Originally reported by Dark Reading, Infosecurity Magazine
TL;DR
Healthcare systems across Australia, New Zealand, and Tonga face ransomware attacks from the INC group while Chinese state-backed actors shift focus to Qatar amid regional tensions. Supply chain attacks compromise GitHub Actions and new malware variants target HR departments with EDR evasion capabilities.
Multiple high-impact stories including active ransomware targeting critical healthcare infrastructure across multiple countries and nation-state actors pivoting campaigns in response to geopolitical events.
The INC ransomware group has launched a coordinated campaign targeting critical healthcare infrastructure across Australia, New Zealand, and Tonga, according to Dark Reading. Government agencies and emergency clinics have experienced serious disruptions from the prolific ransomware outfit, highlighting the vulnerability of healthcare systems in the region. The attacks underscore the ongoing threat ransomware poses to essential services, particularly in sectors where system downtime can directly impact patient care and emergency response capabilities.
Attackers successfully compromised AppSec vendor Xygeni's GitHub Action through tag poisoning, maintaining an active command and control implant for up to a week, Dark Reading reports. The compromise of xygeni/xygeni-action demonstrates the continued targeting of software supply chains, particularly CI/CD pipeline components used by development teams. Organizations using this GitHub Action during the compromise window may have been exposed to malicious code execution within their build processes.
Two separate attacks on Qatari entities signal a strategic shift by Chinese state-backed threat actors in response to geopolitical developments, according to Dark Reading. The rapid operational pivot demonstrates how quickly nation-state actors can realign their targeting priorities to match evolving regional conflicts. This tactical flexibility highlights the need for organizations in geopolitically sensitive regions to maintain heightened security postures during periods of international tension.
The UK Information Commissioner's Office has fined Police Scotland after the force shared a victim's complete phone data with her alleged attacker, Infosecurity Magazine reports. The incident represents a severe breach of data protection protocols and victim privacy rights, demonstrating how improper data handling procedures can compound harm to vulnerable individuals. The case serves as a stark reminder of the critical importance of access controls and data handling procedures in law enforcement contexts.
The pro-Iran Handala group claims responsibility for a destructive wiper attack against US medical technology firm Stryker, allegedly compromising 200,000 systems, according to Infosecurity Magazine. The claimed scale of the attack, if verified, would represent a significant escalation in destructive cyber operations against US healthcare infrastructure. Stryker manufactures critical medical devices and surgical equipment used in hospitals worldwide, making any disruption to their operations potentially far-reaching.
France's ANSSI national cybersecurity agency reported a decrease in ransomware attacks during 2025, though small and medium businesses remained the most frequently targeted sector, Infosecurity Magazine notes. The data provides insight into ransomware trends across one of Europe's largest economies and suggests potential shifts in threat actor targeting strategies. Despite the overall decline, the continued focus on SMBs highlights persistent vulnerabilities in organizations with limited cybersecurity resources.
A new malware variant dubbed BlackSanta is targeting HR departments through fake resume campaigns, featuring capabilities to disable endpoint detection and response systems while exfiltrating sensitive data, reports Infosecurity Magazine. The targeting of HR personnel through job application lures represents a classic social engineering vector, while the EDR evasion capabilities suggest sophisticated development aimed at enterprise environments. Organizations should review email security controls for HR-related communications and ensure EDR solutions have tamper protection enabled.
Security researchers have identified 'LeakyLooker' vulnerabilities in Google Looker Studio that enable cross-tenant SQL attacks against cloud data sources, according to Infosecurity Magazine. The flaws could allow attackers to access data across different customer tenants within the business intelligence platform. Organizations using Looker Studio should review their data access policies and monitor for any unusual query patterns while awaiting patches from Google.
Palo Alto Networks' Unit 42 researchers have successfully developed attacks to bypass safety guardrails in popular generative AI tools, Infosecurity Magazine reports. The research highlights fundamental weaknesses in current approaches to AI safety and content filtering. As organizations increasingly deploy large language models in production environments, understanding the limitations of existing safety mechanisms becomes critical for risk assessment and deployment decisions.
Infosecurity Europe 2026 has announced its keynote lineup featuring Jason Fox, Shlomo Kramer, and Cynthia Kaiser, with sessions focusing on AI security, cloud protection, and post-quantum cryptographic threats, notes Infosecurity Magazine. The conference agenda reflects current industry priorities around emerging technologies and their security implications.
Originally reported by Dark Reading, Infosecurity Magazine