Issue #152 - June 2, 2025
- Weekly INK
- Jun 2
- 2 min read
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
Source: The Hacker News
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.
364,000 Impacted by Data Breach at LexisNexis Risk Solutions
Source: Security Week
Data broker giant LexisNexis Risk Solutions (LNRS) is notifying more than 364,000 people that their personal information was stolen in a December 2024 data breach. The incident occurred on December 25, but LNRS learned of it on April 1, 2025, the company said in the notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office.
Ambulance Billing Firm Pays Feds $75K in Ransomware Breach
Source: Info Risk Today
HHS OCR Found Massachusetts-Based Comstar Failed to Conduct HIPAA Risk Analysis. A Massachusetts-based ambulance billing company has agreed to pay federal regulators a $75,000 penalty and implement a corrective action plan following a 2022 ransomware breach that affected about 70 clients and nearly 586,000 people.
Questions Swirl Around ConnectWise Flaw Used in Attacks
Source: Dark Reading
ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company's disclosures don't explain what the vulnerability is and when it was first exploited. A week after ConnectWise disclosed that a threat actor had gained access to its environment and targeted customers, questions remain about the vulnerability used by the attacker, and confusion remains as to the timeline of the attacks.
Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers
Source: Bleeping Computer
A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. AT&T told BleepingComputer that they are investigating the data but also believe it originates from the known breach and was repackaged into a new leak.