Thought Leadership
2.7 million patient data compromised
The dialysis provider DaVita has confirmed the consequences of a serious security incident: Cybercriminals gained unauthorized access to company systems in April, compromising the data of around 2.7 million people.
176 GB of data stolen
The pharmaceutical research company Inotiv has fallen victim to a serious ransomware attack. As the Indiana-based company reported to the SEC, encrypted systems were discovered on August 8, which significantly impacted business operations.
Study
Researchers have tested the effectiveness of various phishing training courses in a study involving 19,000 test subjects. The result: training courses help less than expected.
Data offered for sale
The British telecommunications company Colt Technology Services has been struggling with the consequences of a ransomware attack since this week. The cyber criminals from the WarLock group claim to have stolen over one million internal documents.
House of Commons
Unknown persons have compromised the IT system of the Canadian House of Commons and gained access to the personal data of parliamentary staff. The incident is suspected to be linked to the current wave of attacks against Microsoft SharePoint installations.
Large-scale data theft
The US insurer Allianz Life was the target of a cyber attack in mid-July. Unknown hackers have now published sensitive data from around 2.8 million data records containing information on customers and business partners.
Hackers penetrate booking systems
A criminal hacker group has obtained the personal data of tens of thousands of vacationers from Italian hotels through the identification documents that guests must provide during registration.
New attack technique discovered
Passkeys and FIDO authentication are designed to provide robust protection against phishing attacks. However, researchers have now discovered a critical loophole that can undermine even strong passkey authentication. Attackers can exploit a targeted downgrade technique to force users into using insecure login methods. This risk grows as FIDO adoption
Data leak
Following the attack by the hacker group ShinyHunters on a Salesforce instance, Google has clarified that its own systems were spared, only the business contacts of potential Ads customers were affected.
CVE-2025-8088
Attackers exploited a directory traversal vulnerability in WinRAR to spread malware via manipulated archives. The vulnerability CVE-2025-8088 has been patched since version 7.13.