Stolen Kettering Health data published
Following up on a story we covered last month, while the not-for-profit Ohio-based healthcare network Kettering Health has been rebuilding and restoring its systems and services, the Interlock ransomware gang appears to have posted “941 GB of data from the organization, including ID cards, financial reports, payment data, and more.” According to Security Week, “while the healthcare provider has not said much about the type of cyberattack it fell victim to, it appears that it did not give in to the threat actor’s extortion attempts and did not pay a ransom.”
Reddit sues Anthropic for scraping
According to LinkedIn News, “Reddit is leading the latest battle to stop artificial intelligence companies from scraping digital data without authorization.” It has launched a lawsuit against Anthropic, saying it has been “harmed by the AI startup’s unfair business acts.” The suit claims “Anthropic has accessed Reddit’s forums over 100,000 times, in violation of Reddit’s public content policy.” Reddit does have partnerships that allow OpenAI and Google to train their language models on its content, but it does not have such a relationship with Anthropic.
North Face website customer accounts breached
The attacks on consumer retail organizations continue, with the outdoor clothing company North Face stating that almost 3,000 customers were affected by a data breach on its retail website in April. Parent company VF Outdoor, which also owns the JanSport and Timberland brands, announced, in breach notification letters, that it initially discovered unusual activity on April 23. Basic PII was accessed, but not payment details. “An investigation revealed that an attacker launched a credential stuffing attack on the North Face website, using login information stolen from other breaches to gain access to user accounts.”
Cisco ISE Auth Bypass Flaw impacts cloud deployments on AWS, Azure, and OCI
This flaw, flaw impacting the Identity Services Engine (ISE) could allow unauthenticated actors to carry out malicious actions on susceptible systems. With a CVE number (CVE-2025-20286) and a CVSS score of 9.9, it is described as a static credential vulnerability. Cisco also acknowledges the existence of a proof-of-concept (PoC) exploit but says there is no evidence that it has been maliciously exploited in the wild.
Huge thanks to our sponsor, Conveyor
What are you going to do?
Here’s a better question: what would Sue do?
Sue is Conveyor’s new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing every communications and coordination task in-between.
No more manual work. Just a quick review when she’s done.
Ready to let Sue take the reins? Learn more at www.conveyor.com.
ViLE gang members sentenced
Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal as part of an extortion scheme. ViLE specializes in doxing, based on information they extract from “tricking customer service employees, submitting fraudulent legal requests to social media companies, bribing corporate insiders, and searching public and private online databases.” The individuals aged 21 and 26 and based in Rhode Island and Queens NY, also “impersonated law enforcement, illegally accessed government databases, and even faked life-threatening situations to bypass criminal procedures through which they could obtain sensitive personal information.” They each face sentences of two years.
Chrome extensions leak API keys and user data
Researchers at Symantec’s security team state that several popular Google Chrome extensions “have been found to unintentionally transmit data in HTTP and hard-code secrets in their code…potentially exposing browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext.” They add that “the fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. A list of the affected extensions is available in the show notes to this episode.
(The Hacker News – including a list of affected extensions)
Ohio, Oklahoma, Puerto Rico governments suffer cyberattacks
Ransomware attacks have caused problems for residents of the city of Durant, Oklahoma, resulting in some issues for digital and credit card payments, and network outages for its police department. Meanwhile, the Justice Department of Puerto Rico has announced a cyberattack impacting the Criminal Justice Information Office. As part of its preventive measures for safeguarding the integrity of its data, the office has undertaken to suspend some services.
Sean Cairncross has policy coordination in mind
At his Senate confirmation hearing, Sean Cairncross outlined his vision for leading the Office of the National Cyber Director, emphasizing the need for interagency coordination and alignment with administration policy. While acknowledging his lack of technical cyber expertise, Cairncross highlighted his leadership experience in managing large organizations and responding to cyberattacks during his tenure at the Republican National Committee. He avoided directly addressing concerns about potential cuts to CISA but stressed a proactive stance against foreign threats. Citing recent attacks by Chinese hacking groups, he identified China as the top cybersecurity threat facing the U.S.