Top news stories this week
- Data dump. Hackers steal one million gigabytes of data.
- ID exposure. Cybercriminals target identity services affecting sensitive personal information.
- CNI shields up. Poland foils attack as US doubles down on cyber resilience.
- Medusa strikes. University of Mississippi Medical Center victim of ransomware gang.
- Takedowns. Interpol disrupts malicious networks as FBI shuts down two hacker sites.
- Patch now. Google, Cisco and ConnectWise all urge patching.
1. Hackers steal one million gigabytes of data
Canadian technology and outsourcing provider Telus Digital has disclosed it suffered a cyberattack in which a large volume of sensitive customer data was taken - nearly 1 petabyte (equivalent to 1 million GB, or 500 billion pages of text) along with a ransom of USD 65 million demanded by the threat actors.
So what?
The extreme amount of stolen data may indicate AI use by threat actors. AI can parse large amounts of data allowing criminals to ‘exfiltrate first, analyse later’. In turn, this tactic may lengthen the time elapsed – and concomitant liability – for breaches to come to light.
[Researcher: Lester Lim]
2. Cybercriminals target identity services affecting sensitive personal information
IT consulting firm CGI Group is investigating a data breach after its data appeared on the dark web. CGI Group manages the Swedish e‑government platform used by residents to access various government services, including the Swedish Tax Agency.
Separately, identity protection firm Aura suffered a data breach after the hacking collective ShinyHunters claimed to have stolen 12GB of sensitive files affecting 35,000 customers. Aura says the data came from a marketing tool used by a company it acquired in 2021 and that only limited information was exposed.
So what?
These incidents highlight the risks associated with the digitisation of identity documents, as organizations handling personally identifiable information (PII), along with their third-party partners, are increasingly attractive targets for cyber criminals.
[Researcher: Milda Petraityte]
3. Poland foils attack as US doubles down on cyber resilience
Poland's National Center for Nuclear Research (NCBJ) successfully prevented an attack on its IT infrastructure. While details were not specified, officials assessed that the malicious activity originated from Iran.
Separately. the US Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) published a five-year strategic plan on strengthening cyber resilience in the energy sector. The plan focuses on the importance of private sector partnerships and investment in defensive AI technology to mitigate AI-augmented attacks.
So what?
While threat actor attribution is often difficult, organizations must continue to prioritise robust, proactive defences, particularly in times of heightened geopolitical tension when attacks against Critical National Infrastructure (CNI) proliferate.
[Researcher: Jack Woods]
4. University of Mississippi Medical Center victim of ransomware gang
The University of Mississippi Medical Center (UMMC) was forced into a nine‑day shutdown due to a cyberattack by the Medusa ransomware group. Clinics across the state were disrupted, access cut to electronic medical records, phone lines disabled, and employees forced to revert to paper charts and manual operations.
SO WHAT?
This major impact on healthcare provision highlights the importance of cyber resilience.
[Researcher: Jenny Eysert]
5. Interpol disrupts malicious networks as FBI shuts down two hacker sites
Interpol has dismantled 45,000 malicious IPs used to conduct illicit activity such as phishing, ransomware and sextortion. 72 countries and territories were involved in the operation that led to 94 arrests.
Separately, the FBI seized and took down two websites linked to the pro-Iranian hacktivist group Handala, which last week claimed responsibility for a destructive cyberattack against the US medical tech giant Stryker.
So What?
These operations highlight the effectiveness of security operations to disrupt cybercriminal networks.
[Researcher: Lena Krummeich]
6. Microsoft, Google, Cisco and ConnectWise all urge patching.
A critical Microsoft SharePoint vulnerability CVE-2026-20963 which was patched in January is now being exploited in attacks. Successful exploitation enables threat actors without privileges to achieve remote code execution (RCE) on unpatched servers in low-complexity attacks.
ConnectWise is warning that ScreenConnect versions before 26.1. are vulnerable to a critical cryptographic signature verification flaw CVE-2026-3564 that could lead to unauthorised access and privilege escalation. While the Cloud instances of the product have been upgraded to the safe version, the on-premises deployments require an upgrade to version 26.1 as soon as possible.
Cisco's Secure Firewall Management Center (FMC) software zero-day RCE vulnerability CVE-2026-20131 allowing an arbitrary Java code as root is still being exploited by Interlock ransomware gang, although the patch for this critical vulnerability was released on March 4.
Google released patches for two high-severity RCE flaws in Chrome browser, CVE-2026-3909 and CVE-2026-3910. While both vulnerabilities are being exploited in the wild, they have now been patched by Google.
SO WHAT?
Organizations should ensure that the systems are patched as soon as possible once updates become available as patching of vulnerabilities can reduce the risk of ransomware attacks.
[Researcher: Milda Petraityte]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
