A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
San Francisco-based AI startup Fieldguide has closed a $75 million Series C funding round led by Goldman Sachs Alternatives' growth equity group, achieving a $700 million post-money valuation. The raise brings total venture funding to $125 million as the firm expands its AI enterprise platform.
A ransomware attack crippled Pennsylvania’s Attorney General office, exposing sensitive data including names, Social Security numbers and medical details. Inc Ransom claimed responsibility after exploiting a Citrix vulnerability that disrupted systems for weeks.
The Pennsylvania Office of the Attorney General (OAG) has officially confirmed a significant data breach stemming from a ransomware attack that crippled its operations in August 2025. The Inc Ransom group, a prolific ransomware-as-a-service operation that emerged in July 2023, claimed responsibility for the intrusion, alleging the exfiltration of 5.7 terabytes of sensitive data from the agency's network. The attack, discovered on August 9, disrupted the OAG's website, email, and phone systems for approximately three weeks, forcing the office's 1,200 staff members to rely on alternate communication channels.
Compromised information includes the names, Social Security numbers, and medical details of an undisclosed number of individuals, along with files from investigative units and details about the agency's use of Cellebrite forensic software. While the OAG refused to pay the ransom, the data was already stolen. The initial attack vector is believed to be the exploitation of the "CitrixBleed2" vulnerability (CVE-2025-5777) on the agency's public-facing Citrix NetScaler appliances. The FBI is now assisting with the investigation, and the OAG has begun notifying affected parties and offering identity protection services.
"Based on the OAG's review of the data involved, for some individuals the information involved may have included name, Social Security number, and/or medical information." - Attorney General Dave Sunday
This attack underscores the escalating threat that sophisticated ransomware-as-a-service groups pose to critical government institutions. The successful breach of a top state law enforcement agency highlights the severe consequences of failing to patch known, critical vulnerabilities like CitrixBleed2 in a timely manner. For Pennsylvania, this is the third major ransomware incident targeting a state entity in recent years, following attacks on Delaware County in 2020 and the Pennsylvania Senate Democratic Caucus in 2017, revealing a pattern of vulnerability in its public sector cybersecurity posture.
The incident serves as a stark reminder for organizations, particularly in the public sector, of the imperative for robust vulnerability management, rapid incident response, and comprehensive security protocols to protect sensitive citizen data. The Inc Ransom group's claim of accessing FBI network information, while unverified, further amplifies concerns about potential lateral movement and the broader security implications of this breach.
"This situation has certainly tested OAG staff and prompted some modifications to our typical routines — however, we are committed to our duty and mission to protect and represent Pennsylvanians, and are confident that mission is being fulfilled." - Attorney General Dave Sunday
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
The CL0P ransomware gang has breached Podiatry WA, a key Australian healthcare association, as part of a massive 22-victim global attack wave. The incident highlights the escalating threat of data extortion targeting professional services and healthcare sectors across Australia.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
