Weekly Threat Intelligence

The Healthcare Cyber Brief

Jul 10Jul 16 · Last 7 days · 7 days reporting

Peak Score

5

MEDIUM

Avg Score

4.7

7 days

Unique Threats

520

110 vulns

Ransomware

9

0 healthcare

Threat Level This Week

4.5
Jul 10
5
Jul 11
5
Jul 12
3.5
Jul 13
5
Jul 14
5
Jul 15
5
Jul 16

Top Threats This Week

[Ransomware] CRPxO: SF Smile Doctor

CRITICAL

Ransomware group CRPxO has posted 'SF Smile Doctor', a US-based healthcare provider, as a victim on their leak site, indicating a potential breach of sensitive patient data. The attack highlights the ongoing threat to healthcare organizations from ransomware groups targeting critical infrastructure.

[Ransomware] chaos: corepharma.com

CRITICAL

Ransomware group 'chaos' has breached CorePharma's internal network and compromised sensitive GMP & regulatory data. This incident highlights the risk of ransomware targeting healthcare organizations, potentially affecting patient safety and compliance.

Microsoft patches RoguePlanet Defender zero-day vulnerability

CRITICAL

Microsoft has patched a critical zero-day vulnerability in Defender known as 'RoguePlanet'. This vulnerability could allow attackers to execute arbitrary code or cause a denial of service on affected systems.

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

CRITICAL

The AI Now Institute demonstrated a proof-of-concept attack called 'Friendly Fire' that tricks AI coding agents into running malicious code when scanning for security vulnerabilities in open-source software. This could lead to unauthorized execution of code within the organization's environment if similar tools are used.

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection

CRITICAL

Researchers have identified a critical vulnerability in GitHub Agentic Workflows that allows attackers to use crafted public GitHub Issues to trick AI-powered workflows into exposing data from private repositories without authentication. This could lead to sensitive information leakage if the organization uses GitHub for storing or processing confidential data.

Key Vulnerabilities

[CVE] CVE-2026-47646 (CRITICAL 9.3)

CRITICAL

A critical cross-site scripting (XSS) vulnerability has been identified in Dynamics 365 Customer Voice, allowing unauthorized attackers to perform network-based spoofing attacks. This vulnerability is rated CRITICAL with a CVSS score of 9.3.

CVE-2026-47646Actively Exploited

Microsoft patches RoguePlanet Defender zero-day vulnerability

CRITICAL

Microsoft has patched a critical zero-day vulnerability in Defender known as 'RoguePlanet'. This vulnerability could allow attackers to execute arbitrary code or cause a denial of service on affected systems.

Actively Exploited

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection

CRITICAL

Researchers have identified a critical vulnerability in GitHub Agentic Workflows that allows attackers to use crafted public GitHub Issues to trick AI-powered workflows into exposing data from private repositories without authentication. This could lead to sensitive information leakage if the organization uses GitHub for storing or processing confidential data.

Actively Exploited

FortiBleed: Credential Reuse, Legacy Hashes, and the Risk of Internet-Exposed FortiGate Devices

CRITICAL

FortiBleed refers to a cluster of credential exposure and abuse targeting internet-reachable FortiGate management and SSL-VPN gateways due to credential reuse and brute-force attacks. This affects devices without MFA, with reused or legacy-hashed credentials, or prior exposure to known-exploited CVEs like CVE-2026-24858, CVE-2025-59718, and CVE-2025-59719.

CVE-2026-24858, CVE-2025-59718, CVE-2025-59719Actively ExploitedCISA KEV

CISA orders feds to prioritize patching Langflow auth bypass flaw

CRITICAL

CISA has ordered federal agencies to urgently patch an actively exploited vulnerability in Langflow, a visual framework for building AI agents. The directive highlights the critical nature of this flaw and its potential impact on organizations using similar technologies.

Actively Exploited

Healthcare Ransomware Watch

6

Active Groups

9

Total Victims

0

Healthcare Confirmed

Groups observed: BlackCat, GodDamn, Kairos extortion gang, cmdorganization, dragonforce, qilin

Healthcare-Specific Intelligence

[Ransomware] CRPxO: SF Smile Doctor

CRITICAL

Ransomware group CRPxO has posted 'SF Smile Doctor', a US-based healthcare provider, as a victim on their leak site, indicating a potential breach of sensitive patient data. The attack highlights the ongoing threat to healthcare organizations from ransomware groups targeting critical infrastructure.

[Ransomware] chaos: corepharma.com

CRITICAL

Ransomware group 'chaos' has breached CorePharma's internal network and compromised sensitive GMP & regulatory data. This incident highlights the risk of ransomware targeting healthcare organizations, potentially affecting patient safety and compliance.

[Ransomware] CRPxO: Creative Smiles Pediatric Dentistry

CRITICAL

Ransomware group 'CRPxO' has posted Creative Smiles Pediatric Dentistry as a victim, indicating that healthcare organizations are targeted by this threat actor. The attack resulted in the leak of 2.5 GB of data.

[Ransomware] CRPxO: Bishop Arts Dental PLLC

CRITICAL

Ransomware group CRPxO has posted Bishop Arts Dental PLLC as a victim, indicating a successful attack on this US-based dental practice. The group leaked 24.6 GB of data from the victim.

[Ransomware] CRPxO: Top Notch Dentistry of Dallas

CRITICAL

Ransomware group CRPxO has targeted Top Notch Dentistry of Dallas, a US-based healthcare provider, leaking 2 GB of data. This attack highlights the ongoing threat to healthcare organizations from ransomware groups.

Want this delivered daily?

The full portal includes daily executive briefs, IOC tracking, historical analysis, and healthcare-specific intelligence from 50+ sources.

Join the Waitlist

This brief is generated from automated daily threat intelligence collection and analysis. 630 unique items analyzed across 7 reporting days.