Massive Healthcare Breaches Expose Millions, as Cisco Warns of Actively Exploited SD-WAN Flaws

Data Aggregator Infutor Reportedly Leaks 676 Million Records in Massive Data Breach

Data solutions provider Infutor, now part of Verisk, has reportedly suffered a colossal data breach exposing over 676 million unique records. The leak is attributed to a misconfigured Elasticsearch database and is said to include highly sensitive personally identifiable information (PII) such as full names, physical addresses, dates of birth, and Social Security numbers. Given Infutor's role in providing consumer identity data for marketing and verification, the breach could have severe and far-reaching consequences, placing millions at risk of identity theft and financial fraud. Attorneys are now investigating a potential class-action lawsuit.

Data BreachCloud SecurityElasticsearchMisconfigurationPII +1 more

Data Breach

Cloud Security

Regulatory

China-Linked Group UAT9244 Targets South American Telecoms with New Malware Suite

New China-Linked Threat Actor 'UAT9244' Targets South American Telecoms with Custom Malware

A newly identified China-linked threat actor, designated UAT9244, is targeting telecommunications providers in South America with a previously undocumented malware toolkit. The campaign appears focused on long-term espionage and intelligence collection within this critical infrastructure sector. Researchers have identified a suite of custom implants, including backdoors named TernDoor, PeerTime, and BruteEntry, which provide capabilities for remote command execution, persistence, and reconnaissance. The strategic targeting of telecom providers highlights an ongoing focus by nation-state actors on critical infrastructure for surveillance purposes.

APTChinaEspionageTelecommunicationsMalware +1 more

China-Linked Group UAT9244 Targets South American Telecoms with New Malware Suite

Threat Actor

Threat Intelligence

Cyberattack

New Excel Flaw Allows Zero-Click Data Theft by Abusing Copilot AI

Microsoft Patches High-Severity Excel Flaw (CVE-2026-26144) Enabling Zero-Click Data Theft via Copilot

Microsoft has disclosed and patched CVE-2026-26144, a high-severity cross-site scripting (XSS) vulnerability in Microsoft Excel with a CVSS score of 7.5. The flaw is particularly dangerous due to a novel attack vector that allows for zero-click data theft by leveraging Microsoft's own Copilot AI features. An attacker can craft a malicious Excel file that, when opened, uses the Copilot agent to exfiltrate sensitive data from the user's machine without any further interaction. Microsoft has released patches as part of its March 2026 security updates and urges customers to apply them immediately.

VulnerabilityMicrosoft ExcelCopilotXSSZero-Click +1 more

New Excel Flaw Allows Zero-Click Data Theft by Abusing Copilot AI

Malware

Cloud Security

Cyberattack on French Healthcare Vendor Exposes Medical Data of 15 Million People

Massive Cyberattack in France Compromises Medical Data of 15 Million via Software Vendor

The French health ministry has confirmed a massive cyberattack that compromised the administrative and medical data of over 15 million individuals. The breach was a supply chain attack originating from Cegedim Santé, a software company providing services to approximately 1,500 medical practices. While most victims had administrative data like names and addresses exposed, over 165,000 individuals had highly sensitive medical notes leaked, including details on HIV/AIDS status and sexual orientation. The incident underscores the immense risk of supply chain vulnerabilities within the healthcare sector.

Data BreachHealthcareSupply Chain AttackFranceGDPR +1 more

Cyberattack on French Healthcare Vendor Exposes Medical Data of 15 Million People

Data Breach

Supply Chain Attack

Regulatory

Updated Articles (4)

Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update

Google's March 2026 Android Update Fixes Actively Exploited Qualcomm Zero-Day (CVE-2026-21385)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-21385, the actively exploited Qualcomm chipset vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This action mandates that all U.S. federal agencies patch the flaw by a specified deadline, underscoring its critical risk. The vulnerability, a memory corruption issue, is confirmed to be under limited, targeted exploitation and affects a wide range of devices, including Android smartphones, tablets, and various Internet of Things (IoT) products. Successful exploitation could lead to denial of service or arbitrary code execution, broadening the previously reported impact of privilege escalation.

March 2, 2026

AndroidQualcommZero-DayMemory CorruptionPatch Management +1 more

Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update

Patch Management

Mobile Security

LexisNexis Confirms Breach After Hacker 'FulcrumSec' Leaks Data of 400,000 Users, Including U.S. Gov Employees

LexisNexis Acknowledges Data Breach After 'FulcrumSec' Exploits React2Shell Vulnerability and Leaks Internal Data

Further analysis of the LexisNexis data breach reveals that the compromised data includes not only 400,000 user profiles but also a broader scope of 3.9 million records. Crucially, the leaked dataset reportedly contains a 'wallet seed phrase,' indicating the exfiltration of highly sensitive cryptographic keys. This new information significantly escalates the potential impact of the breach, highlighting risks beyond typical personal data exposure, especially given LexisNexis's role in critical sectors. The incident underscores the danger of legacy data compromise and the hunt for high-value, unstructured data by attackers.

March 4, 2026

data breachReact2ShellAWScloud securityIAM +2 more

6 min read

LexisNexis Confirms Breach After Hacker 'FulcrumSec' Leaks Data of 400,000 Users, Including U.S. Gov Employees

Data Breach

Cloud Security

Iranian-Aligned Groups Launch 'The Great Epic' Wiper Campaign Targeting Israel and Allies

Iranian Threat Groups Launch 'Great Epic' Wiper Campaign, Prompting Israeli Alert

Iran-backed hacktivist group Handala has claimed responsibility for a major cyberattack on medical technology giant Stryker, causing global operational disruptions to its Microsoft environment. The group alleges a mass data-wiping campaign and exfiltration of sensitive data, including Social Security numbers and health information. Stryker confirmed the incident in an SEC filing, highlighting the campaign's escalating impact on critical sectors and potential patient safety risks. New TTPs observed include the use of vssadmin.exe to delete shadow copies and wevtutil.exe to clear logs, indicating sophisticated destructive intent.

March 6, 2026

IranHandala HackWiper MalwareThe Great EpicGeopolitical Conflict +2 more

4 min read

Iranian-Aligned Groups Launch 'The Great Epic' Wiper Campaign Targeting Israel and Allies

Cyberattack

Threat Actor

Malware

Cisco SD-WAN Flaw (CVSS 10.0) Actively Exploited, CISA Issues Emergency Directive

Critical Cisco SD-WAN Authentication Bypass Vulnerability (CVE-2026-20127) Under Active Exploitation

Cisco has issued an urgent advisory confirming that multiple vulnerabilities within its Catalyst SD-WAN platform are being actively exploited. These newly reported flaws allow unauthenticated attackers to not only gain unauthorized access but also escalate privileges to root, providing complete control over critical networking equipment. This represents a significant escalation from previously reported vulnerabilities, which granted administrative access. Gaining root access enables attackers to modify network routing, disable security features, and establish persistent backdoors, posing an even greater threat to enterprise networks. Organizations are urged to apply patches immediately.

March 7, 2026

CVE-2026-20127CiscoSD-WANVulnerabilityCritical +3 more

4 min read

Cisco SD-WAN Flaw (CVSS 10.0) Actively Exploited, CISA Issues Emergency Directive