ºÚÁÏÕýÄÜÁ¿

This edition of Hacking Healthcare will recap some of the significant developments from the beginning of Trump’s term to Thursday’s confirmation hearings, and then will assess what we might expect to see happen next.

The topic covered in this report is: The Brazilian Critical Infrastructure Threat Landscape and Implications for Healthcare Organizations

Numerous threat actors pose a range of risks for critical infrastructure entities in Brazil, including sophisticated cyberespionage groups.

A daily ransomware tracker at TLP:GREEN for the purpose of increasing ransomware threat awareness.

On April 3, 2025, Ivanti released a security advisory regarding the active exploitation of a critical security flaw affecting vulnerable Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA gateway product.

A critical vulnerability, tracked as CVE-2025-2825, affecting CrushFTP is actively being exploited following the release of proof-of-concept exploit code.

On March 23, 2025, a critical vulnerability in Next.js middleware was disclosed and tracked as CVE-2025-29927.

On March 20, 2025, the Health-ISAC Threat Intelligence Committee (TIC) evaluated the current Cyber Threat Level and collectively decided to maintain the Cyber Threat Level at Yellow (Elevated).

This week, Health-ISAC®'s Hacking Healthcare® examines a new report from the European Union Agency for Cybersecurity (ENISA) to assess what it says about the cybersecurity maturity and criticality of various sectors in the EU.

On March 5, 2025, Elastic released a security update to fix a critical vulnerability in Kibana, data visualization dashboard software.