Barts Health NHS discloses data breach after Oracle zero-day hack
Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...]
The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...]
Also, North Korean Hackers Remotely Wipe Android DevicesThis week, the U.K. government probed Chinese electric buses for a kill switch, APT37 abused Google's Find Hub in South Korea, Conduent said its January hack will cost it more, Hyundai disclosed a breach and Patch Tuesday. OWASP added two new categories to its Top 10 web application vulnerabilities.
Concerns Grow Over F5 Hacking Amid Stalled Government ShutdownFederal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.
Williams & Connolly Hit in Zero-Day Campaign Impacting Client EmailsA zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.
The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach
Also: Train Hack Risks Outed by CISA Alert; AI Comprehension Issues Won't Go AwayIn this week's update, four ISMG editors discussed the potential global implications of the Seychelles Commercial Bank data breach; the real-world threat of train hacks following an alert about a critical railway vulnerability; and growing concerns around AI's "comprehension problem."
Also: CISA Warns of Unpatched Train Brake VulnerabilityThis week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier.
CISA Advisory Says Threat Actors Stole App Secrets in Azure-Hosted Backup PlatformA suspected Chinese state hacking group linked to last year’s telecom intrusions breached Commvault’s Microsoft Azure environment, exposing sensitive Microsoft 365 credentials and reigniting fears over U.S. cloud infrastructure vulnerabilities and default security settings.
Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%. As attacks rise
Also: Prison Sentences for BEC Scammers and a West African Cybercrime CrackdownThis week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?
Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in .mobi DomainsThis week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. [...]
Also: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to LightThis week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S. charges, Cisco warned of a data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.
Also: Omni Hack Exposed Customer Data and More Ivanti VulnerabilitiesThis week, police took down the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities, a Moldovan botnet operators faces U.S. charges, Cisco warned of data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...]
In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of
A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]
Federal Contractor Must Comply With New Reporting Measures Following Data BreachGlobal Tel*Link, a major telecommunications provider for state and federal prison systems, will be required to notify the FTC and consumers of future security incidents after a sweeping data breach left hundreds of thousands of its users vulnerable to identity theft and other privacy concerns.
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [...]