On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its genomic sequencing products. Of the total settlement, $1.9 million will be paid to the qui tam whistleblower who brought […]
CISA and FBI Joint Update on Scattered Spider: Evolving Threats and Mitigation Guidance
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and procedures (TPPs) of the cybercriminal group Scattered Spider. First identified in 2023, this group is notorious for targeting large enterprises and their contracted IT help desks, […]
Microsoft Announces Two New On-Premises SharePoint Vulnerabilities
Introduction On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed to the internet. CVE-2025-49704 is a remote code execution (RCE) vulnerability, which allows an attacker to run malicious code on a target system. CVE-2025-49706 is […]
Inside the SK Telecom Data Breach: What Happened and What Companies Can Learn
In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an investigation, the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) concluded in July 2025 that SK Telecom was negligent in […]
New York Department of Health Issues Urgent Cybersecurity Warning Following U.S. Strikes on Iranian Nuclear Facilities
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following U.S. military strikes on the Fordow, Natanz, and Isfahan nuclear facilities in Iran. The Advisory warns that “intelligence sources indicate a high likelihood […]