China-linked hackers exploited exposed REDCap servers to deploy InfiniteRed malware and steal sensitive research data from a North American medical institution.
The espionage campaign targeted unpatched vulnerabilities in REDCap, a widely-used platform for managing clinical research data. Attackers deployed the InfiniteRed malware to maintain persistent access and exfiltrate confidential information.
REDCap servers are popular across hospitals and research facilities for managing patient data and clinical trials. The breach underscores ongoing risks faced by healthcare institutions, particularly those with inadequate patch management protocols.
Security researchers attribute the campaign to state-sponsored actors based in China. The incident highlights how exposed medical infrastructure remains a target for foreign intelligence operations seeking proprietary research, clinical trial data, and institutional information.
No timeline for discovery or containment was disclosed. Healthcare organizations using REDCap are advised to audit access logs, apply security patches, and review data access controls.
A vulnerability in SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on vulnerable servers. The flaw exploits the OpenID Connect (OIDC) authentication protocol.
The Council of Europe is investigating data breach claims made by the ShinyHunters extortion group over the weekend. The breach, if confirmed, would affect Europe's oldest intergovernmental body.
Cisco released security updates for a critical vulnerability in Catalyst SD-WAN Manager (CVE-2026-20262) that attackers exploited to gain root-level access to affected systems.
Three WordPress plugins owned by Awesome Motive were hacked through a content delivery network breach. OptinMonster, TrustPulse, and PushEngage were all affected in the supply-chain attack.