Ticker feed

Human error accounts for 80-90% of industrial accidents, with negligent insiders responsible for 56% of cybersecurity breaches in operational technology environments. Critical infrastructure faces growing risks from disgruntled employees, compromised contractors, and foreign agents infiltrating supply chains.

Experts warn that operational technology personnel have wide-ranging system privileges, making simple mistakes like clicking wrong buttons or plugging in unauthorized USB drives potentially catastrophic. The challenge intensifies as third-party vendors often have the same access as internal staff but limited cybersecurity awareness.

While AI and behavioral analytics show promise for detecting anomalous behavior, experts emphasize they're tools to assist, not replace, strong organizational culture and process controls. Organizations must balance strict monitoring with maintaining workforce trust and morale to prevent creating a "policing culture" that breeds resentment.

Source: Industrial Cyber

St. Anthony Hospital in Chicago disclosed Wednesday that a February data breach may have exposed personal information of more than 6,600 patients and staff members. An unauthorized party accessed employee email accounts, potentially compromising names, addresses, Social Security numbers, medical records, and prescription information.

The hospital says there's no evidence the data has been misused for identity theft or fraud. Officials are notifying affected individuals and recommend placing fraud alerts on credit files and monitoring financial accounts. A dedicated hotline (877-580-4384) is available weekdays 8 a.m. to 5 p.m. for questions about the incident.

Source: CBS News Chicago

CISA has added a critical Oracle Identity Manager zero-day vulnerability (CVE-2025-64446) to its Known Exploited Vulnerabilities catalog after confirming active attacks in the wild. The flaw scores a devastating 9.8 on the CVSS scale and lets attackers remotely execute code without any authentication required.

The vulnerability poses a major threat to organizations relying on Oracle Identity Manager for access control. Federal agencies face a mandatory patching deadline under CISA's Binding Operational Directive 22-01. Organizations should immediately apply patches and check their systems for signs of compromise, as hackers are already exploiting this security hole.

Source: The Hacker News

Fortinet disclosed another zero-day vulnerability in its FortiWeb firewall just days after revealing a separate exploited flaw. CVE-2025-58034 allows authenticated attackers to run code through crafted HTTP requests, earning a 6.7 CVSS score.

Orange Cyberdefense reports "several exploitation campaigns" are chaining this new flaw with last week's vulnerability for more powerful attacks. Trend Micro detected around 2,000 exploitation attempts.

The timing raises questions about Fortinet's disclosure practices - both vulnerabilities were quietly patched before public disclosure. CISA added the flaw to its Known Exploited Vulnerabilities catalog with an accelerated one-week patching deadline for federal agencies.

Source: Dark Reading

Nearly every organization worldwide (97%) has been hit by supply chain breaches, up dramatically from 81% in 2024, according to BlueVoyant's latest survey of 1,800 IT leaders.

Despite the alarming jump, companies are fighting back. Almost half are now collaborating directly with third parties to fix security issues, and 46% claim to have mature risk management programs in place.

But there's a catch: many programs focus on compliance checkboxes rather than actually reducing risk. Only 16% of companies list risk reduction as their primary goal, while cyber insurance requirements and board mandates drive most efforts. The biggest challenge? Lack of internal support, cited by 60% of program managers.

Source: Infosecurity Magazine

CISA has issued an urgent warning about a zero-day vulnerability in Google Chrome that's already being exploited by attackers. The flaw, CVE-2025-13223, affects Chrome's V8 JavaScript engine and allows hackers to execute malicious code remotely just by tricking users into visiting compromised websites.

The vulnerability impacts Chrome versions before 131.0.6778.72 and extends to other Chromium-based browsers like Microsoft Edge and Brave. Google patched the issue on November 19, 2025, but CISA has given federal agencies until December 10 to update their systems.

With over 3 billion Chrome users worldwide, this high-severity bug poses massive risks for data breaches and malware infections. Users should immediately update to the latest Chrome version to protect themselves.

Source: Cybersecurity News

DoorDash confirmed a recent data breach on November 13 after an employee fell victim to a social engineering scam. Criminals accessed customer names, phone numbers, email addresses, and physical addresses for both delivery drivers and customers.

The good news? No bank account or payment card information was compromised. DoorDash's response team quickly cut off unauthorized access and reported the incident to law enforcement.

The company has implemented additional employee training on social engineering scams and upgraded security systems. Customers should watch for suspicious messages attempting to use their exposed personal information for fraud. This breach adds to 2024's staggering total of 3,158 corporate data compromises.

Source: CNET

Amazon is sounding the alarm about a dangerous new form of warfare where cyberattacks directly enable physical military strikes. The tech giant calls it "cyber-enabled kinetic targeting" - hackers compromise security cameras and surveillance systems to provide real-time intelligence for missile attacks.

The most striking example: Iran's MuddyWater group hacked Jerusalem CCTV cameras in May, then used live feeds to adjust missile targeting during attacks on June 23. This allowed Iranian forces to make real-time adjustments while weapons were in flight.

Amazon's security chief Steve Schmidt warns that traditional cybersecurity approaches treating digital and physical threats separately are now "detrimental." Nation-states are pioneering this hybrid model, and more countries will follow suit, fundamentally changing how warfare operates.

Source: CyberScoop

A threat actor called dino_reborn has deployed seven malicious npm packages that cleverly distinguish between regular users and security researchers before delivering malware. The packages use Adspect cloaking technology to fingerprint visitors through 13 data points including browser details and language preferences.

When researchers visit infected sites, they see only blank pages. But victims encounter fake CAPTCHAs mimicking legitimate crypto exchanges like Uniswap, which redirect them to scam sites after a convincing three-second verification process.

Socket.dev analysts discovered the campaign, tracing it to geneboo@proton.me. The malware blocks developer tools and disables right-click menus to prevent analysis, representing a new evolution in supply chain attacks targeting the npm ecosystem.

Source: Cyber Security News

AT&T customers have until December 18, 2025, to claim their share of a $177 million settlement from two major data breaches. The 2019 breach exposed personal data including Social Security numbers for 73 million customers, while the 2024 Snowflake hack affected phone records of 109 million users.

Customers with documented losses can receive up to $5,000 for the 2019 breach and $2,500 for the 2024 incident. Those without proof of losses still qualify for smaller payments. People affected by both breaches could potentially claim up to $7,500 total.

To file a claim, visit telecomdatasettlement.com with your Class Member ID from Kroll's notification email, or call 833-890-4930 for help.

Source: CNET