Today’s news hits close to home. From anti-encryption debates to supply chain attacks, insider threats and cyber hits on websites and enterprise software.

Also, cybercriminals are still going after healthcare institutions. Meanwhile, a major insurer has also fallen to a breach.

Let’s go into all the details.

DaVita Ransomware Attack: ~2.7 Million People Affected

DaVita, one of the largest dialysis providers in the U.S., confirmed a ransomware attack that exposed the personal and health information of nearly 2.7 million people, including names, Social Security numbers, insurance details, and lab data. 

DaVita said it has notified law enforcement, hired cybersecurity experts, and is offering free credit monitoring to those affected. 

What’s the Implication of this?

Medical data has a long shelf life for fraud. So, expect insurance scams, targeted phishing, and even extortion attempts using health details.

What You Can Do

• Treat any “DaVita” messages as suspicious; verify via official portals.

• Check explanation of benefits/claims for fraud and dispute quickly.

• Use credit monitoring/identity protection if offered.

But external attackers aren’t the only risk; sometimes the threat comes from within.

Ex-Developer Jailed 4 Years for “Kill-Switch” Sabotage

A former developer was sentenced to four years in prison for planting “kill-switch” malware that crashed servers and locked out thousands of users at his Ohio-based employer after his access was revoked.

Court records show he engineered thread-spawning code, deleted profiles, and booby-trapped authentication checks.

What’s the Implication of this?

Malicious insider incidents like this are costly. One report found that insiders were behind 1 in 4 incidents in 2022, with an average cost of $648,062 per case. Offboarding gaps such as lingering accounts or excess privileges can easily be exploited long after an employee has left the company.

What You Can Do

• Instantly remove former employees’ access (deprovisioning).

• Change digital keys/passwords (key rotation) so they can’t get back in.

• Audit for dormant/admin accounts; apply least privilege.

• Monitor code repos and CI/CD for malicious changes.

And even if your company’s walls are strong, third-party vendors can open the back door.

Farmers Insurance Data Breach: Over 1 Million People Affected

Farmers Insurance, one of the largest U.S. insurers covering cars, homes, businesses, and life policies (not just farms), has confirmed a data breach impacting the personal information of more than 1 million people, traced back to a third-party vendor.

According to filings with state authorities, Farmers Group reported 1,071,172 affected individuals, while Farmers New World Life Insurance reported 40,000. Stolen data includes names, addresses, dates of birth, driver’s license numbers, and the last four digits of SSNs.

The company said attackers accessed a vendor’s database on May 29, 2025, and exfiltrated data before the intrusion was discovered on May 30.

What’s the Implication of this?

Even though Farmers itself wasn’t directly hacked, vendor breaches still expose highly sensitive data. Attackers may use it for identity theft, license fraud, or targeted phishing.

What You Can Do

• Treat any unexpected “Farmers Insurance” messages or calls with caution.

• Monitor your credit and dispute suspicious activity quickly.

• Consider a credit freeze or fraud alert with credit bureaus.

Citrix Zero-Day Under Active Attack

Earlier this month, Citrix warned about a critical zero-day vulnerability in its NetScaler ADC and Gateway products. The flaw, CVE-2025-7775, could allow attackers to  crash systems or even take control remotely. Hackers are already actively exploiting this vulnerability.

Citrix has released patches for supported versions, but even older, end-of-life products remain at risk if left unpatched.

What's the Implication of this?

Hackers could take over your systems or shut them down completely which could mean downtime, lost data, or worse – sensitive information falling into the wrong hands.

What You Can Do

• Update and patch your Citrix systems immediately (as advised by Citrix).

• Limit who can access these servers through your firewall.

• Keep an eye on unusual activity in your system logs.

ShadowCaptcha Exploits WordPress Sites

A cybercrime campaign called ShadowCaptcha has compromised over 100 WordPress sites. Visitors are redirected to fake CAPTCHA pages that trick them into downloading ransomware, info stealers, or cryptocurrency miners.

The malware uses clever techniques to hide itself, including anti-debugging, DLL side-loading, and, in some cases, kernel-level exploits, making it hard for standard security tools to detect.

Sites in Australia, Brazil, Italy, Canada, Colombia, and Israel have been targeted, mainly in healthcare, finance, real estate, tech, hospitality, and legal sectors. Attackers likely gained access through vulnerable plugins or compromised admin credentials.

What's the Implication of this?

If you visit the affected sites, you risk getting malware on your computer, losing sensitive personal/business data, or having your computer hijacked for mining cryptocurrency.

What You Can Do

• Keep WordPress, plugins, and themes updated.

• Warn your team or users about suspicious CAPTCHA prompts.

• Use security plugins to block malicious scripts.

MixShell Malware Delivered via Contact Forms

MixShell malware is being spread through a company’s own “Contact Us” forms, often targeting supply chain and manufacturing businesses. Attackers send messages pretending to be legitimate contacts. Weeks of professional-sounding emails later, a weaponized ZIP file is delivered and the malware quietly infects the system using advanced techniques like DNS tunneling.

What's the Implication of this?

Businesses that trust these emails are at serious risk. Once the malware is in, it can compromise sensitive supply chain data and disrupt operations.

What You Can Do

• Verify unsolicited emails, even if they look professional.

• Educate staff about the dangers of opening unexpected attachments.

• Use email filters to block suspicious files.

FTC Urges Tech Firms to Resist Anti-Encryption Demands

In the U.S., the Federal Trade Commission is warning tech companies against weakening encryption for foreign governments. According to the FTC, reducing encryption makes it easier for hackers to access user data. The agency is stressing that protecting privacy and security should come first.

What's the Implication of this?

17% of security leaders say a lack of encryption was the main cause of at least one data breach, up from 12% in 2021.

Weak encryption doesn't just put user privacy at risk; it's a primary cause of data breaches for many organizations and makes your company a bigger target for cyberattacks and data theft.

What You Can Do

• Advocate for strong encryption in your organization.

• Stay updated on new laws or regulations affecting data security.

• Support privacy-first initiatives for users and customers.

Cyberthreats are everywhere. Whether it’s an insider attack or a vendor breach, personal info getting stolen or ransomware locking up files, these stories prove that being prepared is the best defense.

Our mission at Cyberkach is to help you build that resilience through our cyber awareness training, resources, podcasts, and webinars.

Want to be more prepared against these threats? Join our newsletter and stay updated with cyber news and latest insights.