Top employee monitoring app leaks 21 million screenshots on thousands of users

A major time-tracking company has been leaking sensitive screenshots on the open internet, putting countless people and organizations at risk of identity theft, data breaches, wire fraud, scams, and more. Cybersecurity researchers at Cybernews found an archive of “millions of real-time screenshots” generated by WorkComposer, which calls itself an “employee productivity monitoring tool”. These screenshots show what the employee is working on at any given time, which could include sensitive communications and emails, login portals, passwords, intellectual property, proprietary data, and more.

CEO of cybersecurity firm charged with installing malware on hospital systems

Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. The man is accused of having installed the malware on the hospital computers on August 6, 2024. Bowie was arrested on April 14, following the issuance of an arrest warrant. Security footage reportedly shows the man attempting to access multiple offices before installing malicious software designed to capture screenshots every 20 minutes and transmit them to an external IP address. “New court documents reveal security cameras captured Bowie wandering around the hospital on August 6, where he tried to get into multiple offices until he stumbled upon two computers. One of those computers was for employees only.” reported the media outlet KOCO 5 News.

ISACA Highlights Critical Lack of Quantum Threat Mitigation Strategies

Most organizations have no defined strategy to defend against quantum-enabled threats, according to a new survey by ISACA. Just 5% of IT professionals said such a strategy is currently in place at their organization, while only 3% believe it is a high business priority for the near future. More than half (59%) of respondents admitted that no steps have been taken to prepare for quantum computing. Experts have warned that quantum computers will be capable of breaking all current encryption protocols, such as RSA and AES. This will require computing power of 10,000 qubits or more. Such a scenario will leave data, connections and components used by all organizations exposed.

FBI Asks for Help Tracking Chinese Salt Typhoon Actors

The FBI has appealed to the public for information which might help it to unmask the threat actors behind a notorious Chinese APT group. Salt Typhoon (aka FamousSparrow, GhostEmperor, Earth Estries and UNC2286) is thought to be the work of China’s vast Ministry of State Security (MSS), and has been active since at least 2020. It leapt to fame in November last year after a major intelligence gathering operation targeting US telecommunications companies was revealed by the authorities. “Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these networks to target victims on a global scale,” the FBI said in its Public Service Announcement (PSA).

The government’s ransomware payment ban: what are the wider implications?

The UK government’s recently announced ban on public sector ransomware payments has received mixed reactions from industry. With the aim of removing the financial incentives that fuel ransomware attacks and making public sector bodies and critical national infrastructure less attractive targets, the policy marks a significant step in the fight against cybercrime. But the introduction of this new policy has not come without criticism. While supporters acknowledge that ransom payments reward criminals and fund more crime, others warn that it could lead to negative consequences such as promoting a secondary black market or impacting ransomware reporting.

New Bill Mandates Cybersecurity Overhaul for Federal Contractors

New cybersecurity legislation is coming thick and fast. And for good reason: cyber threats are becoming more sophisticated, systems are becoming more connected, and geopolitical relationships are becoming more fraught.  One of the most recent bipartisan legislations – the US Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 – is designed to modernize cybersecurity standards in the US and protect the country from threats. Let’s examine the Act and the landscape that inspired its creation.