Healthcare Breaches, APT Espionage, and Evolving Ransomware Tactics Dominate a Turbulent Week in Cybersecurity
Summary
This week in cybersecurity, the period ending May 22, 2026, was marked by a series of high-impact data breaches in the U.S. healthcare sector, exposing sensitive patient information from multiple HIPAA-regulated entities. Simultaneously, an Iranian APT group, Screening Serpens, intensified its espionage campaigns with new malware. Ransomware continues to evolve, with the new Aur0ra strain employing dual-extortion tactics and reports indicating attackers are now using EDR killers and post-quantum cryptography. CISA has added several actively exploited vulnerabilities to its KEV catalog, including flaws in Microsoft Defender, Langflow, and Trend Micro products, underscoring the urgent need for timely patching across all sectors.
Today New Articles
Massive HIPAA Breach Wave Hits U.S. Healthcare, Exposing Thousands of Patient Records
Multiple U.S. healthcare organizations, including the World Trade Center Health Program and LHC Group, have disclosed significant data breaches throughout May 2026. These incidents, some orchestrated by ransomware groups like TridentLocker, have resulted in th...
Industrial Giants Under Siege: Foxconn and Škoda Auto Suffer Major Cyberattacks
Two major multinational corporations, electronics manufacturer Foxconn and automaker Škoda Auto, have been targeted in separate, significant cyberattacks in May 2026. Foxconn's North American facility was struck by the Nitrogen ransomware group, resulting in t...
New 'Aur0ra' Ransomware Emerges with Stealthy Dual-Extortion Tactics
A new ransomware strain named Aur0ra has been identified, employing a dual-extortion model that is becoming standard for modern ransomware. The malware encrypts files, making them inaccessible, and claims to have exfiltrated sensitive data before encryption. A...
Iranian APT 'Screening Serpens' Intensifies Espionage with New RATs Targeting US, Israel, and UAE
The Iran-nexus advanced persistent threat (APT) group known as Screening Serpens (also UNC1549, Smoke Sandstorm) has escalated its cyber-espionage activities, according to researchers at Unit 42. The campaigns, which ran from mid-February to April 2026, coinci...
CISA KEV Catalog Updated: Actively Exploited Langflow and Trend Micro Flaws Demand Urgent Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming they are under active exploitation. The flaws are CVE-2025-34291, an Origin Validation Error in...
Vietnam Government Systems Breached, SOCs Fail to Detect Intrusions
Vietnamese cybersecurity authorities are investigating major data breaches at two unnamed ministry-level agencies, where hackers have allegedly stolen millions of user records. According to the Vietnam National Cyber Emergency Response Team (VNCERT), the attac...
AI Amplifies Supply Chain Threats, Creating New and Complex Cyber Risks
The rapid integration of Artificial Intelligence (AI) into global supply chains is creating a new and complex risk landscape. While AI offers benefits in automation and analytics, it also introduces a new attack surface for threat actors. Malicious actors are...
Germany Becomes Epicenter of European Cyber Conflict with 124% Surge in Attacks
Cyberattacks in the DACH region (Germany, Austria, Switzerland) surged by 124% in 2025, with Germany bearing the brunt, accounting for 82% of all incidents. According to research from Check Point, this dramatic increase is fueled by a dual threat: pro-Russian...
Iranian APT Screening Serpens Unleashes New RATs in Espionage Campaign Against US, Israel, and UAE
Unit 42 has identified a series of cyberespionage campaigns conducted by the Iran-nexus Advanced Persistent Threat (APT) group Screening Serpens (also known as UNC1549) between February and April 2026. The attacks, which align with regional conflicts, targeted...
Nation-state threat actors, including Midnight Blizzard and Curious Serpens, are increasingly misusing ROADtools, a legitimate open-source framework for Azure and Entra ID security research, to conduct sophisticated cloud attacks. According to Unit 42, attacke...
Article Updates
State CISO Confidence Plummets as AI Threats Rise and Budgets Fall, Survey Finds
Update:Cybersecurity leaders from Florida, New York, and Tennessee are urgently calling on Congress to reauthorize the State and Local Cybersecurity Grant Program (SLCGP), a critical $1 billion federal initiative. This program provides essential funding for state, lo...
Warning: Microsoft Defender Flaws Actively Exploited to Gain SYSTEM Privileges
Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-41091 (EoP, CVSS 7.8) and CVE-2026-45498 (DoS, CVSS 4.0) to its Known Exploited Vulnerabilities (KEV) catalog. This action mandates federal agencies to apply patches by a speci...
Supply Chain in Crisis: Exploits Now Arrive Before Companies Know They're Vulnerable
Update:A new JFrog report quantifies the escalating software supply chain crisis, revealing a 451% increase in attacks targeting the npm ecosystem in 2025. It also identifies 495 malicious AI models, highlighting a new and critical threat vector. The report warns tha...