What happened A ransomware attack on Sandhills Medical Foundation, a Federally Qualified Community Health Center in McBee, South Carolina, is now the subject of a class action investigation, nearly a year after the incident was first discovered. Sandhills Medical discovered the ransomware attack on May 8, 2025. A forensic investigation determined that an unauthorized third […]

The post Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later appeared first on CISO Whisperer.

The post Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later appeared first on Security Boulevard.

What happened CTM360 researchers have uncovered a large-scale fraud operation using Telegram’s Mini App feature to run cryptocurrency scams, impersonate major brands, and distribute Android malware. The platform behind the operation, dubbed FEMITBOT based on a string found in API responses, uses Telegram bots and embedded Mini Apps to create convincing app-like experiences within the […]

The post Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery appeared first on CISO Whisperer.

The post Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery appeared first on Security Boulevard.

What happened Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office, […]

The post Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers appeared first on CISO Whisperer.

The post Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers appeared first on Security Boulevard.

What happened A cybersecurity incident in late April 2026 targeted Sistemi Informativi, an Italian company wholly owned by IBM Italy that provides IT infrastructure management for public agencies and key private sector organizations. IBM confirmed the breach through an official statement, acknowledging it had identified and contained a cybersecurity incident and activated incident response protocols […]

The post Salt Typhoon Suspected in Breach of IBM Italy Subsidiary Managing Public Infrastructure appeared first on CISO Whisperer.

The post Salt Typhoon Suspected in Breach of IBM Italy Subsidiary Managing Public Infrastructure appeared first on Security Boulevard.

What happened Cyberthint analysts have documented a structural shift in how cyberattacks are conducted, with threat actors now using artificial intelligence to discover and exploit zero-day vulnerabilities in minutes rather than months. The firm identified this transition in late 2024, noting that AI is operating not just as a research assistant but as an active […]

The post Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed appeared first on CISO Whisperer.

The post Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed appeared first on Security Boulevard.

What happened A faulty Microsoft Defender antimalware signature update released around April 30, 2026, caused widespread false positive alerts by incorrectly flagging two legitimate DigiCert root certificates as high-severity malware. The detection, labeled Trojan:Win32/Cerdigent.A!dha, identified registry entries belonging to DigiCert Assured ID Root CA and DigiCert Trusted Root G4 as threats and automatically quarantined them […]

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on CISO Whisperer.

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on Security Boulevard.

What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified on April 29 when malicious versions of four SAP NPM packages were caught delivering information-stealing […]

The post 1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP appeared first on CISO Whisperer.

The post 1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP appeared first on Security Boulevard.

What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 authorization code flow to hijack accounts without passwords and despite multi-factor authentication being enabled. The original ConsentFix was documented by Push Security in December 2025 as an […]

The post ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts appeared first on CISO Whisperer.

The post ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts appeared first on Security Boulevard.

What happened The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft […]

The post FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks appeared first on CISO Whisperer.

The post FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks appeared first on Security Boulevard.

What happened Instructure, the company behind the Canvas learning management system, has disclosed that it recently suffered a cybersecurity incident perpetrated by a criminal threat actor and is now investigating its scope with the help of outside forensics experts. The disclosure was made by Chief Security Officer Steve Proud, who committed to transparency as the […]

The post Edtech Firm Instructure Discloses Cyber Incident, Probes Impact appeared first on CISO Whisperer.

The post Edtech Firm Instructure Discloses Cyber Incident, Probes Impact appeared first on Security Boulevard.

What happened Congress approved a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act on Thursday, hours before the program was set to lapse, pushing the next deadline to June 12. President Trump is expected to sign the legislation before the midnight deadline. The path to the extension was complicated. The day prior, […]

The post Congress Punts FISA Section 702 Renewal to June appeared first on CISO Whisperer.

The post Congress Punts FISA Section 702 Renewal to June appeared first on Security Boulevard.

What happened Ameriprise Financial has disclosed a data breach affecting nearly 48,000 individuals across the United States, following unauthorized access to stored company data and files that began on March 2, 2026. The company detected the intrusion on March 18, approximately 16 days after it began, and filed a breach notification with the Maine attorney […]

The post Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers appeared first on CISO Whisperer.

The post Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers appeared first on Security Boulevard.

What happened A new federal budget proposal would cut hundreds of millions of dollars more from CISA, sharply reducing funding for the agency’s cybersecurity and critical infrastructure work. The fiscal 2027 proposal would reduce CISA’s total by $707 million, according to the budget summary, though another budget document points to a smaller but still significant […]

The post Trump Budget Proposal Would Cut Hundreds of Millions More From CISA appeared first on CISO Whisperer.

The post Trump Budget Proposal Would Cut Hundreds of Millions More From CISA appeared first on Security Boulevard.

What happened West Virginia approved legislation that gives the state’s chief information security officer greater authority to lead and standardize cybersecurity efforts across state government. Gov. Patrick Morrisey signed the measure on Thursday. The law directs the state’s Cybersecurity Office, led by Leroy Amos within the Office of Technology, to develop statewide cybersecurity policies and […]

The post West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program appeared first on CISO Whisperer.

The post West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program appeared first on Security Boulevard.

What happened An internet-connected coffee machine reportedly led to a significant corporate data breach after attackers used the device as an entry point into a secure network. A digital forensics investigator identified only as TR examined the incident after a client suspected a rival had infiltrated its systems. Instead of finding malware, the investigator found […]

The post Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach appeared first on CISO Whisperer.

The post Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach appeared first on Security Boulevard.