More than 144 million Americans' medical information was stolen or exposed last year in a record-breaking number of healthcare data breaches, a USA TODAY analysis of Health and Human Services data found. (USA TODAY)
A third-party provider that handles telephony for Cisco's Duo multifactor authentication (MFA) service has been compromised by a social engineering cyberattack. Now Cisco Duo customers have been warned to be on alert for follow-on phishing schemes. (Dark Reading)
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light last week. (The Hacker News)
Apple Inc. has warned its users in India and 91 other countries that they were possible victims of a "mercenary spyware attack," dropping the word "state-sponsored" it used in its previous alerts to refer to such malware attacks. (Reuters)
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. (The Hacker News)
Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines. (Dark Reading)
Microsoft will be doubling the price of its Extended Security Updates (ESU) every year after Windows 10 reaches end-of-support in 2025, signaling a desperate push to prompt upgrades to Windows 11. (IT Pro)
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. (The Hacker News)
Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover. (Dark Reading)