Infosec in brief Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.

Oracle Health was formed when Big Red [1]acquired healthcare tech biz Cerner in 2022 for $28.3 billion.

According to a letter [2]reportedly sent to customers, Oracle Health advised that unknown actors used stolen customer credentials to break into its cloudy systems and download data, some of which may be information on patients.

[3]

"We are writing to inform you that, on or around February 20, 2025, we became aware of a cybersecurity event involving unauthorized access to some amount of your Cerner data that was on an old legacy server not yet migrated to the Oracle Cloud," reads a notification sent to impacted Oracle Health customers, as reported by Bleeping Computer.

[4]

[5]

A Bloomberg [6]report claims the FBI is investigating the possibility of ransom demands.

We've asked Oracle for comment on the allegation, and details of the incident.

OpenAI announces vast bug bounty boost

Bug hunters, start your engines: OpenAI has increased its maximum bug bounty payout from $20,000 to $100,000, and it's offering increased bonuses for a limited period, too.

OpenAI [7]announced the changes last week and said lifting its payouts reflects its commitment to properly rewarding high-impact security research.

[8]

The GenAI upstart also [9]lifted bonuses for insecure direct object references (IDOR) on any in-scope target to between $400 and $13,000 on top of the bounty payout. Prior to the announcement this week, IDOR bonuses capped out at $6,500.

Those bonuses are only available until April 30, though, so get cracking if you want to maximize your payout.

Patches aren’t prioritized, survey finds

More than half of IT professionals admit to delaying implementation of software patches.

A survey conducted by offensive security firm Horizon3.ai [10]found fifty-three percent of IT pros surveyed and 36 percent of CISOs delay patches until scheduled maintenance windows. Others patch things "when they can," despite nearly a quarter of respondents recognizing that unpatched, known vulnerabilities are "one of their greatest potential threats."

"By the time vendor patches are released, attackers have already weaponized exploits, rapidly scanning for unpatched systems to breach with ease," Horizon wrote in the report. "Organizations clinging to rigid patching schedules and outdated vulnerability management practices leave critical gaps in their defenses."

[11]

Horizon also offered data on the 50,000-plus pen tests it performed in 2024, claiming its NodeZero testing platform exploited 229 known vulnerabilities 99,924 times in customer environments last year. 170 of the exploited vulns were in the Cybersecurity and Infrastructure Security Agency's catalog of known exploited vulnerabilities, meaning miscreants were already attacking the flaws.

"This report is a reality check for security teams," said Horizon principal security expert Stephen Gates.

Critical vulnerability: Review your GitHub reviewdog

Reviewdog, an automated code review tool, had its GitHub installation action (reviewdog/action-setup) compromised earlier this month that would make it dump exposed secrets to GitHub Actions Workflow Logs. The specific vulnerability, [12]CVE-2025-30154 , with a CVSS score of 8.6, is now in CISA's known exploited vulnerabilities catalog, FYI. Patches are available.

DOGE member allegedly supported crime gang

Doge operative Edward Coristine, also known as "bigballs," once provided tech support services for an alleged cybercriminal gang known as "EGodly" through his DiamondCDN business, Reuters [13]reported last week.

The newswire claims EGodly used DiamondCDN to host EGodly’s website between October 2022 and June 2023. The cybercrime gang apparently even thanked DiamondCDN in a 2023 Telegram post.

This isn't the first time Coristine has been linked to alleged criminals. In February, Wired [14]identified him as the owner of a company that offered Discord bots to the Russian market, and Brian Krebs has [15]linked him to "The Com," a network of Discord and Telegram channels used by cybercriminals.

Coristine has also been tied to a Telegram handle that was soliciting DDoS-for-hire services, and was also [16]allegedly fired from an internship for sharing his employer's information with a competitor.

Hundreds arrested after INTERPOL anti-scam op

INTERPOL's efforts to stop cyber-scams have seen 306 suspects arrested in seven African countries, the agency [17]reported last week.

The arrests were made as part of Operation Red Card, an effort to disrupt mobile banking, investment and messaging app scams. Alleged miscreants were apprehended in Benin, Côte d'Ivoire, Nigeria, Rwanda, South Africa, Togo and Zambia, and some 1,842 devices thought to be used by scammers seized.

Authorities also seized vehicles, houses, and plots of land.

The suspects were allegedly involved in scams including SIM box frauds, smartphone malware distribution using malicious links, or posing as telecom company employees to trick users.

INTERPOL said that alleged criminals targeted by Operation Red Card had more than 5,000 victims.

"The recovery of significant assets and devices, as well as the arrest of key suspects, sends a strong message to cybercriminals that their activities will not go unpunished," said INTERPOL cybercrime directorate leader Neal Jetton. ®

Get our [18]Tech Resources



[1] https://www.theregister.com/2022/06/08/oracle_closes_283bn_cerner_deal/

[2] https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z-oTXWpvd-6awguK-Fb-mQAAAkc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-oTXWpvd-6awguK-Fb-mQAAAkc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-oTXWpvd-6awguK-Fb-mQAAAkc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.msn.com/en-ph/news/technology/oracle-warns-health-customers-of-patient-data-breach/ar-AA1BSedf

[7] https://openai.com/index/security-on-the-path-to-agi/

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-oTXWpvd-6awguK-Fb-mQAAAkc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://bugcrowd.com/engagements/openai/announcements

[10] https://www.businesswire.com/news/home/20250326589938/en/Horizon3.ai-Releases-2025-Cybersecurity-Insights-Report-Key-Findings-from-Over-50000-NodeZero-Pentests

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-oTXWpvd-6awguK-Fb-mQAAAkc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[12] https://nvd.nist.gov/vuln/detail/CVE-2025-30154

[13] https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/

[14] https://www.wired.com/story/edward-coristine-tesla-sexy-path-networks-doge/

[15] https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-graduated-from-the-com/

[16] https://www.bloomberg.com/news/articles/2025-02-07/musk-s-doge-teen-was-fired-by-cybersecurity-firm-for-leaking-company-secrets

[17] https://www.interpol.int/en/News-and-Events/News/2025/More-than-300-arrests-as-African-countries-clamp-down-on-cyber-threats

[18] https://whitepapers.theregister.com/