Originally reported by BleepingComputer, Malwarebytes Labs, Fortinet
TL;DR
CISA warns of actively exploited BeyondTrust RCE in ransomware campaigns while healthcare systems face operational shutdowns and AI-powered malware emerges on Android.
CISA confirms active exploitation of BeyondTrust RCE vulnerability in ransomware attacks, combined with critical infrastructure disruption at UMMC affecting statewide healthcare operations.
CISA added BeyondTrust Remote Support vulnerability CVE-2026-1731 to the Known Exploited Vulnerabilities catalog, confirming active exploitation in ransomware attacks. The remote code execution flaw allows attackers to compromise systems running the privileged access management solution, creating a pathway for lateral movement and ransomware deployment. Organizations running BeyondTrust Remote Support must apply patches immediately or face imminent compromise.
The University of Mississippi Medical Center closed all clinic locations across the state following a ransomware attack, demonstrating the cascading operational impact of healthcare-targeted campaigns. The closure affects patient care delivery statewide, highlighting how ransomware groups continue prioritizing healthcare infrastructure for maximum disruption leverage.
Advantest Corporation, a major semiconductor testing equipment manufacturer, disclosed a ransomware attack potentially compromising customer and employee data. The breach affects a critical supply chain component in the global semiconductor ecosystem, raising concerns about intellectual property theft and supply chain integrity in an already strained industry.
Security researchers identified PromptSpy, the first known Android malware incorporating generative AI into its execution flow. The malware leverages Google's Gemini model to dynamically adapt its persistence mechanisms across different device configurations, marking a significant evolution in mobile threat sophistication. This represents a new frontier where threat actors weaponize large language models for real-time attack adaptation.
The FBI reported over $20 million in losses from ATM malware attacks during 2025, representing a massive surge in "jackpotting" incidents. Criminals deploy malware to force cash dispensers to expel currency, targeting financial infrastructure with increasingly sophisticated techniques. The scale suggests organized campaigns rather than opportunistic attacks.
PayPal disclosed a data breach affecting customers through a loan application software error that exposed sensitive personal information, including Social Security numbers, for nearly six months. The extended exposure window demonstrates how application vulnerabilities can create prolonged data exposure risks in financial services platforms.
The French Ministry of Finance announced a cybersecurity incident affecting 1.2 million accounts in the national bank registry system. The breach impacts a significant portion of France's banking infrastructure, potentially exposing financial records and personal data of account holders across multiple institutions.
FortiGuard Labs documented massive Winos 4.0 (ValleyRat) campaigns specifically targeting Taiwanese organizations through phishing lures, DLL sideloading, and bring-your-own-vulnerable-driver abuse. The geopolitically-focused campaign demonstrates continued state-sponsored or state-aligned threat activity against Taiwan's digital infrastructure.
Threat actors exploited Facebook's advertising platform to distribute password-stealing malware disguised as legitimate Windows 11 downloads. The campaign targets cryptocurrency wallets and stored credentials, leveraging social media advertising to achieve broad malware distribution while evading traditional security controls.
A Ukrainian national received a five-year prison sentence for providing stolen identities to North Korean IT workers, enabling their infiltration of U.S. companies. The case illustrates sophisticated state-sponsored efforts to penetrate American corporate networks through identity theft and insider placement operations.
Researchers discovered that identity verification company Persona left frontend systems exposed, revealing extensive background screening capabilities hidden behind basic age verification interfaces. The exposure highlights how identity verification services collect far more personal data than users realize.
Originally reported by BleepingComputer, Malwarebytes Labs, Fortinet