"But, crap! What newest bullshit through yonder forum breaks?  It is another BreachForums clone, and Indra is the sun," said no descendant of William Shakespeare, ever.

Another BreachForums clone has posted an announcement pinky-swearing that they are not a honeypot. They also threaten to leak French government data if those arrested are not released.

BreachForums[.]bf appears to be under DDoS already but a screenshot of the post can be found at:

https://x.com/IntelOpsV3/status/2000131278922981562/photo/1

I tried to email the forum at the email addy they list in their post. The account doesn't exist.

I asked the spokesperson for ShinyHunters about the clone and was told that it's all disinformation/misinformation.

Another day... more BF drama/bs...

When you don't check what AI writes for your law firm's plaintiff recruitment post, you may have this weird post on your site:

"On December 13, 2025, a significant data breach was discovered involving the group Rhysida. This incident has raised concerns over data security and the protection of personal information. As the situation unfolds, it is crucial for affected parties to understand the implications of this breach and the steps they can take moving forward.

About Rhysida
Rhysida is a prominent entity known for its commitment to handling sensitive data. However, the recent breach has put a spotlight on vulnerabilities within their systems, leading to unauthorized access to confidential information. This incident has prompted a thorough investigation into their security protocols and data management practices.

What Happened
On December 13, 2025, the breach was identified, revealing that unauthorized actors had compromised Rhysida’s data systems. It is believed that sensitive personal information may have been accessed, raising serious concerns for those whose data may have been involved. The breach emphasizes the importance of robust cybersecurity measures and the need for immediate action in response to such threats.""

#AI

NEW: Virginia Urology Silent on Possible Data Breach as Purported Patient Data Begins to Leak:

https://databreaches.net/2025/12/12/virginia-urology-silent-on-possible-data-breach-as-purported-patient-data-begins-to-leak/

#databreach #healthsec #cybersecurity #incidentresponse

OT: #MustLoveDogs #friendship

This may be a made-for-Netflix movie someday:

A man contacts his friend in another country and asks him to pick up a puppy he bought and bring it home with him when the friend flies back the next day.

The friend agrees, picks up a little husky puppy, and heads to the airport to catch his flight.

Did you know that EU law requires puppies to have an EU pet passport or an animal health certificate to board a flight? And a very young puppy that hasn't been vaccinated yet can't get an animal health certificate?

I don't know how many days it's been already, but that guy is still sitting in an airport in the EU because he promised his friend he would stay with the puppy and bring it home with him.

I'd love to see a good movie about an adorable husky puppy running around in an airport, waiting for a passport, wouldn't you? 😂

Bless that friend who wouldn't just leave a little puppy.

❤️ 🐶 ❤️

#MercyOne patients are now being notified of the #Veradigm breach that I reported on November 1.

MercyOne news coverage: https://www.kcci.com/article/mercyone-patients-alerted-to-veradigm-data-breach/69690293

Veradigm reported the breach to several state attorneys general on September 22, 2025, stating that it first learned of the breach on July 1, 2025.

Unless Rhysida messed up a data dump, the breach occurred on December 15, 2024, and was discovered by Sunflower Medical Group (SMG) on January 7, 2025.

Examination of the data tranche from Rhysida's attack on SMG revealed data from Veradigm clients, including Mercy Clinics in Des Moines and Mercy Centerville. Both are connected to the MercyOne health system. (Screenshot showing Mercy Clinics and Mercy Centerville was in my reporting at https://databreaches.net/2025/11/01/veradigms-breach-claims-under-scrutiny-after-dark-web-leak/ )

If HHS OCR hasn't done a proper investigation of this incident, I hope they do. If Rhysida screwed up and combined two dumps in one tranche, that's one thing, but if Rhysida did not screw up in their data leak, Veradigm's version of the breach didn't (and still doesn't) make a lot of sense.

#databreach #ransomware #incidentresponse #transparency

Updated my post on the Anubis attack on Mid South Pulmonary Specialists after getting additional info from Anubis.

It seems they used their wiper to delete all of MSPS's backups, and then encrypted all of their systems.

That sounds pretty grim. MSPS has not posted anything (perhaps they can't) or issued any notice anywhere about whether patient care has been affected at all by any breach.

https://databreaches.net/2025/12/07/theyve-escaped-a-lot-of-media-attention-but-anubis-raas-is-a-threat-to-the-medical-sector/

#HIPAA #healthsec #cybersecurity #databreach #ransomware #Anubis #wiper #backups #incidentresponse

@campuscodi @amvinfe

I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

"Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
https://databreaches.net/2025/12/09/tell-the-truth-or-someone-will-tell-it-for-you-trumbull-county-ohio-edition/

#databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

Anubis hasn't really had a lot of media coverage, but @amvinfe's post about the attack on Mid South Pulmonary & Sleep Specialists was a wake-up call for me. So I took a look at Anubis's dark web leak site and saw they added -- and leaked -- five U.S. healthcare entities in November.

Given that they are not loath to encrypt and wipe victims' data... well... yikes.

My post:
https://databreaches.net/2025/12/07/theyve-escaped-a-lot-of-media-attention-but-anubis-raas-is-a-threat-to-the-medical-sector/

#databreach #ransomware #Anubis #HealthSec #cybersecurity #HIPAA #wiper