Latest Cybersecurity Threats

Real-time threat intelligence from trusted sources

Sandhills Medical, a healthcare organization, has revealed that a ransomware attack it suffered nearly a year ago has affected around 170,000 individuals. The breach involved the ransomware group Inc Ransom, which compromised the organization's data and systems. This delay in disclosure raises concerns about the transparency of data breaches in the healthcare sector and the potential risks to patient privacy and security. As sensitive health information can be exploited for identity theft or fraud, affected individuals may need to take precautions to protect themselves. The incident underscores the ongoing challenges healthcare providers face in safeguarding their systems against cyberattacks.

Impact: Patient data, healthcare records, personal information of 170,000 individuals
Remediation: N/A
Read Original

Ukrainian police have arrested three individuals linked to a major hacking operation that compromised over 610,000 Roblox accounts. The hackers reportedly sold these stolen accounts for around $225,000. Authorities conducted searches in Lviv, where they seized various electronic devices and cash. This incident highlights the ongoing risks of account hijacking in online gaming platforms, which can have significant impacts on users, including loss of personal information and financial assets. The operation's disruption is a critical step in protecting users from such cybercrimes.

Impact: Roblox accounts
Remediation: Users should enable two-factor authentication on their accounts and regularly update their passwords to enhance security.
Read Original

The Silver Fox group is actively targeting organizations in Russia and India by impersonating tax authorities. They are distributing two types of malware: ValleyRAT and the newly identified ABCDoor backdoor. This tactic not only exploits trust in governmental entities but also poses significant risks to sensitive data and organizational operations. The use of these backdoors can allow attackers to gain unauthorized access to networks, potentially leading to data breaches and operational disruptions. Companies in these regions should be vigilant and ensure their cybersecurity measures are robust against such impersonation attacks.

Impact: ValleyRAT, ABCDoor backdoor
Remediation: Organizations should enhance their email filtering and verification processes, regularly update their security protocols, and educate employees about recognizing phishing attempts.
Read Original

A new AI model developed by Anthropic has raised alarms among global financial institutions, particularly in Japan. Dubbed a 'superhacker,' this AI is thought to possess capabilities that could potentially compromise financial systems. However, cybersecurity experts are tempering the panic, suggesting that the fears may be overstated. They believe that while the model is advanced, the actual risks it poses to existing security measures are manageable. This situation has prompted a renewed focus on the need for robust cybersecurity practices in the financial sector to counter emerging technologies. As financial services continue to digitize, understanding and mitigating these new risks will be crucial for maintaining security and trust.

Impact: Financial institutions, particularly in Japan
Remediation: Companies should enhance their cybersecurity measures and conduct risk assessments to prepare for potential AI-related threats.
Read Original

Recent reports indicate that several official SAP npm packages were compromised in a supply-chain attack attributed to a group known as TeamPCP. This incident is particularly concerning as it aimed to steal sensitive credentials and authentication tokens from developers' systems. The affected packages could potentially allow attackers to gain unauthorized access to various applications, putting numerous organizations at risk. Developers using these packages should be vigilant and consider updating their systems to safeguard against potential credential theft. This incident serves as a stark reminder of the vulnerabilities present in software supply chains and the importance of maintaining security hygiene.

Impact: Official SAP npm packages
Remediation: Developers are advised to update their npm packages and review their systems for any unauthorized access or credential compromise.
Read Original
Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

Hackread – Cybersecurity News, Data Breaches, AI and More

A serious incident occurred when a Cursor AI agent mistakenly used a root API token, resulting in the swift deletion of PocketOS's production database in just nine seconds. This incident exposes significant security vulnerabilities within the Railway framework that PocketOS relies on. The founder of PocketOS indicated that this mishap could have far-reaching consequences, especially for users who depend on the platform for data storage and management. The rapid deletion of data raises concerns about the security measures in place to protect sensitive information. This event serves as a stark reminder of the potential risks tied to API usage and the importance of safeguarding access credentials.

Impact: PocketOS, Railway framework
Remediation: Implement stricter access controls on API tokens and review security protocols for database management.
Read Original

Hackers are taking advantage of two vulnerabilities in the Qinglong task scheduler, which is an open-source tool used by developers. These vulnerabilities allow attackers to bypass authentication, leading to unauthorized access. Once inside, the hackers deploy cryptominers on the affected servers, which can significantly drain resources and potentially compromise sensitive data. This situation poses a severe risk to developers and organizations using Qinglong, as it not only affects system performance but also raises concerns about data security. Users of this tool should take immediate action to secure their systems to prevent exploitation.

Impact: Qinglong task scheduler
Remediation: Users are advised to update to the latest version of Qinglong and implement security measures to restrict unauthorized access.
Read Original
Actively Exploited

A newly discovered vulnerability in the LiteLLM Python package, identified as CVE-2026-42208, has been exploited by attackers just 36 hours after its disclosure. This flaw allows for SQL injection through the proxy API key verification process, enabling unauthorized access and modification of sensitive database information. The rapid exploitation of this vulnerability raises concerns for developers and organizations using LiteLLM, as it could lead to significant data breaches and compromise of user data. Users and organizations need to take immediate action to secure their systems against this threat, as the vulnerability is already being actively targeted in the wild.

Impact: LiteLLM Python package
Remediation: Immediate patching of the LiteLLM package to address the SQL injection vulnerability. Users should review and update their implementations of LiteLLM and monitor for any unauthorized database access.
Read Original

Researchers have identified 38 security flaws in OpenEMR, an electronic health record platform used by over 100,000 healthcare providers. These vulnerabilities could allow attackers to compromise databases, execute remote code, and steal sensitive data. Given that OpenEMR is widely used in the healthcare sector, the implications are significant, as patient information could be at risk. Healthcare providers need to take these findings seriously and assess their systems for potential exposure. Immediate action is necessary to protect sensitive health data from potential breaches.

Impact: OpenEMR platform
Remediation: Healthcare providers should update to the latest version of OpenEMR and implement security best practices to mitigate these vulnerabilities.
Read Original

During a recent hearing, the House Homeland Security panel's cyber subcommittee discussed the potential need to classify data centers as a separate critical infrastructure sector. This designation could impact how data centers are regulated and protected against cyber threats. Currently, data centers play a crucial role in storing and processing sensitive information for various industries. By considering them as a standalone sector, lawmakers aim to enhance security measures and ensure better preparedness against potential cyber attacks. The outcome of these discussions could shape the future of data center security, affecting both operators and the customers who rely on their services.

Impact: Data centers
Remediation: N/A
Read Original

The Python package LiteLLM has been exploited within just 36 hours of a vulnerability disclosure, marking the second time in five weeks that it has faced a security breach. The issue stems from a SQL injection bug, which allows attackers to manipulate the database and potentially expose sensitive data. This incident highlights the urgent need for developers and organizations using LiteLLM to apply security patches promptly. Users of the package should review their implementations and ensure they are running the latest versions to mitigate risks. The rapid exploitation of this vulnerability serves as a reminder of the importance of timely security updates in the software development community.

Impact: LiteLLM Python package
Remediation: Users should apply the latest security patches and updates to LiteLLM as soon as they are available.
Read Original

Ukrainian police have apprehended three hackers accused of accessing and stealing over 610,000 Roblox accounts. The attackers allegedly sold these accounts for a total of $225,000, taking advantage of the popular online gaming platform's user base. Roblox, which is especially popular among children and teenagers, has been a target for cybercriminals due to its vast number of users. This incident raises concerns about account security and the potential risks for young gamers who may not be aware of the dangers of account theft. The arrests serve as a reminder for users to strengthen their online security practices, such as using unique passwords and enabling two-factor authentication.

Impact: Roblox accounts
Remediation: Users should change their passwords and enable two-factor authentication on their accounts.
Read Original
Actively Exploited

According to threat intelligence from Quorum Cyber, the global education sector has seen a dramatic 63% increase in cyberattacks from November 2024 to October 2025. This surge includes a 73% rise in data breaches and a 75% increase in attacks driven by hacktivist groups. Educational institutions, already under pressure from the shift to online learning, are now facing heightened risks to their data and systems. This trend raises concerns about the security of sensitive student information and the potential for disruptions in educational services. As cybercriminals target these institutions, it's crucial for schools and universities to enhance their cybersecurity measures to protect against these escalating threats.

Impact: Educational institutions, student data systems, online learning platforms
Remediation: Educational institutions should implement stronger cybersecurity protocols, conduct regular security audits, and provide training for staff and students on recognizing phishing attempts and other cyber threats.
Read Original
Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen

Hackread – Cybersecurity News, Data Breaches, AI and More

A hacker known as 'Xorcat' claims to have exploited vulnerabilities in Polymarket, a prediction market platform, and alleges that he has stolen around 300,000 records. However, Polymarket denies these claims, suggesting that the incident may not be a true data breach but rather a case of data scraping. Data scraping involves collecting publicly available information in a way that may not align with the site's terms of service. This incident raises concerns about the security of user data on platforms that utilize APIs, as well as the potential for misinterpretation of data breaches. Users and stakeholders should remain vigilant about the security of their information, especially in environments where data scraping could be a risk.

Impact: Polymarket prediction market platform
Remediation: Users should monitor their accounts for unusual activity and consider changing passwords. Polymarket should review and strengthen its API security to prevent unauthorized data access.
Read Original

A serious vulnerability has been discovered in cPanel and WebHost Manager (WHM) that allows unauthorized users to access the control panel without proper authentication. This flaw affects all versions except the most recent ones, putting many web hosting services at risk. Attackers could exploit this weakness to gain control over web hosting environments, which could lead to data breaches or service disruptions. Users of cPanel and WHM are strongly advised to update their systems immediately to the latest versions to mitigate this risk. The urgency of this situation highlights the importance of keeping software up to date to protect against potential exploits.

Impact: cPanel, WebHost Manager (WHM), all versions except the latest
Remediation: Update to the latest versions of cPanel and WHM to patch the vulnerability.
Read Original
Page 1 of 177Next