Verizon: Mobile Blindspot Leads to Needless Data Breaches

Source: Dark Reading

Verizon’s Mobile Security Index says companies still treat phones as second-class citizens for security. Smishing is surging, BYOD policies are lax, and simple controls like MDM and zero trust would cut incidents dramatically. SMB takeaway: secure personal/work mobiles now—phishing isn’t just in email anymore.

Link to article

CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

Source: BleepingComputer

CISA has added a newly disclosed Oracle EBS SSRF flaw to its KEV list after confirming real-world exploitation tied to data-theft extortion. For businesses running Oracle apps—or relying on vendors who do—the message is clear: patch fast, review logs, and probe third-party risk.

Link to article

CISA Flags Highly Exploitable Windows SMB Flaw

Source: Bank Info Security

A three-month-old Windows SMB client bug is being actively abused to bypass long-standing NTLM protections. Even small shops with file shares are exposed. Prioritize Microsoft updates, disable legacy protocols where possible, and test for unexpected SMB traffic paths inside your network.

Link to article

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

Source: The Hacker News

A China-nexus group (“Salt Typhoon”) chained a Citrix NetScaler weakness with a stealthy backdoor dubbed Snappybee, using DLL sideloading through legit AV tools. Lesson for SMBs: edge devices and “trusted” software can be turned against you—patch gateways and monitor for unusual VPN/app behavior.

Link to article

Radiology Practice to Pay $3.4M-Plus to Settle Hack Lawsuit

Source: Data Breach Today

A North Carolina radiology practice says it will pay more than $3.4 million to settle proposed class action litigation filed after hackers stole records belonging to 887,000 individuals, including information such as medical diagnoses and treatment.

Link to article