CareCloud confirms patient data theft after cyberattack disrupted health care systems
CareCloud disclosed a breach that exposed sensitive data and caused a network disruption lasting about eight hours, showing that the incident combined both data theft and operational impact. The company said the disruption affected one of its electronic health record environments and required incident response and forensic investigation.
The company said attackers stole patient data, which makes the incident significant for health care organizations because stolen personal and medical information can support fraud, identity abuse and secondary phishing campaigns. CareCloud also said it engaged external cybersecurity specialists and notified law enforcement after discovering the attack.
The broader implication is that health care IT providers remain attractive targets because compromise at one service organization can affect multiple dependent customers and interrupt access to critical systems at the same time. That combination of breach impact and service disruption creates immediate operational risk for both providers and patients.
Hims & Hers discloses breach after attackers steal support tickets from a third‑party service
Hims & Hers said it suffered a data breach after support tickets were stolen from a third-party customer service platform. The company’s notice said suspicious activity was identified on February 5, 2026, and the investigation found unauthorized access to certain customer support tickets between February 4 and February 7.
Support tickets can contain sensitive personal details, account context and service history, so their theft can create privacy, fraud and impersonation risk even if production systems are unaffected. Hims & Hers said the exposed data varied by individual and could include contact information and other details submitted through customer service interactions.
The incident matters operationally because third-party support tooling is deeply embedded in business workflows, and compromise there can expose customer data without attackers needing to breach the primary environment directly. It is a useful reminder that external SaaS platforms remain part of the effective attack surface for health care and consumer services companies.
OAuth device code phishing abuses Microsoft Entra ID to gain persistent Microsoft 365 access
The Cloud Security Alliance reported that a large-scale OAuth device code phishing campaign compromised 340+ Microsoft 365 organizations across five countries within weeks. The attack abuses Microsoft’s legitimate device authorization grant flow, in which a victim is sent to the real Microsoft login page and enters a device code supplied by the attacker.
In this technique, the victim completes normal authentication, including MFA, on genuine Microsoft infrastructure. Once that happens, the attacker receives valid access and refresh tokens, which can remain usable even after a password reset unless the tenant explicitly revokes the session.
This is a cloud-native attack vector because it does not require malware, a password compromise, or an endpoint exploit. The broader risk is that attackers can operate with valid session tokens against services such as Exchange Online, OneDrive and Microsoft Graph, making access both stealthy and persistent.
Google issues out‑of‑band patch for yet another Chrome zero day under active exploitation
Google released an out-of-band Chrome 146 update to fix CVE-2026-5281 and said an exploit for the flaw exists in the wild. Public reporting and Google’s release note confirm this is the fourth actively exploited Chrome zero day patched so far in 2026.
The bug is a use-after-free vulnerability in Dawn, the Chromium project’s implementation of WebGPU. Because the flaw affects code that processes untrusted web content, successful exploitation could lead to crashes, memory corruption or other abnormal browser behavior from a malicious page.
Browser zero-days remain operationally important because they can be reached through normal web activity and do not depend on a user opening a malicious attachment. That makes them a practical first step for credential theft, payload delivery or broader endpoint compromise if chained with other techniques.
Claude Code leak used to push Vidar infostealer malware on GitHub
Threat actors used the recent Claude Code source leak to seed fake GitHub repositories that delivered Vidar infostealer, turning a public code leak into a malware-distribution opportunity aimed at developers and technically inclined users likely to trust repository-based tooling.
The malicious repositories were designed to look like legitimate Claude Code projects and installation resources, increasing the likelihood that victims would download and run the payload. The attack path matters because developers routinely rely on GitHub as part of normal workflow, making cloned or lookalike projects a credible lure.
This reflects a broader trend in which attackers abuse developer ecosystems and software supply chains not only through poisoned packages, but also through fake repositories, leaked source material and trusted collaboration platforms used in day-to-day engineering work.