NHS confirms patient death linked to ransomware attack
The June 2024 cyberattacks on London hospitals caused more than just a data breach—Britain’s National Health Service (NHS) now says a patient’s death was directly linked to the incident. NHS explains the attack impacted the amount of time it took hospitals to perform critical blood tests, the resulting delays were identified as one of the contributing factors in the patient’s death. The hackers also compromised data belonging to over 900,000 patients, including sensitive medical details that still haven’t been fully disclosed. A year later, the NHS is still dealing with the fallout, including dangerously low blood supplies that continue to impact care.
BreachForums busted again
The administrators for one of the world’s largest online marketplaces for stolen data have been arrested. French police report the arrest of five suspected operators of BreachForums, including well-known threat actors “ShinyHunters” and “IntelBroker”. Authorities say the group helped relaunch the dark web marketplace after its original founder, “Pompompurin,” was arrested in 2023. The suspects are linked to several major breaches, including attacks on French companies and government agencies, with IntelBroker previously tied to high-profile hacks impacting U.S. and European organizations. BreachForums v2 went offline in April 2025 and has not returned.
(Bleeping Computer), (The Record)
Thousands of SaaS apps still vulnerable to nOAuth
New research shows almost two years after its discovery the nOAuth abuse method is still a major risk, with as many at least 15,000 SaaS apps likely vulnerable due to misconfigurations with Microsoft Entra ID. Despite Microsoft offering guidance, researchers say developers are still misunderstanding or overlooking key implementation steps—leaving apps open to account takeovers and data exfiltration without users ever knowing.
(Security Week) , (Infosecurity Magazine)
Ransomware hits harder in the UK
It’s an award no one wants, but a new report shows British organizations are far more likely than their global peers to have data encrypted in ransomware attacks—70% of UK victims were hit compared to 50% worldwide. According to Sophos, the median ransom demand jumped to $5.4 million last year and UK firms often pay the full amount or more. However, this may soon change as new regulations, like the upcoming Cyber Security and Resilience Bill, aim to ban ransom payments and tighten reporting requirements.
Huge thanks to our sponsor, ThreatLocker
Third-party and ransomware attacks hit U.S. healthcare
Two U.S. healthcare organizations have disclosed data breaches impacting over 100,000 individuals each, I’ll do the math for you that’s over 200,000 people impacted. Mainline Health Systems confirmed its network was breached in April 2024, with the Inc Ransom group later leaking stolen files; the attack affected more than 101,000 patients across its 30+ locations in Arkansas. Meanwhile, nearly 120,000 people tied to Select Medical Holdings were impacted through a third-party breach at former debt collector Nationwide Recovery Services.
(Security Week), (Security Affairs)
Ransomware pack grows
Speaking of ransomware, a new group calling itself Dire Wolf is taking a bite out of the tech and manufacturing sectors. Researchers have already linked the group to at least 16 attacks, using double extortion tactics and custom-built encryptors tailored to each victim. Dire Wolf isn’t staying quiet either—five of the 16 victims listed on its data leak site are now facing public data exposure by the end of the month for refusing to pay up.
New China ORB network infects devices
A newly uncovered China-linked operational relay box (ORB) network known as “LapDogs” is quietly expanding across the U.S. and East Asia, already infecting over 1,000 devices, according to SecurityScorecard. The highly targeted network is made up of compromised routers, IoT devices, and servers—primarily Ruckus Wireless access points—and is being used to support multiple intrusion campaigns while evading detection. Unlike traditional botnets, ORBs like LapDogs offer stealthier, long-term infrastructure for espionage, making it harder to detect and defend against these threats.
Cybercrime outpaces African law enforcement
Cybercrime is surging across Africa, with some countries reporting a 30-fold increase in online scam detections and cybercrime accounting for a third of all reported crimes, according to Interpol’s 2025 Africa Cyberthreat Assessment Report. Egypt, South Africa, and Zambia were among the hardest hit, facing spikes in ransomware and phishing attacks, while law enforcement in nine out of ten African nations lacks the tools or training to respond.