthcare entities to “take precautionary measures in case Iran, its proxies or self-radicalized individuals attempt attacks in the U.S.” during the conflict between Israel, the United States and Iran. The precautionary measures include strengthening cybersecurity and physical security measures.
Although the AHA is unaware of any…
Researchers at UpGuard have discovered a misconfigured cloud database online while conducting routine internet scanning that contains billions of records, including 2.7 billion Social Security numbers (SSNs) and 3 billion plaintext email addresses and password combinations. The fairly easy-to-find data was accessed without authentication.
After reporting the access to the FBI’s Internet Crime Complaint Center…
As we have warned before, threat actors using QR codes in attacks against victims continue to rise. To illustrate the risk, on January 8, 2026, the FBI issued a FLASH alert, entitled “North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities.”
The alert warns that North Korean state-sponsored actors (Kimsuky)…
On December 19, 2025, the Federal Bureau of Investigation (FBI) published an Alert warning the public that it has data from as far back as 2023 that “malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals, including officials’ family members and…
On November 25, 2025, the Federal Bureau of Investigation (FBI) published a Public Service Announcement warning that cyber criminals are “impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes.” These schemes target individuals and businesses of all sizes across all sectors. According to the announcement, “Since January 2025, the FBI…
A November 13, 2025, a Cybersecurity Advisory warned that new activity by the Akira ransomware variant “presents an imminent threat to critical infrastructure.” The Advisory was jointly issued by four U.S. agencies, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency, the Department of Defense Cyber Crime Center, and the Department of…
Oracle has confirmed that the threat actor group Cl0p is actively exploiting a zero-day vulnerability in the Oracle E-Business Suite product, versions 12.2.3-12.2.14. On October 4, 2025, Oracle advised its customers in a security advisory that the supplied patch should be applied “as soon as possible.” According to Oracle, “this vulnerability is remotely exploitable without…
