NAHGA Claim Services data breach exposes health information of over 181,000 individuals

NAHGA Claim Services, a health insurance claims administrator, experienced a data breach between April 8-10, 2025, where unauthorized actors accessed systems and potentially stole sensitive data from 181,160 individuals. The company notified the FBI and is offering identity theft protection services to affected individuals.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/nahga-claim-services-data-breach-exposes-health-information-of-over-181000-individuals-1-f-h-s-f/gD2P6Ple2L

Rhysida ransomware gang claims MedStar Health, steals 3.7TB of patient data

MedStar Health was hit by a ransomware attack by the Rhysida group between September 12-16, 2025, resulting in the theft of 3.7 terabytes of sensitive patient data. When the ransom demand was not met, the attackers publicly released all stolen files containing over 1.8 million records on their dark web leak site.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/rhysida-ransomware-gang-claims-medstar-health-steals-3-7tb-of-patient-data-3-1-m-q-r/gD2P6Ple2L

Rockrose Development Corp. reports data breach exposing data of 47,000 people

Rockrose Development Corp. suffered a data breach on July 4, 2025, that went undetected for over four months until November 14, 2025, exposing personal information of 47,392 individuals. The attack method is not disclosed, and the company did not announce whether credit monitoring services would be provided to affected individuals.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/rockrose-development-corp-reports-data-breach-exposing-data-of-47000-people-t-n-c-a-3/gD2P6Ple2L

Critical actively exploited flaw in WatchGuard Fireware OS enables remote code execution through VPN service

WatchGuard patched a critical vulnerability (CVE-2025-14733) in Fireware OS that allows remote unauthenticated attackers to execute arbitrary code on devices with IKEv2 VPN configurations. The flaw is actively being exploited in the wild.

**If you have WatchGuard Firebox firewalls, you are under attack. Make a very quick update to the latest security updates from WatchGuard. After patching, change all passwords and security keys stored on the device, especially if you've ever used IKEv2 VPN configurations (even if now deleted). Old settings can still leave your firewall vulnerable.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-flaw-in-watchguard-fireware-os-enables-remote-code-execution-through-vpn-service-n-s-w-d-7/gD2P6Ple2L

University of Sydney data breach compromises personal data of over 27,000 staff and students

The University of Sydney suffered a data breach affecting over 27,000 individuals when attackers gained unauthorized access to an online coding repository that improperly contained historical personal data files.

**We've seen secrets in code, but storing PII in code repository is totally weird, especially when you think of the code repository of just program code and forget the data files.**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/university-of-sydney-data-breach-compromises-personal-data-of-over-27000-staff-and-students-v-d-1-n-t/gD2P6Ple2L

Physical break-In at Texas Behavioral Health Facility exposes patient records of 1,309 people

A physical security breach at the Heart of Texas Behavioral Health Network in November 2025 resulted in unauthorized access to paper patient records containing sensitive information for approximately 1,309 individuals.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/physical-break-in-at-texas-behavioral-health-facility-exposes-patient-records-of-1309-people-2-c-y-f-c/gD2P6Ple2L

Ransomware attack on NHS technology provider DXS International exposes patient data

DXS International, a British tech company supporting 10% of NHS referrals in England, suffered a ransomware attack on December 14, 2025. The DevMan ransomware group claims to have stolen 300GB of data from internal office servers. It's not confirmed whether NHS patient data was compromised but DXS has notified the ICO, law enforcement, and NHS cybersecurity teams.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/ransomware-attack-on-nhs-technology-provider-dxs-international-exposes-patient-data-l-k-4-c-f/gD2P6Ple2L

Critical WSUS flaw reported in Schneider Electric Foxboro DCS systems

Schneider Electric issued a critical security advisory for a vulnerability (CVE-2025-59287) in its EcoStruxure Foxboro DCS Advisor services caused by a flaw in Microsoft WSUS that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges via ports 8530/8531. Active exploitation is observed in the wild.

**This one is important and kind of urgent, there is active exploitation. If you have Schneider Electric EcoStruxure Foxboro DCS Advisor systems, make sure to block WSUS ports 8530/8531 from the internet, or even better, make sure they are isolated from the internet and only accessible from trusted networks. Then apply Microsoft patches KB5070882 and KB5070884 and verify patch with Schneider Electric Global Customer Support.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wsus-flaw-reported-in-schneider-electric-foxboro-dcs-systems-8-0-8-z-c/gD2P6Ple2L

CISA reports active exploitation of ASUS Live Update supply chain vulnerability

CISA is reporting active exploitation of CVE-2025-59374, a supply chain backdoor embedded in ASUS Live Update utility during the 2018 Operation ShadowHammer attack by Chinese state-sponsored hackers. The backdoor surgically targeted specific devices using hardcoded MAC addresses. Federal agencies must discontinue use of the now-discontinued utility by January 7, 2026. ASUS urges remaining users to update to version 3.6.8 or higher.

**If you have ASUS Live Update utility installed, immediately update to version 3.6.8 or higher, or better yet, uninstall it completely since it's now discontinued. Given the previous supply chain compromise and end-of-support status, remove the utility and download updates directly from ASUS's official website.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-asus-live-update-supply-chain-vulnerability-d-5-n-4-d/gD2P6Ple2L