31 Dec 2025
By Mary

InfoSec News Nuggets 12/31/2025

Two US cyber experts plead guilty to cooperating with notorious ransomware gang Two U.S. cybersecurity professionals have admitted guilt in federal court for conspiring with the ALPHV/BlackCat ransomware group to extort companies, using their expertise to assist in encryption and ransom demands. This high‑profile plea highlights insider misuse of security skills and carries potential prison sentences up to 20 years.   80 Hospitals May Have Been Affected by the Oracle Health Data Breach CISA has…
Read More
28 Oct 2025
By Mary

InfoSec News Nuggets 10/28/2025

Cities reverse course on automated license plate reader cameras amid privacy concerns Cambridge, Massachusetts officials turned off 16 automated license plate reader cameras (ALPR) last week after the city council voted to pause their use following reports of the cameras’ manufacturer sharing data with immigration authorities. Cambridge is one of several cities where the Flock Safety cameras — which are now present in thousands of cities across the country — have recently been taken offline.  On October…
Read More
06 Oct 2025
By Mary

InfoSec News Nuggets 10/06/2025

Oracle says hackers are trying to extort its customers Oracle said on Thursday that customers of its E-Business Suite of products "have received extortion emails," confirming a warning first issued on Wednesday, opens new tab by Alphabet's Google. In a blog post, opens new tab, the California-based tech company said its investigation found that hackers had made potential use of previously identified software vulnerabilities and urged customers to upgrade their products. Oracle did not immediately respond when asked…
Read More
04 Apr 2025
By Mary

InfoSec News Nuggets 4/4/2025

Oracle privately confirms Cloud breach to customers Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported. However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum. According to Bloomberg,…
Read More
03 Apr 2025
By Mary

InfoSec News Nuggets 4/3/2025

Toll Scams Are What's Happen.xin Right Now Have you ever received an odd text message on your phone, purporting to be from a toll provider or package delivery service? If you have a U.S. cell phone, chances are you’ve encountered one of these SMiShing attempts—cybercriminals’ latest ploy to trick you into giving up your personal and financial details. SMiShing (a portmanteau of SMS and phishing) relies on victims clicking deceptive links that appear legitimate but…
Read More
31 Mar 2025
By Mary

InfoSec News Nuggets 3/31/2025

Oracle Health breach compromises patient data at US hospitals A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack. Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company…
Read More
28 Mar 2025
By Mary

InfoSec News Nuggets 3/28/2025

Oracle customers confirm data stolen in alleged cloud breach is valid Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The…
Read More
24 Mar 2025
By Mary

InfoSec News Nuggets 3/24/2025

Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content Cloudflare has created a bot-busting AI to make life hell for AI crawlers. The network-taming company built the tool after noticing that almost one percent of all requests to access web content that it can see now come from AI crawler bots. Those bots are probably scraping data that’s gathered up to train AI models. Web site operators can…
Read More
10 Jan 2025
By Mary

InfoSec News Nuggets 1/10/2025

License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data In just 20 minutes this morning, an automated license-plate-recognition (ALPR) system in Nashville, Tennessee, captured photographs and detailed information from nearly 1,000 vehicles as they passed by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate. This trove of real-time vehicle data, collected by one of Motorola’s ALPR systems, is meant to be accessible…
Read More
26 Sep 2022
By Mary

InfoSec News Nuggets 09/26/2022

Oracle Cloud admits users could access other customer data A vulnerability in Oracle Cloud Infrastructure (OCI) could have allowed basically any user to read and write data belonging to any other OCI customer, researchers have claimed. Experts from cloud security firm Wiz said they stumbled upon the vulnerability when building an OCI connector for their own tech stack, discovering that they could attach other people’s virtual disks to their virtual machine instances. The only thing…
Read More
06 Oct 2020
By Mary

InfoSec News Nuggets 10/06/2020

SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. In following up on their previously disclosed victims and leaks, DataBreaches.net noticed that a medical entity who had been listed on SunCrypt’s site no longer appeared on it.…
Read More