The Healthcare Cyber Brief
Jul 10 — Jul 16 · Last 7 days · 7 days reporting
Peak Score
5
MEDIUM
Avg Score
4.7
7 days
Unique Threats
520
110 vulns
Ransomware
9
0 healthcare
Threat Level This Week
Top Threats This Week
[Ransomware] CRPxO: SF Smile Doctor
CRITICALRansomware group CRPxO has posted 'SF Smile Doctor', a US-based healthcare provider, as a victim on their leak site, indicating a potential breach of sensitive patient data. The attack highlights the ongoing threat to healthcare organizations from ransomware groups targeting critical infrastructure.
[Ransomware] chaos: corepharma.com
CRITICALRansomware group 'chaos' has breached CorePharma's internal network and compromised sensitive GMP & regulatory data. This incident highlights the risk of ransomware targeting healthcare organizations, potentially affecting patient safety and compliance.
Microsoft patches RoguePlanet Defender zero-day vulnerability
CRITICALMicrosoft has patched a critical zero-day vulnerability in Defender known as 'RoguePlanet'. This vulnerability could allow attackers to execute arbitrary code or cause a denial of service on affected systems.
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
CRITICALThe AI Now Institute demonstrated a proof-of-concept attack called 'Friendly Fire' that tricks AI coding agents into running malicious code when scanning for security vulnerabilities in open-source software. This could lead to unauthorized execution of code within the organization's environment if similar tools are used.
Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection
CRITICALResearchers have identified a critical vulnerability in GitHub Agentic Workflows that allows attackers to use crafted public GitHub Issues to trick AI-powered workflows into exposing data from private repositories without authentication. This could lead to sensitive information leakage if the organization uses GitHub for storing or processing confidential data.
Key Vulnerabilities
[CVE] CVE-2026-47646 (CRITICAL 9.3)
CRITICALA critical cross-site scripting (XSS) vulnerability has been identified in Dynamics 365 Customer Voice, allowing unauthorized attackers to perform network-based spoofing attacks. This vulnerability is rated CRITICAL with a CVSS score of 9.3.
Microsoft patches RoguePlanet Defender zero-day vulnerability
CRITICALMicrosoft has patched a critical zero-day vulnerability in Defender known as 'RoguePlanet'. This vulnerability could allow attackers to execute arbitrary code or cause a denial of service on affected systems.
Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection
CRITICALResearchers have identified a critical vulnerability in GitHub Agentic Workflows that allows attackers to use crafted public GitHub Issues to trick AI-powered workflows into exposing data from private repositories without authentication. This could lead to sensitive information leakage if the organization uses GitHub for storing or processing confidential data.
FortiBleed: Credential Reuse, Legacy Hashes, and the Risk of Internet-Exposed FortiGate Devices
CRITICALFortiBleed refers to a cluster of credential exposure and abuse targeting internet-reachable FortiGate management and SSL-VPN gateways due to credential reuse and brute-force attacks. This affects devices without MFA, with reused or legacy-hashed credentials, or prior exposure to known-exploited CVEs like CVE-2026-24858, CVE-2025-59718, and CVE-2025-59719.
CISA orders feds to prioritize patching Langflow auth bypass flaw
CRITICALCISA has ordered federal agencies to urgently patch an actively exploited vulnerability in Langflow, a visual framework for building AI agents. The directive highlights the critical nature of this flaw and its potential impact on organizations using similar technologies.
Healthcare Ransomware Watch
6
Active Groups
9
Total Victims
0
Healthcare Confirmed
Groups observed: BlackCat, GodDamn, Kairos extortion gang, cmdorganization, dragonforce, qilin
Healthcare-Specific Intelligence
[Ransomware] CRPxO: SF Smile Doctor
CRITICALRansomware group CRPxO has posted 'SF Smile Doctor', a US-based healthcare provider, as a victim on their leak site, indicating a potential breach of sensitive patient data. The attack highlights the ongoing threat to healthcare organizations from ransomware groups targeting critical infrastructure.
[Ransomware] chaos: corepharma.com
CRITICALRansomware group 'chaos' has breached CorePharma's internal network and compromised sensitive GMP & regulatory data. This incident highlights the risk of ransomware targeting healthcare organizations, potentially affecting patient safety and compliance.
[Ransomware] CRPxO: Creative Smiles Pediatric Dentistry
CRITICALRansomware group 'CRPxO' has posted Creative Smiles Pediatric Dentistry as a victim, indicating that healthcare organizations are targeted by this threat actor. The attack resulted in the leak of 2.5 GB of data.
[Ransomware] CRPxO: Bishop Arts Dental PLLC
CRITICALRansomware group CRPxO has posted Bishop Arts Dental PLLC as a victim, indicating a successful attack on this US-based dental practice. The group leaked 24.6 GB of data from the victim.
[Ransomware] CRPxO: Top Notch Dentistry of Dallas
CRITICALRansomware group CRPxO has targeted Top Notch Dentistry of Dallas, a US-based healthcare provider, leaking 2 GB of data. This attack highlights the ongoing threat to healthcare organizations from ransomware groups.
Want this delivered daily?
The full portal includes daily executive briefs, IOC tracking, historical analysis, and healthcare-specific intelligence from 50+ sources.
Join the WaitlistThis brief is generated from automated daily threat intelligence collection and analysis. 630 unique items analyzed across 7 reporting days.