Telehealth platform OpenLoop Health suffered a data breach in January 2026 that compromised personal information of 716,000 individuals, including names, addresses, email addresses, birth dates, and medical data. The unauthorized access occurred over two days beginning January 7th, though the company says Social Security numbers, financial information, and electronic health records were not affected. OpenLoop has terminated the unauthorized access, improved security controls, and is offering affected individuals one year of free credit monitoring, while a threat actor has reportedly claimed the breach involved data from 1.6 million people.

The US House Committee on Homeland Security is demanding answers from Instructure after hackers attacked its Canvas learning platform twice in early May, allegedly stealing 3.65 terabytes of data affecting 275 million students and teachers across about 9,000 schools. The notorious ShinyHunters extortion group claimed responsibility for the breach, which forced Instructure to shut down services multiple times, disrupting students during final exams at more than 8,000 institutions across 11 states. Instructure says it has now paid to have the stolen data returned and erased, and has temporarily disabled the Free-For-Teacher accounts that were exploited in the attacks.

SecurityWeek and Claroty are hosting a webinar today at 1 PM Eastern Time focused on demonstrating the return on security investment for cyber-physical security programs. The session will teach operational technology security teams how to quantify the financial impact of downtime and security risks, translating technical concerns into business language that finance and operations executives can understand. The webinar aims to help security teams move beyond being seen as cost centers and instead position themselves as drivers of business resilience.

Security researchers have discovered a massive supply chain attack called GemStuffer, where attackers compromised over 150 Ruby software packages, known as RubyGems, to steal data from U.K. council portal systems. The malicious packages were used to scrape and exfiltrate sensitive information from local government websites. This represents a significant supply chain security threat, as developers who unknowingly installed these compromised packages may have inadvertently exposed their systems to data theft.

Microsoft released its January 2025 Patch Tuesday update addressing 138 security vulnerabilities, including critical remote code execution flaws in DNS and Netlogon services that could allow attackers to compromise systems remotely. The security update includes fixes for eight actively exploited zero-day vulnerabilities that were being used in real-world attacks. IT administrators are urged to prioritize patching these critical flaws, particularly those affecting core Windows services, as they pose significant risks to enterprise networks.

A new report reveals a critical gap in cybersecurity practices: most remediation programs fail to verify that security fixes actually resolved the vulnerabilities they were meant to address. This oversight leaves organizations potentially exposed to the same threats they believed they had patched, highlighting a significant weakness in how companies manage their security response processes. The finding underscores the need for better validation and follow-up procedures in enterprise security workflows.

SANS Institute is promoting a webinar focused on identifying critical security vulnerabilities that standard AppSec tools often overlook, specifically what they call the "lethal path" in applications. The webinar aims to help security professionals build more comprehensive security strategies that can gain executive approval, alongside promoting their LDR514 leadership course and various cybersecurity education programs. This appears to be an educational marketing piece from SANS rather than breaking news about a specific security threat.

An Azerbaijani energy company has fallen victim to multiple cyberattacks exploiting vulnerabilities in Microsoft Exchange servers. The repeated exploitation highlights ongoing security challenges facing critical infrastructure organizations, particularly in the energy sector where outdated or unpatched systems remain vulnerable to known threats. The attacks underscore the importance of timely security updates and robust patch management strategies for companies operating essential services.

Microsoft's AI-powered security tool, MDASH, has successfully identified 16 vulnerabilities in Windows that were addressed in this month's Patch Tuesday update. The system represents a significant step forward in using artificial intelligence to proactively discover security flaws before they can be exploited by attackers. This marks a notable advancement in automated vulnerability detection, with Microsoft leveraging its own AI technology to strengthen Windows security.

A China-linked cyber espionage group called FamousSparrow has been discovered targeting an oil and gas company in Azerbaijan, marking the first time Chinese threat actors have been found operating in Azerbaijani industries. The group used sophisticated DLL sideloading techniques and repeatedly breached the company between December and February because the victim failed to patch a vulnerable Microsoft Exchange server after initially detecting and cleaning infected workstations. This attack represents China's expanding cyber operations into the South Caucasus energy corridor, a region traditionally within Russia's sphere of influence that has become increasingly important for European energy supplies.