Compumedics ransomware attack exposes 320,000 patient records. International operation dismantles NoName057(16) Russian hacker network. Google patches fifth actively exploited Chrome zero-day of 2025.
Manufacturing is the top cyberattack target, with 25.7% of global incidents. Ransomware fuels 71% of attacks, costing millions. Digital transformation with AI and IoT boosts efficiency but widens vulnerabilities, making production lines battlefields of economic warfare.
Australia adopts AS IEC 62443 cybersecurity standards for critical infrastructure protection. Oracle releases massive July 2025 patch update addressing 165 CVEs. DragonForce ransomware gang claims attack on US retailer Belk, stealing 156GB of customer data including Social Security numbers.
Compumedics ransomware attack exposes 320,000 patient records. International operation dismantles NoName057(16) Russian hacker network. Google patches fifth actively exploited Chrome zero-day of 2025.
Cyber News Centre's cyber update for 17th July 2025: Australian medical technology company Compumedics is a victim of a ransomware attack that exposed personal information of over 320,000 patients. International law enforcement has dismantled the NoName057(16) pro-Russian hacker network in a coordinated operation spanning 12 countries. Meanwhile, Google has patched the fifth actively exploited Chrome zero-day vulnerability of 2025, highlighting ongoing browser security challenges.
Compumedics Limited, a Melbourne-headquartered medical technology company, has fallen victim to international cybercriminals. The ASX-listed company, founded in 1987 and employing approximately 135 people, specialises in diagnostic equipment for sleep and neurological disorders, serving healthcare providers across Australia, the United States, and Europe from its Abbotsford headquarters.
Update: Compumedics discovered a ransomware attack on March 22, 2025, that had been ongoing since February 15, exposing personal information of over 320,000 patients globally. The VanHelsing ransomware group claimed responsibility for the attack on March 26, infiltrating both the company's Australian and US systems and stealing files containing patient names, dates of birth, medical records, and in some cases Social Security numbers and health insurance information.
This week, the full scope of the breach became public when Compumedics reported the incident to US health authorities, revealing the attack affected 13 healthcare facilities across three countries, with Adelaide's Women's and Children's Hospital previously being the confirmed Australian facility impacted, alongside a dozen US healthcare providers and one facility in Bermuda.
Why it Matters: This attack highlights the growing vulnerability of Australian medical technology companies operating internationally, where a single breach at a Melbourne-based firm can compromise patient data across multiple countries. For Australian patients, this incident raises serious questions about how their medical information is protected when treated at facilities using overseas-manufactured equipment.
The breach also demonstrates the complex regulatory challenges facing Australian businesses with global operations, as Compumedics must now navigate breach notification requirements under Australia's Privacy Act, the US HIPAA regulations, and potentially other international data protection laws. With Australian healthcare increasingly reliant on digital systems and international technology providers, this incident serves as a stark reminder of the interconnected nature of modern cyber threats and the need for robust cybersecurity measures across the entire healthcare supply chain.
NoName057(16) is a pro-Russian hacktivist group that emerged in 2022, conducting distributed denial-of-service (DDoS) attacks against Ukraine and countries supporting Ukraine. The group operates through a decentralized network of Russian-speaking sympathizers who use automated tools to carry out cyberattacks, motivated by ideology and financial rewards rather than sophisticated technical expertise.
Update: Between July 14-17, 2025, Operation Eastwood coordinated by Europol and Eurojust successfully dismantled the NoName057(16) cybercrime network through simultaneous actions across 12 countries including Germany, France, Spain, and the United States. The operation resulted in two arrests, seven arrest warrants issued (six by Germany targeting Russian nationals), 24 house searches, and the disruption of over 100 computer systems worldwide.
Law enforcement also contacted over 1,000 supporters of the network via messaging applications, informing them of their criminal liability, while taking offline the group's central server infrastructure that had been used to coordinate attacks against critical infrastructure in Europe and NATO countries.
Why it Matters: This operation represents the largest coordinated takedown of a pro-Russian hacktivist network to date, demonstrating unprecedented international cooperation in combating state-aligned cyber threats. The success in disrupting NoName057(16)'s infrastructure sends a strong deterrent message to other hacktivist groups operating in support of Russian interests.
The operation's scope across 12 countries also establishes a new template for international cybercrime cooperation, particularly important as geopolitical tensions continue to manifest in cyberspace through proxy groups and state-sponsored actors.
Google has issued an emergency security update for Chrome after confirming that cybercriminals are actively exploiting a critical vulnerability in the browser. In an unusual move, the company explicitly stated that "an exploit for CVE-2025-6558 exists in the wild," underscoring the immediate threat to users. The acknowledgment comes as security experts warn of an escalating campaign targeting Chrome's core security mechanisms, with this marking the latest in a series of sophisticated attacks against the world's most widely used web browser.
Update: Google released Chrome version 138.0.7204.157/.158 on July 16, 2025, to address CVE-2025-6558, a high-severity sandbox escape vulnerability actively exploited by attackers in the wild. The flaw, discovered by Google's Threat Analysis Group on June 23, stems from insufficient validation of untrusted input in ANGLE (Almost Native Graphics Layer Engine) and GPU components, allowing attackers to execute arbitrary code within the browser's GPU process using specially crafted HTML pages.
This marks the fifth actively exploited Chrome zero-day vulnerability patched by Google in 2025, following CVE-2025-2783 in March, CVE-2025-4664 in May, CVE-2025-5419 in June, and CVE-2025-6554 earlier in July, indicating an escalating pattern of sophisticated browser-based attacks.
Why it Matters: The frequency of actively exploited Chrome vulnerabilities in 2025 signals a concerning trend where attackers are increasingly targeting browser infrastructure as a primary attack vector. Sandbox escape vulnerabilities are particularly dangerous because they bypass Chrome's core security mechanism designed to contain malicious code within the browser environment.
The targeting of ANGLE and GPU components reflects attackers' evolution toward exploiting graphics processing pathways, which handle untrusted content from websites using WebGL and represent a critical attack surface in modern web browsers used by billions of users worldwide.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Australia adopts AS IEC 62443 cybersecurity standards for critical infrastructure protection. Oracle releases massive July 2025 patch update addressing 165 CVEs. DragonForce ransomware gang claims attack on US retailer Belk, stealing 156GB of customer data including Social Security numbers.
Louis Vuitton confirms global data breach affecting UK, South Korea, and Turkey customers. Critical Wing FTP Server vulnerability actively exploited with CISA warning. Romanian authorities arrest 13 in £47 million UK tax phishing operation.
UK teens arrested over £300M retail cyberattacks. CISA confirms CitrixBleed 2 is being exploited and demands urgent patching. McDonald’s exposed 64M job applications through its AI hiring tool using default login credentials.
Czech Republic issues government warning against DeepSeek AI products citing national security concerns. Critical mcp-remote vulnerability affects 437,000+ downloads enabling remote code execution. ZuRu malware targets macOS developers via trojanized Termius app.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
