DATE: June 4, 2026 at 05:17PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#ShinyHunters Leaks 234GB @DentaQuest Data Trove: Gang Claims 2.6M People Affected in #Cybercrime Group's Latest #DataTheft Attack https://t.co/qnlaBAnVPB

Here are any URLs found in the article text:

https://t.co/qnlaBAnVPB

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

TA4922: The Suspected Chinese Crime Group is Going Global

TA4922 is a highly sophisticated Chinese-speaking threat actor demonstrating rapid operational tempo and continually evolving malware capabilities. Initially targeting East Asia, particularly Japan, the group has expanded globally to Europe and Africa. The actor deploys multiple malware families including Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT (Winos4.0), alongside legitimate remote management tools like AnyDesk and SyncFuture. Campaigns use localized lures themed around HR, payroll, tax, and invoicing, targeting hundreds to thousands of recipients per campaign. TA4922 conducts credential phishing, fraud operations including credit card theft, and attempts to shift communications to out-of-band channels like LINE, WhatsApp, and Microsoft Teams. The group leverages legitimate cloud hosting services and trusted software for delivery and persistence, combining advanced tradecraft with financially motivated objectives such as data theft, fraud, access resale, and persistent remote access.

Pulse ID: 6a20244bdece9b50eee824aa
Pulse Link: https://otx.alienvault.com/pulse/6a20244bdece9b50eee824aa
Pulse Author: AlienVault
Created: 2026-06-03 12:55:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Africa #AnyDesk #Asia #Chinese #Cloud #CreditCard #CyberSecurity #DataTheft #Europe #InfoSec #Japan #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #Phishing #RAT #Rust #WhatsApp #bot #AlienVault

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

Pulse ID: 6a1634fbefeffa7f0c6a52f5
Pulse Link: https://otx.alienvault.com/pulse/6a1634fbefeffa7f0c6a52f5
Pulse Author: AlienVault
Created: 2026-05-27 00:04:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault

SilverFox APT Distributes ValleyRAT Using Fake Microsoft Teams

ValleyRAT malware is distributed through fake Microsoft Teams download sites using trojanized installers and DLL sideloading techniques. The campaign uses multi-stage execution, persistence mechanisms and encrypted C2 communication to evade detection and conduct data theft activities on compromised systems.

Pulse ID: 6a10c2d0bebcbfb2b4e42090
Pulse Link: https://otx.alienvault.com/pulse/6a10c2d0bebcbfb2b4e42090
Pulse Author: cryptocti
Created: 2026-05-22 20:55:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DataTheft #InfoSec #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #RAT #SMS #SideLoading #Trojan #bot #cryptocti

Abuse of Microsoft Entra ID for Microsoft 365 and Azure Data Theft

The threat actor Storm-2949 conducted a sophisticated cloud infrastructure campaign, gaining extensive access across IaaS, PaaS and SaaS layers.The attacker targeted identity and control plane access leveraging legitimate features like Self Service Password Reset and Azure VM extensions to blend in with normal administrative activity.

Pulse ID: 6a10b2bb7e136892a411ff5a
Pulse Link: https://otx.alienvault.com/pulse/6a10b2bb7e136892a411ff5a
Pulse Author: cryptocti
Created: 2026-05-22 19:47:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Azure #Cloud #CyberSecurity #DataTheft #ELF #ESET #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #RAT #Word #bot #cryptocti

Abuse of Microsoft Entra ID for Microsoft 365 and Azure Data Theft

The threat actor Storm-2949 conducted a sophisticated cloud infrastructure campaign, gaining extensive access across IaaS, PaaS and SaaS layers.The attacker targeted identity and control plane access leveraging legitimate features like Self Service Password Reset and Azure VM extensions to blend in with normal administrative activity.

Pulse ID: 6a10b2c70506d1225438f8a6
Pulse Link: https://otx.alienvault.com/pulse/6a10b2c70506d1225438f8a6
Pulse Author: cryptocti
Created: 2026-05-22 19:47:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Azure #Cloud #CyberSecurity #DataTheft #ELF #ESET #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #RAT #Word #bot #cryptocti

DATE: May 21, 2026 at 05:28PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#LibertyMutual Sued Over Alleged #Everest Group #DataTheft: Incident Comes Months After #NYS Fined @LibertyMutual $2M in Other Hacks https://t.co/6yJITEPDPq

Here are any URLs found in the article text:

https://t.co/6yJITEPDPq

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

SilverFox APT Distributes ValleyRAT Using Fake Microsoft Teams

ValleyRAT malware is distributed through fake Microsoft Teams
download sites using trojanized installers and DLL sideloading
techniques. The campaign uses multi-stage execution, persistence
mechanisms and encrypted C2 communication to evade detection and
conduct data theft activities on compromised systems.

Pulse ID: 6a0f791e50f93201e61e0f88
Pulse Link: https://otx.alienvault.com/pulse/6a0f791e50f93201e61e0f88
Pulse Author: cryptocti
Created: 2026-05-21 21:29:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DataTheft #InfoSec #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #RAT #SMS #SideLoading #Trojan #bot #cryptocti