Cybersecurity News

The FBI has public resources available to help prevent exploitation by cybercriminals, who use artificial intelligence for deception.

A critical vulnerability has been identified in 7-Zip, a free software program used for archiving data, according to the National Institute of Standards and Technology. The flaw allows cyber actors to write code outside of the intended extraction folder where the user did not intend.

U.S. and international agencies Nov. 19 released a guide on mitigating potential cybercrimes from bulletproof hosting providers. A BPH provider is an internet infrastructure provider that intentionally markets and leases their infrastructure to cybercriminals.

A joint advisory issued yesterday by U.S.

The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners released

Microsoft has released a security update to address a critical remote code execution vulnerability impacting multiple versions of Windows Server Update Services that was not fully eradicated by a previous update, according to the Cybersecurity and Infrastructure Security Agency.

In part two of a recent blog, AHA National Advisor for Cybersecurity and Risk John Riggi and AHA Deputy National Advisor for Cybersecurity and Risk Scott Gee highlight three trends that shaped 2025

The AHA’s cybersecurity and risk experts provide insight into 2025’s health care cybersecurity challenges to help hospitals prepare for the next big cyberattack.

The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP application products, as a nation-state-affiliated cyberthreat actor has compromised F5’s systems and has stolen files, including a portion of the company’s BIG-IP source code and vulnerability information.

Over 33 million Americans have had their health care records stolen in 2025, continuing an alarming trend of massive cyberattacks largely targeting third-party vendors and unencrypted data.

This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “This is ‘stop-what-you’re-doing and patch immediately vulnerability.’”

The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations visualize key services that support essential health care workflows and determine which of them present critical risk of cyberattack disruption capable of impacting care delivery, operations and liquidity.

The AHA’s cybersecurity and risk experts provide insight into 2025’s health care cybersecurity challenges to help hospitals prepare for the next big cyberattack.

The AHA Oct. 6 released a Cybersecurity Advisory (https://www.aha.org/advisory/2025-10-06-hospitals-are-oracle-customers-urged-take-immediate-action-address-security-vulnerability) urging immediate action against a critical Oracle E-Business Suite vulnerability that is remotely exploitable without authentication.

The AHA has launched an enhanced Cybersecurity and Risk webpage designed to help health care organizations strengthen their defenses against emerging cyber and physical security threats.

A Health-ISAC (Information Sharing and Analysis Center) bulletin released Oct. 1 warns of a recently released LockBit 5.0 ransomware variant that poses a threat to health care and other sectors.

Fernando Martinez, Ph.D., chief digital officer at the Texas Hospital Association, shares how Texas and the THA are building regional resilience through cyber command structures, statewide coordination and tabletop exercises.

The federal government shut down Oct. 1 following a failed Senate vote on the House-passed continuing resolution to fund the government by midnight Sept. 30.

Microsoft Sept. 16 announced it had disrupted a growing phishing service that had targeted at least 20 U.S. health care organizations and seized 338 websites associated with cyber threat group RaccoonO365.

The FBI Sept. 12 released an alert warning of malicious activities by cybercriminal groups UNC6040 and UNC6395, which the agency said are responsible for an increasing number of data theft and extortion intrusions.