NIST announced deep changes to the NVD today, writing that it would no longer enrich every vuln submission.
The only bugs that will have info added are in:
- CISA's known exploited list
- tools used by federal government
- software deemed 'critical'
https://therecord.media/nist-to-limit-work-on-cve-entries-surge
A North Korea expert compared last week's $280 million theft from Drift to the assassination of Kim Jong Un's brother in 2017
Pyongyang created a fake company and hired people to meet up with Drift officials in person at conferences before launching the 4/1 attack
https://therecord.media/drift-crypto-theft-post-mortem-north-korea
After the $280 million theft from Drift, the Treasury Dept said it will start sharing cyber threat intel with the crypto industry
Crypto firms will receive the same actionable cyber information Treasury regularly shares with traditional U.S. financial institutions
This comes as the Trump admin has slashed several of the other cyber information sharing programs run out of CISA
https://therecord.media/treasury-department-announces-crypto-info-sharing
Eligible U.S. digital asset firms and industry organizations “that meet Treasury’s criteria” will be able to receive, at no cost, the same actionable cybersecurity information Treasury regularly shares with traditional U.S. financial institutions.
Bitcoin ATM said someone stole more than $3 million after breaking into their corporate systems last month
https://therecord.media/crypto-atm-bitcoin-depot-reports-cyberattack
Bitcoin Depot filed a notice with the Securities Exchange Commission (SEC) explaining that a threat actor “gained access to certain systems and obtained control of credentials associated with the company’s digital asset settlement accounts.”
Winona County Administrator Maureen Holte told The Record that Monday's ransomware attack did not involve the same cybercriminal responsible January's ransomware attack
Minnesota governor Tim Walz sent the National Guard to help the county recover
https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack
Cyber-enabled fraud accounted for the overwhelming majority of all losses reported to the FBI’s Internet Crime Complaint Center (IC3) in 2025, with a staggering $17.6 billion stolen
from Martin Matishak
https://therecord.media/cyber-fraud-surges-to-17-billion-fbi-ic3
Buried in the FBI, DOD and NSA advisory on Iran cyberattacks on critical infrastructure operational technology was acknowledgement that 75 devices were compromised during the CyberAv3ngers campaign in 2023/2024
https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot
Elliptic said the tactics and laundering methods indicated it was likely North Korean hackers behind the $280 million theft from Drift
https://therecord.media/drift-crypto-confirms-280-million-stolen-north-korea
The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved the “rapid takeover” of the company’s security council administrative powers.
NEW, by me:
3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches
An individual calling himself "Stuckin2019" or just "Stuck" claims responsibility for attacks on OpenLoop Health and Zealthy.
The former has notified the California AG's Office, but the latter has not notified any regulator as far as I can determine, and they haven't responded to inquiries.
Read more at:
https://databreaches.net/2026/03/23/3-7-million-telehealth-patients-allegedly-affected-by-two-recent-breaches/
#databreach #healthsec #cybersecurity #OpenLoop #Zealthy #HIPAA
Electronic health record company CareCloud told the SEC that a recent cyberattack "is material in light of the sensitivity of the potentially affected information and the potential consequences of the incident.”
Dissent Doe 
