Cyberattacks

Ontario Health atHome knew about a massive cyberattack affecting up to 200,000 patients as early as April 14 but didn't tell the public until June 27. The breach at vendor Ontario Medical Supply actually happened in March, compromising patient names, addresses, medical diagnoses, and prescription data.

The agency waited six weeks to notify Ontario's privacy commissioner and only informed patients after Liberal MPP Adil Shamji forced their hand by revealing the incident publicly. Health Minister Sylvia Jones then ordered the agency to contact affected patients. Critics call the delay "deception" and "incompetence," warning the stolen data could enable identity theft and blackmail.

Source: Global News

Cybercriminals exploited a critical SAP vulnerability (CVE-2025-31324) to breach a U.S. chemicals company and install Auto-Color malware on their Linux systems. The attack demonstrates how hackers are targeting enterprise software flaws to gain access to corporate networks.

SAP systems are widely used by major corporations for business operations, making this vulnerability particularly concerning for companies across industries. Organizations running SAP software should immediately apply security patches and review their Linux system configurations to prevent similar attacks.

Source: thehackernews.com

Gov. Tim Walz activated the Minnesota National Guard Tuesday to help St. Paul recover from a sophisticated cyberattack that has crippled city systems since Friday. Mayor Melvin Carter declared a state of emergency, calling it a "deliberate, coordinated digital attack" by external criminals targeting the city's infrastructure. The FBI and cybersecurity firms are investigating alongside the Guard's cyber forces.

City Wi-Fi, internal networks, and online bill payment are down, forcing some workers offline. Libraries and recreation services are also affected, though 911 remains operational. Officials won't restore services until they fully understand the breach's scope.

Source: CBS News Minnesota

The Python Package Index (PyPI) is warning developers about an ongoing phishing campaign targeting their accounts. Attackers are sending fake verification emails and using lookalike domains to steal credentials from Python developers. The fraudulent emails appear legitimate but direct users to malicious sites designed to harvest login information.

PyPI officials are urging developers to verify email authenticity before clicking links and to enable two-factor authentication. This campaign specifically targets the Python development community, potentially compromising software supply chains if successful.

Source: The Hacker News

A pro-Ukraine hacking group called Silent Crow claims it successfully attacked Russia's national airline Aeroflot, forcing the cancellation of dozens of flights and causing widespread system failures. The group, working with Belarusian hackers Cyber Partisans, says it compromised Aeroflot's IT infrastructure and threatens to release passenger data. Russian prosecutors confirmed the cyber-attack and opened a criminal investigation.

The disruption mostly affected domestic routes but also flights to Belarus, Armenia, and Tashkent. Passengers were transferred to other carriers. This marks a rare visible impact from the ongoing cyber warfare between pro-Russian and pro-Ukrainian hacking groups since 2022.

Source: BBC News

Over 400 organizations worldwide fell victim to Chinese hackers exploiting zero-day vulnerabilities in Microsoft SharePoint servers, including the Departments of Energy, Homeland Security, and Health and Human Services. The attack began Friday using the "ToolShell" exploit that bypasses multi-factor authentication.

Three Chinese threat groups are involved: Storm-2603 deployed Warlock ransomware starting July 18, while government-affiliated Linen Typhoon and Violet Typhoon focused on stealing intellectual property and espionage. Microsoft released emergency patches Monday, but nearly 11,000 SharePoint instances remained exposed Wednesday. Federal agencies report no confirmed data breaches so far, though investigations continue.

Source: CyberScoop

Proofpoint researchers discovered four previously unknown Chinese hacking groups attacking Taiwan's semiconductor industry since last fall, marking a sharp increase in cyber espionage. The attackers used phishing emails disguised as job-seeking students, investment firms, and Microsoft security notices to breach chip manufacturers and investment banks analyzing the sector. One group even targeted legal personnel at semiconductor companies.

The campaigns deployed custom malware including Cobalt Strike, Voldemort backdoor, and SparkRAT. Taiwan's chip industry is globally critical, making it a prime target as China seeks to undermine the island's economic strength and national defense capabilities.

Source: Dark Reading