Blockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control…

Blockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control over their RPC infrastructure. It provides real-time RPC monitoring, delivering actionable insights to support data-driven infrastructure management.

NodeHaus helps foundations understand how their infrastructure performs across regions, providers, and methods. It incorporates powerful tools for maintaining high availability and optimizing traffic distribution.

Serving as a strategic data visualisation and control panel for RPC infrastructure, NodeHaus bridges the gap between technical performance and strategic decisions. This helps to make RPC infrastructure behaviour measurable and accountable, simplifying the task of managing ecosystem growth.

The Foundation RPC Dashboard gives developers, DevOps teams, and protocol foundations the control they need to operate and scale multi-provider RPC infrastructure. Enterprise-grade UX is combined with deep analytics that supports real-time decision-making.

Core features include:

*   Live map of regional coverage
*   Key network health metrics at a glance
*   Traffic distribution by region and project
*   Deep provider-level performance insights
*   New node requests for specific geographical regions on the fly

A successful beta launch has demonstrated the dashboard’s efficacy, attracting clients such as the Zircuit Network. Zircuit’s Head of Infrastructure commented, “The comprehensive insights from dRPC’s dashboard bridge the gap between technical performance and strategic planning. We can now make data-driven decisions on scaling and budgeting with confidence, supporting our ecosystem’s growth effectively.”

This strong interest from foundations and early partners indicates a clear market demand for observability and RPC control tools.

Built specifically for L1 and L2 foundation teams, the dashboard requires no setup, enabling projects to start receiving real-time insights powered by dRPC infrastructure instantly. Additional modules in the funnel include real-time alerts, ecosystem risk mapping, and developer adoption analytics. These are part of a broader roadmap we’re shaping together with foundation partners.

As blockchain protocols scale, reliable RPC access is critical in supporting the growth of healthy dApp ecosystems. Infrastructure complexity and the risk of creeping centralization through resorting to cloud-based solutions impair this goal. dRPC’s solution, Nodehaus, maintains the benefits of decentralized infrastructure without compromising on performance.

The release of dRPC’s NodeHaus dashboard fills a gap in the market for a universal control panel for blockchain foundations. With this one-of-a-kind solution for chains, dRPC looks to expand its product suite and establish itself as the preeminent provider of distributed blockchain infrastructure.

Explore how NodeHaus works in practice by watching the demo video below:

****About dRPC****

dRPC serves as a gateway for web3 developers and users to access a distributed network of independent third-party public nodes. It supports the growth of a diverse and independent web3 infrastructure ecosystem that is not controlled by any single entity. dRPC‘s pay-as-you-go model scales resources effortlessly and delivers clear, predictable pricing. This eliminates large upfront costs, encourages innovation and simplifies budgeting.

dRPC Launches NodeHaus to Streamline Blockchain and Web3 Infrastructure

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake login pages and Telegram alerts.

SlashNext security experts have discovered a new tool called “SessionShark” used by cyber criminals to steal login information for Microsoft Office 365. This tool can bypass multi-factor authentication (MFA), a security feature that requires a phone code in addition to a password to add another layer of security.

SlashNext’s research, shared exclusively with Hackread.com, revealed that online advertisements for SessionShark were found on secret cybercrime networks, indicating the tool was designed to steal session tokens, which are special keys that allow users to stay logged in without having to enter their password every time. Once a criminal has this token, they can get into your Office 365 account even if you have MFA turned on, because the key proves you’ve logged in.

Researchers explained that by stealing this session cookie” attackers can bypass MFA controls and access the account without needing the one-time passcode.” This makes the extra security of MFA useless in this type of attack.

The creators of SessionShark are trying to sell it to other criminals by saying it’s “for educational purposes,” but security experts say this is just a way to hide what it’s really for. It is designed to aid criminals’ success.

Source: SlashNext

For example, it can pretend to be a real Office 365 login page fooling users easily. It operates as an “adversary-in-the-middle” (AiTM) phishing kit. This means that when a victim tries to log in to Office 365 through a fake website created by SessionShark. It offers a logging panel for operators and integrates with a Telegram bot for real-time “Instant Session Capturing.” This allows threat actors to receive real-time alerts with the victim’s email, password, and session cookie the attacker secretly intercepts their username, password, and importantly, the session token, in real time.

Moreover, it works well with Cloudflare, a service that hides the real location of a website, making it harder for security teams to track down and shut down criminal operations. The tool also tries to avoid being noticed by threat intelligence systems, which are databases of known malicious websites and activities. SessionShark also allows criminals to quickly send stolen data directly to the attacker’s phone using Telegram allowing instant access.

According to SlashNext’s blog post, the way SessionShark is being sold shows a growing trend in cybercrime. Instead of just creating and using these tools themselves, criminals are now selling them to others as a service, complete with support and updates. This makes it easier for more people to carry out these kinds of attacks.

Security teams are now working to find ways to detect and block tools like SessionShark to protect users. Meanwhile, it is crucial to be very careful online, especially when entering your login information. Even with extra security like MFA, make sure you are on the real website before typing in your username and password.

New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins

With the rise of fintechs, accuracy alone isn’t enough, security and reliability are just as necessary. For fintech…

With the rise of fintechs, accuracy alone isn’t enough, security and reliability are just as necessary. For fintech companies and digital-first organizations, standard internal controls are being reworked into smarter systems that combine automation, policy enforcement, and cybersecurity.

As online transactions grow and online threats become more sophisticated, finance teams aren’t just managing the numbers, they’re also protecting them.

****Modern Threats Require Modern Safeguards****

Cybercriminals are increasingly targeting financial workflows, especially those involving approvals, payments, and sensitive data exchanges. Weak controls, manual oversight, and fragmented systems create openings for fraud, data breaches, and policy violations.

That’s why financial teams are turning to structured online protection, such as role-based access, secure audit trails, and verification workflows. These aren’t just accounting mechanisms, they’re frontline defences against increasingly well-planned cybersecurity threats.

****Secure Workflows Reduce Risk****

One of the most effective ways to reduce both fraud and exposure is by embedding security into approval processes. For example, implementing role separation, ensuring that no single individual can complete a high-risk transaction alone, prevents both mistakes and malicious intent.

This is particularly effective when combined with automated audit trails, which create a timestamped, immutable record of every action in the transaction lifecycle. These logs are crucial for detecting unauthorized activity and supporting forensic analysis in the event of a breach or anomaly.

****Technology Is the Backbone of Safe Financial Operations****

Manual financial processes not only slow teams down, but they increase risk. Online tools help enforce controls without sacrificing agility. Solutions like invoice approval software streamline review and authorization processes, enforce segregation of duties, and maintain full visibility into every transaction.

These platforms reduce the chances of human error and insider manipulation by standardizing workflows and removing guesswork. They also enable real-time monitoring, giving finance and security teams the ability to spot issues early, before they become incidents.

****A Security-First Approach to Financial Control****

For fintech, startups, and tech-driven enterprises, internal controls aren’t just about compliance, they’re a key part of operational security. Secure-by-design finance workflows reduce attack vectors, protect online assets, and support regulatory willingness across global markets.

With cyber threats growing more targeted, businesses can’t afford to treat financial controls as afterthoughts. Investing in technology that builds control, visibility, and accountability into every transaction is now a baseline requirement, not a nice-to-have.

Securing Fintech Operations Through Smarter Controls and Automation

Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in…

Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in social engineering scam.

A new cybercrime campaign called “Elusive Comet” is targeting professionals in the cryptocurrency space. But, instead of going after blockchain tech directly, the attackers are using Zoom’s remote-control features to gain access to targeted devices.

Cybersecurity firm Security Alliance (SEAL) broke down the details in a report published in March 2025. Security Alliance (SEAL) in March 2025.

The Elusive Comet campaign is a social engineering scam where cybercriminals impersonate legitimate figures to lure victims into Zoom meetings. They often use phishing emails or DMs on X to create a convincing scenario, posing as individuals wanting to interview the victim for a podcast or media feature by Aureon Capital, which claims to be a legitimate venture capital firm.

Once the victim accepts the Zoom invitation, the attackers manipulate their computer by requesting remote control access under the pretence of needing technical assistance or help with a presentation. They change their Zoom display name to “Zoom,” creating a false sense of trust.

Zoom remote-control request dialogue box showing Zoom as the requestor (Source: Trail of Bits)

For your information, Zoom’s remote-control feature is designed for accessibility and collaboration, allowing one participant to control another’s screen with explicit permission. When attackers gain remote control, they install malware onto the victim’s machine, often including infostealers and RATs (Remote Access Trojans), eventually obtaining unauthorized access to the compromised system, exfiltrating crucial information like cryptocurrency wallet credentials, personal data, and private keys.

The effectiveness of this attack is illustrated by the experience of Jake Gallen, CEO of Emblem Vault. Gallen lost over $100,000 in digital assets after falling victim to the Elusive Comet campaign. He agreed to a Zoom interview with a media personality and was granted remote control access following which “GOOPDATE” malware was installed, allowing the attacker to drain his cryptocurrency wallets.

> Working with @\_SEAL\_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs.
> 
> Below I will share details about that person, my experience, and this malicious software known as GOOPDATE ↓ https://t.co/xXoeSWLUXA
> 
> — jake (@jakegallen\_) April 14, 2025

Cybersecurity firm Trail of Bits also encountered the Elusive Comet campaign when their CEO received suspicious invitations to a fake “Bloomberg Crypto” series via Twitter. They identified the attackers’ refusal to communicate via email and the use of unofficial Calendly scheduling pages as key indicators of malicious intent.

SEAL highlighted similarities between these attacks and the notorious North Korean hacking collective Lazarus Group’s past operations but could not conclusively attribute the campaign to Lazarus.

SEAL and Trail of Bits recommend several mitigation strategies for cryptocurrency professionals to protect against cyberattacks. These include disabling Zoom’s Remote-Control feature by default and exercising extreme caution with unsolicited invitations.

Researchers also advise implementing strong authentication measures, considering alternative communication platforms like Google Meet, and restricting application controls over high-risk applications like Zoom by technically blocking remote control.

Max Gannon, Intelligence Manager at Cofense commented on the latest development, stating, “The malicious use of legitimate software is a growing trend we’ve continued to see in 2025. In this case, threat actors are leveraging legitimate Zoom and Calendly links to bypass security controls. As trusted domains, their use in this attack makes it more difficult to detect and block.”

Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto

Free up space on your iPhone fast. Learn 5 proven ways to clear storage, remove clutter, and manage photos, apps, and files with no gimmicks, just results.

If your iPhone feels cramped and storage alerts show up like it’s on a schedule, it’s probably time for a cleanup. Below, we’ll go over easy ways to quickly free up space on iPhone – and talk a bit about storage management in general. These aren’t gimmicks; they’re time-tested methods and tricks that work for anyone, whether you’re rocking an older iPhone or the latest model.

****How to Check What’s Eating Up Space****

The first thing on the checklist is to figure out what’s taking up all that space. Before you start deleting stuff blindly, open up Settings on your iPhone, tap General, and then hit iPhone Storage.

Give it a second to load – once it does, you’ll see a full breakdown: apps, photos, media, messages, system files, and that “Other” section that never quite explains itself. You can read what all those mean in the official iPhone guide – we won’t stop on this too long.

What matters right now is _where_ your space is going. If Photos is at the top? You’ll want to start there. If it’s giant apps like TikTok, Instagram, or games you haven’t touched in months – yep, those might be the real problem. You might even get some auto-suggestions right there in the menu, like “Offload Unused Apps” or “Review Large Attachments.” Take those seriously – they’re built into the system for a reason.

****How to Free Up Storage on iPhone****

Now, we’ll go through the most popular methods from the overall list of methods to free up space on an iPhone, step by step. We’ll start with Photos first, since for most people (and maybe for you), this is where storage goes to die.

****1\. Clean Up Your Photos****

You probably already know how to manually delete photos or videos from the Photos app. You just tap **_Select_**, choose what you don’t need, and hit the **trash icon**. Simple. But also… kinda miserable. That’s hours of scrolling and second-guessing.

So let’s skip the obvious and talk about faster ways to handle photo cleanup.

First, your iPhone actually has a Duplicates album baked into the Photos app. It can help you spot and merge exact photocopies – like when you AirDropped yourself the same shot twice or saved it from Messages. That can be useful… but there are a couple of catches.

1.  It only works with **exact** duplicates – so if the two photos look nearly identical but aren’t pixel-for-pixel twins, they won’t show up.
2.  It takes time. As a lot of folks pointed out on Reddit, your iPhone doesn’t flag duplicates instantly. You might have to wait a few hours (or days) for the indexing to finish before anything appears in that folder.
3.  Even when it _does_ work, it doesn’t always make a huge dent. A few exact copies here and there usually won’t free up gigabytes.

That’s why a lot of us end up turning to third-party tools that offer broader and faster ways to clean up photos. Special attention should go to AI-powered cleaners – these apps use actual machine learning to spot stuff your iPhone can’t. Not just copies, but _similar_ photos. Like ten shots of the same person blinking… and only one where their eyes are open.

One of the best apps we’ve used for this is Clever Cleaner: AI CleanUp App. It’s 100% free, smart, clean, and surprisingly good at figuring out what’s worth keeping.

**Here’s how to use it:**

1.  Download Clever Cleaner from the App Store.
2.  Open the app, go to Similars, and let it group your lookalike photos.
3.  Tap Smart Cleanup.
4.  The AI picks the best shots to keep. Like the selection? Slide to delete. Want to tweak it? Tap a group, pick a different best shot, or skip it.
5.  When you’re done, Hit Move to Trash, then Empty Trash to clear it all out.

It also flags Heavies (your largest files, sorted big to small – something the Photos app _can’t_ do), Screenshots (easy bulk delete), and Lives (lets you convert Live Photos to stills to save space).

After each cleanup, it shows how much space you saved – and reminds you to empty the Recently Deleted album to actually free up space on your iPhone.

****2\. Offload or Delete Unused Apps****

The next way to potentially clear _a lot_ of space on an iPhone is Apps. Especially the ones you haven’t opened in six months but somehow still take up 1.2 GB.

To find and quickly delete the biggest unused apps, do this:

1.  Open Settings.
2.  Tap General.
3.  Go to iPhone Storage.
4.  Wait for the list to load (apps are sorted by size, largest at the top).
5.  Tap any app you don’t use.

Next, you’ve got two options:

*   **Offload**. This deletes the app itself but keeps all your data. If you reinstall later, everything’s still there. Best for apps you _might_ use again.
*   **Delete**. This wipes the app and its data. Good for things you know you’re done with.

Pro tip: if you’re cool with iOS doing this automatically, turn on Offload Unused Apps in iPhone Storage. It silently trims unused apps when space runs low – and puts a little download icon on them so you can grab them back anytime.

****3\. Clear Safari Cache****

If you’ve been using Safari for a while – browsing, shopping, reading articles at 2 a.m. – there’s a good chance it’s been quietly stockpiling data in the background. Website history, cookies, cached images… it all adds up. You won’t see it in the Photos app or under “Media,” but it’s there.

It’s easy to clear it, and no, it _won’t_ delete your saved passwords or bookmarks. It’ll just wipe the behind-the-scenes junk.

**To do it:**

1.  Open Settings.
2.  Scroll down and tap Safari.
3.  Scroll again and tap Clear History and Website Data.
4.  Confirm when it asks.

That’s it. Safari gets a clean slate, and you get a bit more breathing room.

It’s also a good idea to clear the cache in other apps you use often. Safari isn’t the only one. Apps like Chrome, Firefox, Snapchat, WhatsApp, and most social media or browser apps all store cached data too. But, you won’t find those cache-clearing options in iPhone’s main Settings menu.

Each app handles it differently, usually tucked away in the app’s own settings. Some call it “Clear Cache,” others go with “Storage Management” or “Data Usage.” If you’re not sure where to look, check the app’s help guide or support page – there’s usually a quick step-by-step there.

And if you can’t find a clear option at all? Easy fix: delete and reinstall the app. It’s the fastest way to wipe the cache and start fresh. You’ll need to log back in, but you’d be surprised how much space that one move can save.

****4\. Delete Large Message Attachments****

Yes, all those photos, videos, voice notes, and memes you’ve sent and received over the years stay on your iPhone’s local storage. Every single one. Doesn’t matter if it’s from last week or three months ago – they’re still there.

Luckily, there’s a built-in way to review and clear this stuff (at least the biggest offenders) quickly. Here’s how to do it:

1.  Open Settings.
2.  Go to General > iPhone Storage.
3.  Scroll down and tap Messages.
4.  Under _Documents_, tap Review Large Attachments.
5.  You’ll see a list of the bulkiest files buried in your message threads.
6.  Tap Edit, select the ones you don’t need, and hit Delete.

That’s it. Quick and painless (and your conversations stay intact).

If you want to go even further, head to _Settings > Messages > Keep Messages_ and switch it to 30 Days. iOS will automatically toss older messages and their attachments without you lifting a finger.

If you don’t see Review Large Attachments, it means iOS didn’t flag anything big enough in the Messages app to show there – _or_ you simply haven’t accumulated much yet (good for you).

But that doesn’t mean you’re out of options.

You can still clear attachments manually within most messaging apps. Just like with cache, many apps have their own settings to manage storage and remove media files without deleting your entire chat history. This works for the built-in Messages app, and also for third-party apps like WhatsApp, Telegram, and others.

****5\. Remove Downloaded Files****

This one flies under the radar for a lot of people. You download a file – maybe a PDF, a video, a ZIP, or a random invoice – and forget all about it. But your iPhone doesn’t. It quietly saves that file in the **Files** app, or tucked inside whatever app you used to open it.

**Start with the Files app:**

1.  Open Files.
2.  Tap Browse at the bottom.
3.  Go to On My iPhone.
4.  Check folders like _Downloads_, _Documents_, or anything app-specific (Chrome, Acrobat, etc.)
5.  Long-press to delete anything you don’t need.

Then think about apps that save content offline. Netflix, Spotify, YouTube Premium, and even Podcasts – they all store downloaded files locally. You won’t see this storage in the Files app, but you can manage it inside each app’s settings. Look for things like Downloads, Offline Media, or Storage Usage. Some let you clear everything in one tap.

****Final Words****

These 5 methods to clear space on the iPhone we covered above are the same ones we’ve used countless times – and the ones we regularly recommend to others. They’re reliable, and efficient, and cover the main sources of clutter on nearly every device.

Some additional methods/features can help in specific cases:

*   You can activate Optimize iPhone Storage if you use iCloud, this keeps smaller, device-friendly versions of your photos and shifts the full-resolution ones to the cloud. It’s a simple toggle that can save a lot of space without deleting anything.

*   Voice Memos is another one to check. If you use the app often, long or forgotten recordings can quietly take up storage in the background. Clearing them out occasionally can free up more room than you’d expect.

But those are more situational. The five methods in our guide cover the must-dos. They work across devices, they’re easy to repeat, and they don’t require any technical know-how. A simple cleanup with these steps will give any iPhone more breathing room.

If you found these methods helpful, use the buttons below to share on Facebook or tweet it on X – someone else is probably dealing with the same storage headache right now.

How to Clear iPhone Storage

Lattica’s cloud-based solution uses Fully Homomorphic Encryption to query encrypted data on AI models without decrypting it, preserving privacy and bolstering security.

Lattica, an FHE-based platform enabling secure and private use of AI in the cloud, has emerged from stealth. The company is backed by Konstantin Lomashuk’s Cyber Fund, and Sandeep Nailwal, co-founder of Polygon Network and Sentient: The Open AGI Foundation, among others.

Lattica’s technology represents a critical new standard for industries such as healthcare, finance and government sectors, where data privacy and security concerns have limited AI adoption. According to Cisco’s 2025 AI Briefing: CEO Edition, 70% of CEOs surveyed admitted being concerned about the state of their networks due to the rising adoption of AI, with 34% citing security as a major barrier to adoption. 

Fully Homomorphic Encryption (FHE) – the “holy grail” of cryptography in the last decade – ensures all communication between AI providers and end users remains encrypted, without needing to decrypt it, but due to longstanding computational inefficiencies, FHE has yet to be widely adopted. By capitalizing on the latest breakthroughs in the AI acceleration stack, Lattica leverages advanced acceleration techniques to operationalize FHE. 

Led by founder and CEO, Dr. Rotem Tsabary, who holds a PhD in lattice-based cryptography from the Weizmann Institute of Science, Lattica takes advantage of the foundational mathematical similarities between FHE and machine learning to offer a hardware-agnostic, cloud-based platform that utilizes FHE to deliver secure and private use of AI.

A key differentiator powering Lattica’s solution is its Homomorphic Encryption Abstraction Layer (HEAL), which enhances FHE performance and standardizes its acceleration. A cloud-based service, HEAL serves as a universal bridge connecting FHE applications and AI algorithms across a diverse range of hardware including GPUs, TPUs and CPUs, as well as dedicated accelerators like ASICs and FPGAs.

“By combining the advancements of hardware acceleration with software-based optimization, we realized that not only could we improve FHE efficiency to the point of commercial viability, but use it to solve critical data dilemmas holding back AI’s adoption in sensitive industries,“ said Dr. Rotem Tsabary, founder and CEO of Lattica. “We’re enabling practical FHE by developing a solution that is tailor-made for neural networks.”

As part of its emergence from stealth, Lattica has made demos of the platform available on its website, alongside insights from an in-depth survey within the FHE community. Survey results validate Lattica’s approach, revealing that a majority (71%) of respondents believe FHE adoption will be achieved through a combination of hardware and software. 

“Lattica is pushing the boundaries of Fully Homomorphic Encryption, solving one of the most critical challenges in AI security,” said Konstantin Lomashuk, Managing Partner at Cyber Fund. “Cyber Fund is proud to have led Lattica’s pre-seed round. This is the kind of deep-tech innovation that defines the future, and we’re excited to see Lattica leading the way.”

Lattica’s focus on healthcare and finance further underscores the platform’s relevance, with potential applications in secure data analysis for medical research and encrypted financial transactions.

“Lattica’s product-first approach fundamentally transforms sensitive data processing in the AI ecosystem,” said Sandeep Nailwal, co-founder of Polygon Network and investor in Lattica. “Lattica has made FHE a reality that is both practical and scalable, as Tsabary and her research team is proving that advances in the machine learning stack can significantly boost the performance of FHE and have an immediate impact on the market.”

****About Lattica****

Lattica enables querying AI models with Fully Homomorphic Encryption, offering FHE as a hardware-agnostic, cloud-based service. The platform leads in scientific innovation by ensuring that user queries remain encrypted throughout the entire machine-learning inference process.

Lattica’s Homomorphic Encryption Abstraction Layer (HEAL) connects FHE applications, algorithm implementations, and diverse hardware backends, making secure AI computation as accessible as traditional cloud-based AI services. The company is headquartered in Tel Aviv.

Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE

AOA, DaVita, and Bell Ambulance hit by ransomware in 2025. Over 245K affected as hackers steal patient data,…

AOA, DaVita, and Bell Ambulance hit by ransomware in 2025. Over 245K affected as hackers steal patient data, demand ransoms, and disrupt healthcare services.

This has been a dreadful first quarter for the healthcare sector. After Morphisec’s recent discovery of ResolverRAT malware targeting organisations within the healthcare sectors, three healthcare organizations in the United States have confirmed becoming victims of data breaches this year. These include Alabama Ophthalmology Associates, DaVita, and Bell Ambulance.

Alabama Ophthalmology Associates (AOA), an eye care practice in Alabama, revealed that a data breach occurring between January 22nd and January 30th, 2025, affected a staggering 131,576 individuals. AOA concluded its review of the impacted data on March 19th, 2025, and subsequently began notifying affected individuals.

In its notification (PDF), AOA claims the compromised data includes crucial personal details such as names, Social Security numbers, health insurance information, treatment details, medical record numbers, medical history, and dates of birth. However, they did not mention offering free credit monitoring or identity theft protection, a common practice among breached companies when Social Security numbers are compromised.

The ransomware group BianLian has claimed responsibility for the attack on AOA. This group, known for extorting organizations by threatening to publish stolen data rather than encrypting systems, alleges to have obtained a wide range of sensitive information from AOA, including finance and HR data, patient records, biometric information, and emails.

BianLian’s Data Leak Site Lists AOA (Source: Comparitech)

While BianLian has listed AOA on its data leak site, AOA has not yet verified these claims. It remains unknown the amount demanded, whether AOA paid a ransom, or the specific method used by the attackers to infiltrate AOA’s network.

In a separate incident, Bell Ambulance, a well-established ambulance service provider in southeastern Wisconsin, detected a cybersecurity incident on February 13th, 2025. The company informed its employees about disruptions to their IT systems and initiated an investigation to determine if any information was compromised.

An update on April 22nd confirmed that 114,000 individuals were impacted in this breach, with compromised data potentially including dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical information, and/or health insurance information.

The ransomware group Medusa later claimed responsibility for the attack on March 2nd, 2025, adding that they stole 220 GB of data. The group demanded a $400,000 ransom from Bell Ambulance, threatening to auction the stolen data if their demands were not met within 7 days.

It is worth noting that on April 8, Medusa also claimed a ransomware attack on NASCAR (National Association for Stock Car Auto Racing) demanding a $4 million ransom and threatening to release internal data if payment isn’t made.

DaVita, a Denver-based dialysis firm, was hit by a ransomware attack on April 12, which reportedly encrypted certain on-premises systems. The company is currently addressing the incident, utilizing contingency plans and manual processes, while care delivery continues at its centres and for home care patients. The identity of the ransomware group responsible remains unknown.

“The incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time,” DaVita’s official statement read.

These attacks further emphasize the urgent need for improving cybersecurity measures within the healthcare sector to protect patient data and ensure the continuity of critical medical services.

Paul Bischoff, Consumer Privacy Advocate at Comparitech, shared his comments with Hackread.com regarding the growing vulnerability of the healthcare sector against cyberattacks, stating, _“_Comparitech researchers logged 16 confirmed ransomware attacks on US hospitals, clinics, and other care providers in 2025, compromising the personal and health data of about 470,000 people._“_

“Ransomware attacks on US hospitals, clinics, and other care providers can cripple key systems and endanger the privacy and security of patients. Providers must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics may have to resort to pen and paper, cancel certain appointments, and divert patients elsewhere until systems are restored.”

Ransomware Surge Hits US Healthcare: AOA, DaVita and Bell Ambulance Breached

Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and…

Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and claims to boost cybersecurity measures.

British retailer Marks & Spencer (M&S), a company with over 140 years of history in food and clothing, experienced a major cybersecurity incident during the Easter break that disrupted some of its essential services.

This event impacted the ability of customers to make contactless payments in their stores and caused delays in the collection of online orders, known as the Click and Collect service. Many customers took to social media platforms to voice their frustrations regarding these issues.

Stuart Machin, the Chief Executive of M&S, issued an apology to customers, acknowledging the disruptions. He explained that the company had to implement temporary adjustments to their store operations as a protective measure for both their customers and the business itself. While the stores remained open and the M&S website and mobile application continued to function normally, the technical difficulties with contactless payments and Click and Collect caused considerable inconvenience.

Email sent by M&S

In response to this incident, M&S promptly engaged external cybersecurity specialists to conduct a thorough investigation and manage the situation effectively. The company also notified key regulatory bodies, including the Information Commissioner’s Office (ICO), the UK’s data protection authority, and the National Cyber Security Centre. An ICO spokesperson confirmed that they were aware of the incident and were in the process of assessing the information provided by M&S.

Furthermore, M&S assured its investors that they were taking proactive steps to enhance the security of their network and ensure the continuation of customer service. In their statement to the London Stock Exchange, M&S emphasized the paramount importance of customer trust and pledged to provide updates if the situation evolved. 

While M&S informed customers that they were actively working to resolve the “limited” delays affecting Click and Collect orders, some shoppers had reported issues even before the official announcement. These earlier complaints included difficulties using gift cards and vouchers within M&S stores. One customer described the situation as a “total failure for customers,” highlighting the lack of communication that could have prevented unnecessary trips to the stores.

The timeline of the incident indicates that while the main cyber incident impacting contactless payments and Click and Collect began on Monday, there was a separate technical problem affecting only contactless payments that occurred on the preceding Saturday. This suggests that M&S was dealing with technical difficulties throughout the weekend and it wasn’t the immediate aftermath of the main cyber incident.

Nevertheless, this incident follows a pattern of similar attacks on UK organizations in recent years. Transport for London had to shut down numerous online services after a cyberattack, Royal Mail faced severe disruptions to international mail services recently resulting in the attackers leaking 144GB of its internal files, and retailer WH Smith experienced a data breach compromising employee information.

James Hadley, Founder and Chief Innovation Officer, Immersive: “Breaches like M&S’s aren’t rare. While they communicated clearly and likely followed tested response plans, such attacks highlight the gap between perceived and actual cyber resilience. Regular cyber drills and realistic crisis simulations are vital for building real confidence and preparing teams to protect critical data in an increasingly high-risk environment.”

M&S Cyberattack Disrupts Contactless Payments and Click & Collect Services

Fake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,…

Fake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data, contacts, and sensitive files.

A malicious version of Alpine Quest, a popular Android navigation app, has been found carrying spyware aimed at Russian military personnel. Security researchers at Doctor Web uncovered the modified software embedded with Android.Spy.1292.origin spyware capable of harvesting data and extending its functionality through remote commands.

Alpine Quest is commonly used by outdoor enthusiasts, but it’s also relied on by soldiers in Russia’s military zones due to its offline mapping features. That made it a convenient cover for attackers, who repackaged an older version of the app and pushed it as a free download through a fake Telegram channel. The link led to an app store targeting Russian users, where the infected software was listed as a pro version of the app.

Once installed, the spyware collects all sorts of information. Each time the app is opened, it sends the user’s phone number, account details, contacts, geolocation, and a list of files stored on the device to a remote server. Some of this data is also sent to a Telegram bot controlled by the attackers, including updated location details every time the user moves.

Left: Telegram channel promoting the malicious Alpine Quest app (in Russian via Dr. Web) – Right: English translation of the image using Yandex AI, via Hackread.com.

Doctor Web’s analysis shows that this spyware is capable of more than passive tracking. After identifying which files are available, the malware can be instructed to download new modules designed to extract specific content. Based on its behaviour, the attackers appear especially interested in documents shared through messaging apps like Telegram and WhatsApp. It also seeks out a file called locLog, created by Alpine Quest itself, which logs user movements in detail.

Because the spyware is bundled with a working version of the app, it looks and functions normally, giving it time to operate unnoticed. Its modular design also means its capabilities can grow over time, depending on the attackers’ goals.

Doctor Web advises users to avoid downloading apps from unofficial sources, even when they appear to offer free access to paid features. Even on official app stores, it’s best to avoid installing apps you don’t truly need. Malicious apps have been known to slip past review processes on both Google Play and the App Store.

At the time of writing, the group behind the campaign has not been identified, and it remains unclear whether this operation is domestic or foreign in origin. However, similar operations in the past have been linked to Ukrainian hacktivist groups, including Cyber Resistance, also known as the Ukrainian Cyber Alliance. In 2023, they reportedly **targeted spouses of Russian military personnel**, extracting sensitive and personal data. However, there is still no confirmed attribution for the group behind this spyware campaign.

Fake Alpine Quest Mapping App Spotted Spying on Russian Military

An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…

An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in its email-based domain verification method.

Internet security relies on trust, and the Certificate Authority (CA) is a key player in this system as it verifies website identities, and issues SSL/TLS certificates, which encrypt communication between a computer and the website.

However, recently, a serious problem was found with one of these trusted CAs, SSL.com. Researchers discovered a flaw in how SSL.com was checking if someone requesting a certificate actually controlled the domain name, a process called Domain Control Validation (DCV).

SSL.com enables users to verify domain control and obtain a TLS certificate for encrypted HTTPS connections by creating a _validation-contactemail DNS TXT record with the contact email address as the value. SSL.com sends a code and URL to confirm the user’s control of the domain. However, due to this bug, SSL.com now considers the user as the owner of the domain used for the contact email.

This flaw stems from the way email is used to verify control, particularly with MX records, which indicate which servers receive email for that domain. It allowed anyone to receive email at any email address associated with a domain, potentially obtaining a valid SSL certificate for the entire domain. It is specifically related to the BR 3.2.2.4.14 DCV method aka ‘Email to DNS TXT Contact’.

This is a big deal because an attacker wouldn’t need to have complete control over a website e.g., google.com, to get a legitimate-looking certificate as just the email address of an employee or even a free email address that’s somehow linked to the domain is enough.

Malicious actors can use valid SSL certificates to create fake versions of legitimate websites, steal credentials, intercept user communication, and potentially steal sensitive information through a man-in-the-middle attack. A security researcher using the alias _Sec Reporter_ demonstrated this by using an @aliyun.com email address (a webmail service run by Alibaba) to get certificates for aliyun.com and www.aliyun.com.  

This vulnerability affects organizations with publicly accessible email addresses, particularly large companies, domains without strict email control, and domains using CAA (Certification Authority Authorization) DNS records.

SSL.com has acknowledged the issue and explained that besides the test certificate the researcher obtained, they had mistakenly issued ten other certificates in the same way. These certificates, starting as early as June 2024, were for the following domains:

*. medinet.ca, help.gurusoft.com.sg (issued twice), banners.betvictor.com, production-boomi.3day.com, kisales.com (issued four times), and medc.kisales.com (issued four times).

The company also disabled the ‘Email to DNS TXT Contact’ validation method and clarified that “this did not affect the systems and APIs used by Entrust.”

Even though SSL.com’s issue has been resolved, it shows the important steps to maintain website safety. CAA records should be used to tell browsers which companies can issue certificates, public logs should be monitored to catch unauthorised certificates, and email accounts linked to websites should be secure.

Source

HackRead