
Loading summary
A
From the CISO series, it's Cybersecurity headlines.
B
These are the cybersecurity headlines for Thursday, June 26, 2025. I'm Lauren Verno. NHS confirms patient death linked to ransomware attack the June 2024 cyber attacks on London hospitals caused more than just a data breach burning. Britain's National Health Service now says a patient's death was directly linked to the incident. NHS explains the attack impacted the amount of time it took hospitals to perform critical blood tests. The resulting delays were identified as one of the contributing factors in the patient's death. The hackers also compromised data belonging to over 900,000 patients, including sensitive medical details that still haven't fully been disclosed. A year later, the NHS is still dealing with the fallout, including dangerously low blood supplies that continue to impact care. Breach forums busted again the administrators for one of the world's largest online marketplaces for stolen data have been arrested. French police report the arrest of five suspected operators of breach forums, including well known threat actors Shiny Hunters and Intel Broker. Authorities say the group helped relaunch the Dark Web marketplace after its original founder was arrested in 2023. The suspects are linked to several major breaches, including attacks on French companies and government agencies. With Intel Broker previously tied to high profile hacks impacting US and European organizations. Breach Forum's V2 went offline in April of this year and has not returned thousands of SaaS apps still vulnerable to no auth New research shows Almost two years after its discovery, the Noauth abuse method is still a major risk, with as many AS at least 15,000 SaaS apps likely vulnerable due to misconfigurations with Microsoft Entra ID. Despite Microsoft offering guidance, researchers say developers are still misunderstanding or overlooking key implementation steps, leaving apps open to account takeovers and data exfiltration without users ever knowing. Ransomware hits harder in the UK it's an award no one wants, but a new report shows that British organizations are far more likely than their global peers to have data encrypted in ransomware attacks. In fact, 70% of UK victims were hit, compared to 50% worldwide, according to Sophos. The medium ransom demand jumped to 5.4 million last year and UK firms are often pay the full amount or more. However, this may soon change as new regulations like the upcoming Cybersecurity and Resilience Bill aims to ban ransom payments and tighten reporting requirements. Thanks to Today's episode sponsor ThreatLocker. ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's threat l l o c k e r.com CISO Third party and ransomware attacks hit US health care again Two US health care organizations have disclosed data breaches impacting over 100,000 individuals each. I'll do the math for you, that's over 200,000 people overall impacted. Mainline Health Systems confirmed its network was breached in April of 2024, with the Inc. Ransomware Group later leaking stolen files. The attack affected more than 101,000 patients across its 30 plus locations in Arkansas. Meanwhile, nearly 120,000 people tied to Select Medical holdings was impacted through a third party breach at former debt collector Nationwide Recovery Services. Ransomware PAC Grows Speaking of ransomware, a new group calling itself Direwolf is taking a bite out of the tech and manufacturing sectors. Researchers have already linked the group to at least 16 attacks using double extortion tactics and custom built encryptors to tailored to each victim. Direwolf isn't staying quiet either. Five of the 16 victims listed on its data leak site are now facing public data exposure by the end of the month for quote, refusing to pay up. New China Orb Network Infects Devices A newly uncovered China linked operational relay box or orb network known as Lapdogs is quietly expanding across US and East Asia, already infecting over 1,000 devices. That's according to Security Scorecard. The highly targeted network is made up of compromised routers, IoT devices and servers, primarily Ruckus wireless access points, and is being used to support multiple intrusion campaigns while evading detection. Unlike traditional botnets, orbs like Lapdogs or offer stealthier long term infrastructure for espionage, making it harder to detect and defend against these threats. Cybercrime Outpaces African Law Enforcement Cybercrime is surging across Africa, with some countries reporting a 30 fold increase in online scam detections and cybercrime accounting for a third of all reported crimes, according to Interpol's 2025 Africa Cyber Threat Assessment Report. Egypt, South Africa and Zambia were among the hardest hit facing spikes in ransomware and phishing attacks, while law enforcement in nine out of 10 African nations lack the tools or training to respond. Be sure you're registered for this week's Super Cyber Friday event All about Hacking the Internal Politics of Cybersecurity if you've ever been challenged by NAVIGATING the tricky waters of an organization to get the security mission done, you need to join us. We've got two seasoned CISOs joining us this Friday at 1pm Eastern Standard talking for an hour about why just being right isn't enough when it comes to security decisions. To register to join, head on over to the Events page@the cisoseries.com and if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Lauren Verno reporting from the CISO series.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
Cyber Security Headlines - June 26, 2025
Hosted by CISO Series
In this episode of Cyber Security Headlines, hosted by Lauren Verno of the CISO Series, a range of critical and timely topics in the information security landscape are discussed. From the tragic consequences of ransomware attacks on healthcare systems to the ongoing challenges posed by cybercriminal networks, the episode provides a comprehensive overview of significant events shaping cybersecurity today.
One of the most alarming stories discussed is the confirmation by Britain's National Health Service (NHS) that a patient's death in June 2024 was directly linked to a ransomware attack on London hospitals. Lauren Verno details the incident:
“The attack impacted the amount of time it took hospitals to perform critical blood tests” [00:07].
The ransomware incident not only compromised sensitive data of over 900,000 patients but also led to operational disruptions that delayed critical medical procedures. Despite the passage of a year, the NHS continues to face severe repercussions, including dangerously low blood supplies that hinder patient care.
Key Points:
In a significant crackdown, French police have arrested five individuals suspected of operating BreachForums, one of the world's largest Dark Web marketplaces for stolen data. Among those apprehended are notorious threat actors known as Shiny Hunters and Intel Broker. Lauren Verno provides insight into the operation:
“The group helped relaunch the Dark Web marketplace after its original founder was arrested in 2023” [00:07].
These operators are implicated in numerous high-profile breaches targeting both private companies and government agencies across Europe and the United States. The takedown of BreachForums V2 marks a substantial victory for law enforcement in combating cybercrime networks.
Key Points:
The episode highlights ongoing vulnerabilities in SaaS applications due to misconfigurations with Microsoft Entra ID. Nearly two years after the discovery of the Noauth abuse method, researchers estimate that at least 15,000 SaaS apps remain susceptible. Lauren emphasizes the critical oversight:
“Developers are still misunderstanding or overlooking key implementation steps” [00:07].
This negligence allows for potential account takeovers and unauthorized data exfiltration without user detection, posing significant security risks for organizations relying on these applications.
Key Points:
Ransomware attacks are hitting UK organizations harder than their global counterparts. According to a report cited by Lauren, 70% of UK victims experienced data encryption due to ransomware, compared to the global average of 50%. Additionally, the average ransom demand in the UK surged to $5.4 million last year, with many firms paying the full amount or more.
“British organizations are far more likely than their global peers to have data encrypted in ransomware attacks” [00:07].
However, this trend may shift with the introduction of the upcoming Cybersecurity and Resilience Bill, which aims to ban ransom payments and enforce stricter reporting requirements to mitigate such attacks.
Key Points:
The US healthcare sector continues to be a prime target for cyberattacks. Two major breaches have recently impacted over 200,000 individuals:
Mainline Health Systems: Experienced a breach in April 2024 by the INC Ransomware Group, affecting more than 101,000 patients across 30+ locations in Arkansas. Stolen files were subsequently leaked by the ransomware group.
Select Medical Holdings: Nearly 120,000 people were affected through a third-party breach at Nationwide Recovery Services, a former debt collector associated with Select Medical Holdings.
Key Points:
A new ransomware group, Direwolf, is making waves in the tech and manufacturing sectors with sophisticated attack strategies. Lauren Verno explains:
“The group has been linked to at least 16 attacks using double extortion tactics and custom-built encryptors tailored to each victim” [00:07].
Direwolf is notable for its tailored encryptors and its double extortion approach, which involves threatening public data exposure if ransom demands are not met. Currently, five of the 16 listed victims on Direwolf’s data leak site are set to face public exposure by month’s end for refusing to comply with ransom demands.
Key Points:
Security Scorecard has identified the growth of Lapdogs, a China-linked operational relay box (orb) network, which has infected over 1,000 devices across the US and East Asia. Lauren details the nature of this threat:
“Lapdogs offers a stealthier long-term infrastructure for espionage, making it harder to detect and defend against these threats” [00:07].
The network primarily consists of compromised routers, IoT devices, and Ruckus wireless access points, facilitating multiple intrusion campaigns while evading traditional detection methods. This advancement represents a significant challenge for cybersecurity defenses aimed at identifying and mitigating such stealthy threats.
Key Points:
Interpol's 2025 Africa Cyber Threat Assessment Report highlights a dramatic increase in cybercrime across the continent, with some regions experiencing a 30-fold rise in online scam detections. Lauren Verno underscores the severity:
“Cybercrime is accounting for a third of all reported crimes” [00:07].
Countries like Egypt, South Africa, and Zambia are witnessing significant spikes in ransomware and phishing attacks. Concurrently, nine out of ten African nations lack the necessary tools or training for effective law enforcement responses, exacerbating the vulnerability to cyber threats.
Key Points:
Conclusion
This episode of Cyber Security Headlines provides a sobering look into the pervasive and evolving nature of cyber threats globally. From the devastating real-world consequences of ransomware attacks on healthcare systems to the sophisticated operations of international cybercriminal networks, the discussions underscore the urgent need for robust cybersecurity measures and international cooperation to mitigate these risks.
For more detailed stories behind these headlines, visit CISOseries.com.