Following an operation by the US Department of Justice, two Russian citizens with direct ties to the 8Base ransomware group have been arrested in Thailand on a series of charges. 8Base was the platform used to launch thousands of encryption attacks with the Phobos ransomware strain, which led to exfiltration of data and the eventual extortion of payment to decrypt the system and return or delete the stolen data. In addition to the arrests, Europol successfully seized 27 servers belonging to 8Base, hopefully terminating the group’s operations for good.
Ransomware exposes sensitive data for 120,000 hospital patients
Officials for Memorial Hospital and Manor in Georgia have recently begun contacting nearly 120,000 individuals to inform them that their sensitive health records may have been compromised during a ransomware attack that occurred in November of last year. The Embargo ransomware group has claimed this exfiltration attack and has published a data trove of 1.15TB to their leak site. Fortunately, the hospital is offering a free year of credit and identity monitoring to all affected individuals.
Apple patches actively exploited zero-day in USB Restricted Mode
Apple staff have pushed out a patch for a zero-day exploit (CVE-2025-24200), which allows security bypass for the device’s USB Restricted Mode, a setting that blocks the use of device unlocking/cracking tools. These tools are commonly used by law enforcement to access a locked device that may have sensitive information stored locally, by bypassing the need for a passcode. All users that have devices on iOS/iPadOS 18 and iPadOS 17 are encouraged to run the update to ensure their devices are properly protected.
US newspaper firm targeted by major cyberattack
Last week, staff for one of the largest newspaper groups in the US, Lee Enterprises confirmed that several of their systems had been taken offline due to a cyberattack. As the investigation is still ongoing, it is unclear if any employee or customer information was compromised during this incident, though it has caused significant delays in publishing for their 427 publications that are distributed in 26 states. Lee Enterprises isn’t new to being the target of a cyberattack, after being breached shortly before the 2020 presidential election, in a campaign to spread disinformation.
Hospital Sisters Health System reveals massive data breach
As the investigation into the August 2023 cyberattack on the Hospital Sisters Health System (HSHS), it has come to light that the sensitive patient data for over 883,000 patients has been compromised. It is believed that the threat actors behind this attack had access to the internal systems for almost 2 weeks before being discovered, and affected all 15 of the HSHS hospitals, causing significant downtime in hospital operations.
