With thousands of packages available, the repository is an attractive target for threat actors, who often upload typosquatted or fake packages to compromise software developers and potential supply-chain attacks.

Harvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.

The vulnerabilities addressed by the updates impact several Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 23.04, Ubuntu 18.04, and Ubuntu 16.04.

According to researcher Jeremiah Fowler, the server was affiliated with OTrack, also known as Optimum Pupil/Sonar Tracker, developed by Juniper Education. OTrack is utilized by over 7,000 primary and secondary schools across the United Kingdom.

The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google’s latest research.

The Cybersecurity and Infrastructure Security Agency (CISA) posted the 447-page set of regulations under the Cyber Incident Reporting for Critical Infrastructure Act to the Federal Register, allowing the public to comment on it.

Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.

Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers said.

The Chinese-language, phishing-as-a-service platform “Darcula” has created 19,000 phishing domains in cyberattacks against more than 100 countries, Netcraft researchers say.

The INC Ransom group this week claimed responsibility for the assault on ‘NHS Scotland’, saying it stole 3TB worth of data while leaking a small number of sensitive files.