In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI

European Parliament disables AI features on official devicesThe European Parliament hasdisabled built-in AI featureson work-issued devices, such as corporate tablets used by lawmakers and their staff, due to concerns over cybersecurity and data protection. The IT department determined that certain AI capabilities send data to external cloud services for processing, making it impossible to fully guarantee the security of potentially sensitive information.HackerOne revises policy language following concerns over data usage for AIBug bounty huntersraised questionson social media about whether HackerOne was using their submitted vulnerability reports to train AI models, particularly in connection with the company’s recent Agentic PTaaS platform and its AI system called Hai. In response, HackerOne CEO Kara Sprague stated that the platform does not train generative AI models — internally or via third parties — on researcher submissions or customer confidential data, and that such data is not used to train, fine-tune, or improve generative AI models. The company is updating the language in its Terms and Conditions to more clearly reflect these practices and eliminate potential ambiguity, while emphasizing that its AI tools are intended to complement rather than replace researchers’ work.Sensitive attendee data exposed from Abu Dhabi investment conferenceAdata leak linked to Abu Dhabi Finance Week, held in December, resulted in more than 700 passport scans and state identity card documents being left publicly accessible on an unprotected cloud storage server. The exposed information affected hundreds of high-profile attendees, including politicians and business leaders. The vulnerability, attributed by organizers to a third-party vendor, was identified by a security researcher and promptly secured.Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

The European Parliament hasdisabled built-in AI featureson work-issued devices, such as corporate tablets used by lawmakers and their staff, due to concerns over cybersecurity and data protection. The IT department determined that certain AI capabilities send data to external cloud services for processing, making it impossible to fully guarantee the security of potentially sensitive information.HackerOne revises policy language following concerns over data usage for AIBug bounty huntersraised questionson social media about whether HackerOne was using their submitted vulnerability reports to train AI models, particularly in connection with the company’s recent Agentic PTaaS platform and its AI system called Hai. In response, HackerOne CEO Kara Sprague stated that the platform does not train generative AI models — internally or via third parties — on researcher submissions or customer confidential data, and that such data is not used to train, fine-tune, or improve generative AI models. The company is updating the language in its Terms and Conditions to more clearly reflect these practices and eliminate potential ambiguity, while emphasizing that its AI tools are intended to complement rather than replace researchers’ work.Sensitive attendee data exposed from Abu Dhabi investment conferenceAdata leak linked to Abu Dhabi Finance Week, held in December, resulted in more than 700 passport scans and state identity card documents being left publicly accessible on an unprotected cloud storage server. The exposed information affected hundreds of high-profile attendees, including politicians and business leaders. The vulnerability, attributed by organizers to a third-party vendor, was identified by a security researcher and promptly secured.Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

HackerOne revises policy language following concerns over data usage for AIBug bounty huntersraised questionson social media about whether HackerOne was using their submitted vulnerability reports to train AI models, particularly in connection with the company’s recent Agentic PTaaS platform and its AI system called Hai. In response, HackerOne CEO Kara Sprague stated that the platform does not train generative AI models — internally or via third parties — on researcher submissions or customer confidential data, and that such data is not used to train, fine-tune, or improve generative AI models. The company is updating the language in its Terms and Conditions to more clearly reflect these practices and eliminate potential ambiguity, while emphasizing that its AI tools are intended to complement rather than replace researchers’ work.Sensitive attendee data exposed from Abu Dhabi investment conferenceAdata leak linked to Abu Dhabi Finance Week, held in December, resulted in more than 700 passport scans and state identity card documents being left publicly accessible on an unprotected cloud storage server. The exposed information affected hundreds of high-profile attendees, including politicians and business leaders. The vulnerability, attributed by organizers to a third-party vendor, was identified by a security researcher and promptly secured.Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Bug bounty huntersraised questionson social media about whether HackerOne was using their submitted vulnerability reports to train AI models, particularly in connection with the company’s recent Agentic PTaaS platform and its AI system called Hai. In response, HackerOne CEO Kara Sprague stated that the platform does not train generative AI models — internally or via third parties — on researcher submissions or customer confidential data, and that such data is not used to train, fine-tune, or improve generative AI models. The company is updating the language in its Terms and Conditions to more clearly reflect these practices and eliminate potential ambiguity, while emphasizing that its AI tools are intended to complement rather than replace researchers’ work.Sensitive attendee data exposed from Abu Dhabi investment conferenceAdata leak linked to Abu Dhabi Finance Week, held in December, resulted in more than 700 passport scans and state identity card documents being left publicly accessible on an unprotected cloud storage server. The exposed information affected hundreds of high-profile attendees, including politicians and business leaders. The vulnerability, attributed by organizers to a third-party vendor, was identified by a security researcher and promptly secured.Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Sensitive attendee data exposed from Abu Dhabi investment conferenceAdata leak linked to Abu Dhabi Finance Week, held in December, resulted in more than 700 passport scans and state identity card documents being left publicly accessible on an unprotected cloud storage server. The exposed information affected hundreds of high-profile attendees, including politicians and business leaders. The vulnerability, attributed by organizers to a third-party vendor, was identified by a security researcher and promptly secured.Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Adata leak linked to Abu Dhabi Finance Week, held in December, resulted in more than 700 passport scans and state identity card documents being left publicly accessible on an unprotected cloud storage server. The exposed information affected hundreds of high-profile attendees, including politicians and business leaders. The vulnerability, attributed by organizers to a third-party vendor, was identified by a security researcher and promptly secured.Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Interpol-led cybercrime crackdown in AfricaA large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

A large-scale multinational operation coordinated by Interpol across multiple African countries has led to thearrest of 651 individualssuspected of involvement in various online scams, including romance fraud, investment fraud, and business email compromise schemes. Authorities recovered approximately $4.3 million in assets believed to be linked to these criminal activities, along with the seizure of electronic devices, vehicles, and other items used in the operations. The effort targeted organized cybercrime networks operating from the continent and aimed to disrupt scam infrastructure.Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Misconfigured Elasticsearch databases leak tens of millions of sensitive records onlineSOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

SOCRadar’s monitoring servicediscoveredthree publicly accessible Elasticsearch instances that lacked proper authentication, exposing over 43 million records in total. The leaked data included large volumes of valid credentials, credit card details, personal information such as names and contact details, infostealer logs with system and payment information, and various customer transaction records. Security researchers analyzed the instances, notified relevant parties, and some of the exposed data was subsequently removed or restricted.University of Mississippi Medical Center shuts down clinics due to ransomwareThe University of Mississippi Medical Center (UMMC)experienced a ransomware attackthat disrupted many of its IT systems, including blocking access to the Epic electronic medical records system. As a result, all clinic locations across Mississippi were closed, with outpatient appointments, ambulatory surgeries, procedures, and imaging services canceled and set to be rescheduled. Hospital and emergency services continued to operate using manual downtime procedures, with no reported impact on inpatient care or equipment functionality.Record ICS vulnerabilities in 2025Forescout researchshows that 2025 recorded a high of 508 ICS advisories from CISA, covering 2,155 vulnerabilities across various products and vendors, marking the first year exceeding 500 advisories. The average severity rose significantly, with a CVSS score of 8.07 and 82% of advisories classified as high or critical. Many vulnerabilities published directly by vendors in 2025 lacked corresponding CISA advisories, creating visibility gaps.Nigerian national sentenced to prison in USA 37-year-old Nigerian man named Matthew A. Akande, who was living in Mexico, wassentencedto eight years in prison in the US for his involvement in a multi-year operation that involved unauthorized access to the computer networks of tax preparation firms in Massachusetts. He and co-conspirators used stolen personally identifiable information to file over 1,000 fraudulent tax returns, resulting in more than $1.3 million in fraudulent refunds obtained from the US government. Akande was ordered to pay approximately $1.4 million in restitution. He was extradited to the United States after his arrest in the United Kingdom.Google strengthens protections across Play Store and Android ecosystemGoogle preventedmore than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts attempting to distribute harmful applications during 2025. The company integrated generative AI into the review process for better detection of malicious patterns, blocked excessive data access in over 255,000 apps, and stopped 160 million spam ratings and reviews. Google Play Protect last year expanded its scanning to over 350 billion Android apps daily, and identified more than 27 million new malicious apps from outside sources.Related:In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M FineRelated:In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Source: SecurityWeek