/ en Wed, 30 Jul 2025 04:22:57 -0500 Tue, 29 Jul 25 09:25:27 -0500 /h-isac-green-reports/2025-07-29-h-isac-tlp-green-ransomware-data-leak-sites-report-july-29-2025-0 <p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p> Tue, 29 Jul 2025 09:25:27 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-29-h-isac-tlp-green-daily-cyber-headlines-july-28-2025 <div class="container row"><div class="row"><div class="col-md-8"><p><strong><u>Today’s Headlines: </u></strong></p><p><strong>Leading Story</strong></p><ul><li>Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Nation’s Largest MLS Platforms Hit with Data Breach</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>OT-ISAC Warns Singapore Critical Infrastructure of UNC3886 Exploiting Zero-Days in Fortinet, VMware, Juniper Systems</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>Mitel Warns of Critical MiVoice MX-ONE Authentication Bypass Flaw</li></ul><p><strong>Trends & Reports</strong></p><ul><li>United States Firms Enhance Cybersecurity for Resilience</li><li>Patient Care Technology Disruptions Linked With the CrowdStrike Outage, Study Finds</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>US Sanctions North Korean Firm, Nationals Behind IT Worker Schemes</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief   <ul><li>Americas - July 29, 2025, 12:00-01:00 PM ET</li><li>European – July 30, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Tue, 29 Jul 2025 09:05:41 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-29-h-isac-tlp-green-ransomware-data-leak-sites-report-july-29-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Mon, 28 Jul 2025 08:53:35 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-16-h-isac-tlp-green-ransomware-data-leak-sites-report-july-16-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Wed, 16 Jul 2025 14:43:26 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-16-h-isac-tlp-green-daily-cyber-headlines-july-16-2025 <div class="container row"><div class="row"><div class="col-md-8"><p><strong><u>Today’s Headlines:</u></strong>   </p><p><strong>Leading Story</strong></p><ul><li>Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access</li></ul><p><strong>Data Breaches & Data Leaks  </strong></p><ul><li>Ransomware Group Claims Attack on Belk</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>North Korean Threat Actors Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign</li></ul><p><strong>Vulnerabilities & Exploits  </strong></p><ul><li>LaRecipe Tool with 2.3M Downloads Found Vulnerable to Full Server Takeover</li></ul><p><strong>Trends & Reports</strong></p><ul><li>Hacktivists Increasingly Target Critical Infrastructure Organizations</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>UK Launches Vulnerability Research Program For External Experts</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief   <ul><li>Americas - July 29, 2025, 12:00-01:00 PM ET</li><li>European – July 30, 2025, 03:00-04:00 PM CET<br> </li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Wed, 16 Jul 2025 14:34:32 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-15-h-isac-tlp-green-daily-cyber-headlines-july-15-2025 <div class="container row"><div class="row"><div class="col-md-8"><p><strong><u>Today’s Headlines:</u></strong>   </p><p><strong>Leading Story</strong></p><ul><li>Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Alabama City Purportedly Compromised by INC Ransom Group</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>RenderShock 0-Click Exploit Executes Payloads Silently Via Background Process</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>Google Gemini Flaw Hijacks Email Summaries for Phishing </li></ul><p><strong>Trends & Reports</strong></p><ul><li>Mobile Phishing Threat Preparedness Lagging Among Organizations, Report Finds</li><li>Threat Actors Using Sophisticated Deepfake Tools: Report</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>13 Romanians Arrested for Phishing the UK’s Tax Service</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief   <ul><li>Americas - July 29, 2025, 12:00-01:00 PM ET</li><li>European – July 30, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Tue, 15 Jul 2025 14:25:15 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-15-h-isac-tlp-green-ransomware-data-leak-sites-report-july-15-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Tue, 15 Jul 2025 14:17:01 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-11-h-isac-tlp-green-daily-cyber-headlines-july-11-2025 <p><strong><u>Today’s Headlines:</u></strong>   </p><p><strong>Leading Story</strong></p><ul><li>Citrix NetScaler CVE-2025-5777 Added to KEV Catalog as Active Exploits Target Enterprises</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Over 5M Job Seekers’ Data Accidentally Exposed by LiveCareer</li><li>McDonald’s AI Hiring Bot Exposed with 123456 Password — Millions of Job Seekers’ Data at Risk</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Massive Scraper Botnet of 3,600+ Devices Targets US and UK Websites</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>ValveLink Products May Expose Sensitive System Information </li></ul><p><strong>Trends & Reports</strong></p><ul><li>Ransomware Activity Spikes Amid Qilin’s New Wave of Targeted Attacks</li><li>Cybersecurity Market Recent Technological Developments, Growth Demand, Opportunities, Future Scope, Key Segments and Forecast to 2030</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>Four Arrested In UK Over M&S, Co-Op, Harrods Cyberattacks</li><li>North Korea Threat Actor Andariel Sanctioned Behind Fraudulent IT Worker Scheme</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief   <ul><li>Americas - July 29, 2025, 12:00-01:00 PM ET</li><li>European – July 30, 2025, 03:00-04:00 PM CET</li></ul></li></ul><p>View the details below.</p> Fri, 11 Jul 2025 08:51:26 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-11-h-isac-tlp-green-ransomware-data-leak-sites-report-july-11-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 11 Jul 2025 08:24:54 -0500 H-ISAC: Green Reports /h-isac-green-reports/2025-07-10-h-isac-tlp-green-daily-cyber-headlines-july-10-2025 <div class="container row"><div class="row"><div class="col-md-8"><p><strong><u>Today’s Headlines:</u></strong>   </p><p><strong>Leading Story</strong></p><ul><li>Microsoft Patches Wormable RCE Vulnerability in Windows Client and Server</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Paddy Power and Betfair Customer Info Compromised in Data Breach</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Threat Actors Exploit IIS Machine Keys to Breach Organizations</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges</li><li>ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs</li></ul><p><strong>Trends & Reports</strong></p><ul><li>Fake Leaks Flood Dark Web Markets</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>Renewal of Cyber Threat Info Sharing Law Pushed by Tech Coalition</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief   <ul><li>Americas - July 29, 2025, 12:00-01:00 PM ET</li><li>European – July 30, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Thu, 10 Jul 2025 08:49:48 -0500 H-ISAC: Green Reports