✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Insurance
Breach intelligence, attack campaigns, and threat reports targeting the Insurance sector.
Explore Other Sectors
Insurance Threat Reports
Unveiling Mistic: The Stealthy Backdoor Linked to KongTuke
In April 2026, a new backdoor named Mistic was identified in attacks targeting organizations across the insurance, education, IT, and professional services sectors. Linked to the initial access broker KongTuke, Mistic operates entirely in memory, avoiding disk writes and incorporating a self-deletion feature to evade detection. The malware is deployed through DLL side-loading techniques, utilizing legitimate Microsoft endpoint security tools to blend in with trusted software. Once established, Mistic enables attackers to execute code, manage files, and load additional modules, facilitating long-term, low-visibility access to compromised systems. The emergence of Mistic underscores a growing trend among threat actors to develop and deploy sophisticated, stealthy malware capable of evading traditional security measures. This development highlights the need for organizations to enhance their detection and response capabilities, particularly against fileless malware that operates in memory and leverages legitimate processes to achieve persistence.
14 hours ago
Kill Chain
Mistic Backdoor: A New Threat in Ransomware Attacks
In April 2026, a new backdoor named Mistic was identified in attacks targeting sectors such as insurance, education, IT, and professional services. Linked to the initial access broker KongTuke (also known as Woodgnat), Mistic facilitates unauthorized access to corporate networks, which is then sold to ransomware groups including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The malware employs DLL side-loading techniques to maintain stealth and persistence, allowing attackers to execute commands, manipulate files, and exfiltrate data without detection. The emergence of Mistic underscores a growing trend where initial access brokers develop sophisticated tools to infiltrate networks, subsequently enabling ransomware operations. This development highlights the critical need for organizations to enhance their cybersecurity measures to detect and prevent such stealthy intrusions.
1 day ago
Kill Chain
Xsolis Data Breach 2026: A Wake-Up Call for Healthcare Cybersecurity
In January 2026, healthcare technology company Xsolis experienced a data breach affecting nearly 1.4 million individuals. The breach resulted from a targeted phishing attack on January 20, 2026, which allowed unauthorized access to Xsolis's network. The attackers accessed files containing sensitive personal and health information, including names, addresses, dates of birth, Social Security numbers, health insurance details, and medical treatment information. Xsolis detected the unauthorized activity on January 22, 2026, promptly contained the breach, and initiated an investigation with external cybersecurity experts. The company has since notified affected individuals and implemented additional security measures to prevent future incidents. This incident underscores the persistent threat of phishing attacks in the healthcare sector, highlighting the critical need for robust cybersecurity measures and employee training to protect sensitive patient data. The breach also raises concerns about potential identity theft and fraud for the affected individuals, emphasizing the importance of vigilance and proactive monitoring of personal information.
2 days ago
Kill Chain
SIM Swap Attack Highlights Need for Enhanced Authentication Measures
In June 2026, Torsten George, a chief cybersecurity evangelist, experienced a SIM swap attack that led to an attempted account takeover. The attacker, posing as an AT&T representative, had previously conducted a SIM swap, allowing them to intercept one-time passwords (OTPs) sent via text. During a subsequent call, the attacker sought additional credentials to gain full access to George's AT&T account. Recognizing the threat, George acted swiftly to regain control, preventing unauthorized access. This incident underscores the vulnerabilities associated with SMS-based OTPs and highlights the need for multi-layered security measures. The resurgence of SIM swap attacks, as demonstrated in this case, emphasizes the importance of adopting more secure authentication methods, such as app-based OTPs or hardware tokens, to mitigate the risks of account takeovers.
2 days ago
Kill Chain
Texas Parks and Wildlife Department Data Breach Exposes Over 3 Million Records
In June 2026, the Texas Parks and Wildlife Department (TPWD) disclosed a significant data breach involving its license system vendor, exposing personal information of over 3 million individuals. The compromised data includes driver's license information, passport numbers, email addresses, phone numbers, and residential addresses. Notably, Social Security numbers, dates of birth, and financial information were not affected. The breach was detected by the Texas Cyber Command, prompting an immediate investigation and the implementation of enhanced security measures. ([tpwd.texas.gov](https://tpwd.texas.gov/about/notification-of-data-security-incident/?utm_source=openai)) This incident underscores the escalating risks associated with third-party vendors in data security. Organizations are increasingly vulnerable to breaches through external partners, highlighting the necessity for stringent vendor management and comprehensive security protocols to safeguard sensitive information.
6 days ago
Kill Chain
DentaQuest Data Breach 2026: ShinyHunters Expose 2.6 Million Records
In May 2026, DentaQuest, a leading dental benefits administrator in the United States, experienced a significant data breach orchestrated by the cybercriminal group ShinyHunters. The attackers infiltrated DentaQuest's network, exfiltrating over 234 GB of sensitive data, which included personal information of approximately 2.6 million individuals. The compromised data encompassed email addresses, full names, phone numbers, government-issued IDs, health insurance details, genders, and dates of birth. Following unsuccessful ransom negotiations, ShinyHunters publicly released the stolen data, amplifying the potential for identity theft and fraud among affected individuals. This incident underscores a troubling trend of cyber extortion targeting healthcare organizations, highlighting the critical need for robust cybersecurity measures and rapid incident response protocols to protect sensitive patient information.
3 weeks ago
Kill Chain
Data Broker Sentenced for Selling Elderly Americans' Personal Information
Between 2016 and 2023, Troy Murray, a 57-year-old from North Carolina, operated under the alias "Steve Dixon" to sell personal information of over 7 million elderly Americans to Jamaican scammers. These "lead lists" included names, phone numbers, addresses, and email addresses, which were used to perpetrate lottery fraud schemes. Murray charged approximately $500 per list, generating over $5.2 million in illicit profits. He was sentenced in May 2026 to 121 months in prison, three years of supervised release, and ordered to forfeit $5.2 million. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/man-sent-to-prison-for-selling-data-of-7-millions-elderly-americans/amp/?utm_source=openai)) This case underscores the escalating threat of elder fraud, with the FBI reporting a 37% increase in complaints from individuals aged 60 and older in 2025 compared to the previous year. Total losses for this demographic reached nearly $7.8 billion, highlighting the urgent need for enhanced protective measures and regulatory oversight to safeguard vulnerable populations. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/man-sent-to-prison-for-selling-data-of-7-millions-elderly-americans/amp/?utm_source=openai))
3 weeks ago
Kill Chain
Silent Ransom Group's In-Person Data Theft Tactics Target Law Firms
In May 2026, the FBI issued a warning about the Silent Ransom Group (SRG), a Russia-linked extortion gang targeting U.S. law firms. SRG employs sophisticated social engineering tactics, including impersonating IT support staff via phone calls and phishing emails to gain remote access. When these methods fail, they escalate to in-person visits, where operatives physically infiltrate offices, connect external storage devices to computers, and exfiltrate sensitive client data. This data is then used to extort firms, with threats to publish or sell the information if ransoms are not paid. ([techtimes.com](https://www.techtimes.com/articles/317293/20260527/silent-ransom-group-sends-operatives-law-firm-offices-38-firms-already-leaked.htm?utm_source=openai)) This incident underscores a concerning evolution in cybercriminal tactics, blending traditional cyber attacks with physical intrusion. The legal sector's sensitive data makes it a prime target, highlighting the urgent need for robust security protocols, employee training, and vigilance against both digital and physical social engineering threats.
4 weeks ago
Kill Chain
Surge in Cyber-Enabled Cargo Theft: A 2025 Analysis
In 2025, cargo theft losses in the United States and Canada surged by 60%, reaching an estimated $725 million. This increase is attributed to cybercriminals employing sophisticated tactics such as phishing, impersonation, and system compromises to hijack goods during transit. By infiltrating supply chain systems, these actors rerouted shipments, leading to significant financial and operational disruptions for businesses. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai)) The FBI's April 30, 2026, public service announcement underscores the evolving nature of cargo theft, emphasizing the integration of cyber techniques into traditional theft methods. This trend highlights the urgent need for enhanced cybersecurity measures within the transportation and logistics sectors to mitigate the risks posed by these advanced threats. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai))
1 month ago
Kill Chain
Fraudsters Exploit Credit Union Verification Processes in 2026
In May 2026, cybersecurity researchers uncovered a sophisticated fraud scheme targeting small to mid-sized credit unions. Threat actors utilized stolen personal data to impersonate legitimate borrowers, navigating through credit checks and identity verification processes without triggering security alerts. This methodical approach exploited perceived weaknesses in the verification systems of smaller financial institutions, leading to unauthorized loan approvals and significant financial losses. This incident underscores a growing trend where cybercriminals focus on process exploitation rather than technical vulnerabilities. The increasing availability of personal data on underground forums, combined with advanced social engineering tactics, poses a heightened risk to financial institutions, especially those with limited fraud prevention resources.
1 month ago
Kill Chain
Insider Betrayal: Ransomware Negotiator Aids BlackCat Attacks
In April 2026, Angelo Martino, a former ransomware negotiator at DigitalMint, pleaded guilty to conspiring with the BlackCat/ALPHV ransomware group to extort U.S. companies. Martino exploited his trusted position by providing confidential client information, such as insurance policy limits and negotiation strategies, to the attackers. This insider collaboration enabled the ransomware group to maximize their ransom demands, resulting in over $75 million in payments from victims, including a nonprofit and a financial firm. Authorities have seized more than $10 million in assets from Martino, who faces up to 20 years in prison. This case underscores the critical importance of vetting and monitoring individuals in sensitive cybersecurity roles. The incident highlights the evolving tactics of ransomware groups, including the recruitment of insiders to enhance their extortion efforts. Organizations must remain vigilant against such threats and implement robust internal controls to safeguard against insider collusion.
1 month ago
Kill Chain
FBI Reports 60% Increase in Cyber-Enabled Cargo Thefts in 2025
In 2025, the FBI reported a 60% increase in cyber-enabled cargo thefts across the U.S. and Canada, totaling nearly $725 million in losses. Threat actors infiltrated freight brokers and carriers through phishing emails and fake web links, gaining unauthorized access to systems. They then posted fraudulent listings on online load boards, impersonated legitimate companies, and diverted high-value shipments for resale. The Diesel Vortex group, active since September 2025, targeted freight and logistics operators in the U.S. and Europe, compromising numerous platforms and stealing credentials. This surge underscores the evolving tactics of cybercriminals who exploit digital vulnerabilities to execute physical thefts. The transportation and logistics sectors must enhance cybersecurity measures to protect against such sophisticated attacks.
1 month ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports