Mississippi hospital system closes all 36 clinics after ransomware attack. Wormable XMRig cryptojacker spreads to air-gapped systems via USB. PayPal breach exposed SSNs for 6 months. Hundreds of FortiGate firewalls hacked with AI. Malicious npm supply chain worm targets AI coding assistants.
A ransomware attack forced the University of Mississippi Medical Center to close all ~36 clinics statewide and cancel elective procedures. Patient care is actively disrupted.
This is one of the most impactful healthcare ransomware incidents this year. The attack demonstrates that ransomware operators continue to target critical healthcare infrastructure without hesitation.
Healthcare organizations should ensure:
Trellix researchers discovered a sophisticated cryptojacking campaign that spreads like a worm via external storage devices, enabling lateral movement even in air-gapped environments.
Key technical details:
Organizations with air-gapped networks should enforce strict removable media policies and monitor for unusual CPU consumption patterns.
AWS reports that threat actors leveraging AI-assisted techniques have compromised hundreds of FortiGate firewall devices by exploiting exposed management ports and weak credentials.
| Attack Vector | Mitigation |
|---|---|
| Exposed management interfaces | Restrict to internal/VPN-only access |
| Default/weak credentials | Enforce MFA + strong password policies |
| AI-automated reconnaissance | Rate-limit and monitor auth attempts |
This follows last week's reporting on a Russian-speaking hacker breaching 600+ FortiGate devices — the campaign is clearly expanding.
Socket discovered an active supply chain worm campaign using at least 19 malicious npm packages that harvest credentials, crypto keys, and now specifically target AI coding assistants via MCP server injection.
New capabilities in this wave:
Developers using AI coding assistants (Copilot, Cursor, etc.) should audit their npm dependencies and review MCP server configurations immediately.
PayPal has disclosed that an application error exposed customer personal information — including Social Security numbers — for nearly 6 months, leading to fraudulent transactions.
The prolonged exposure window is concerning. Affected users should:
US healthcare firm Vikor Scientific (now Vanta Diagnostics) confirms 140,000 individuals affected by a data breach. The Everest ransomware group has claimed responsibility.
Multiple mental health apps on Google Play with 14.7 million combined installs found to contain severe security vulnerabilities that could expose users' sensitive medical information.
Critical vulnerability in Grandstream VoIP phones allows unauthenticated remote code execution with root privileges. Calls can be intercepted. Patch immediately.
Spanish authorities arrested four alleged members of Anonymous Fenix for DDoSing government ministries, political parties, and public institutions.
Oleksandr Didenko received 5 years in US prison for selling stolen US identities to North Korean operatives, enabling them to get hired on freelance platforms.
| Product | Issue | Status |
|---|---|---|
| BeyondTrust (CVE-2026-1731) | RCE exploited in ransomware attacks | 🔴 Active exploitation |
| RoundCube Webmail | XSS via SVG animate tags | 🔴 Active exploitation |
| Grandstream Phones (CVE-2026-2329) | Unauth RCE with root | 🟡 Patch available |
| FortiGate Firewalls | AI-assisted credential attacks | 🔴 Mass exploitation |
| Target | Impact | Actor |
|---|---|---|
| Univ. of Mississippi Medical Center | 36 clinics closed, procedures cancelled | Ransomware (TBD) |
| Vanta Diagnostics (Vikor) | 140,000 individuals affected | Everest |
| PayPal | SSNs exposed 6 months, fraud occurred | Application error |
| Optimizely | Customer data via vishing attack | Social engineering |
Law enforcement wins: Romanian hacker Catalin Dragomir pleaded guilty to selling access to an Oregon state government network. FBI reports $20M in losses from 700 ATM jackpotting attacks using Ploutus malware in 2025.
| Metric | Value |
|---|---|
| Hospital clinics shut down | 36 |
| Mental health app installs at risk | 14.7M |
| PayPal SSN exposure duration | ~6 months |
| Malicious npm packages (SANDWORM_MODE) | 19+ |
| FortiGate devices compromised | Hundreds |
| ATM jackpotting losses (2025) | $20M |
AI-powered vulnerability management with 333,000+ CVEs indexed.
Start Free ScanStay secure. Stay vigilant.
🗡️ KENSAI Security Team