Security Daily Digest — 2026-04-11
Hims Breach Exposes Sensitive PHI: Immediate Response Needed — Dark Reading
Threat actors have breached the telehealth brand Hims, exposing sensitive personal health information (PHI) including details on medical conditions such as baldness, obesity, and impotence. The breach could lead to significant privacy violations and potential exploitation of affected individuals. Security teams should prioritize assessing exposure, implementing stronger data protection measures, and informing affected users to mitigate risks.
CPUID Breach: Malware Delivered via CPU-Z and HWMonitor — BleepingComputer
Hackers accessed CPUID's API and altered download links for CPU-Z and HWMonitor, causing users to download malware instead of legitimate software for a six-hour window. This supply chain attack highlights vulnerabilities in software distribution channels. Security teams should verify the integrity of downloaded software, monitor for signs of compromise, and consider implementing stricter code-signing and distribution practices.
China's Tianjin Supercomputing Center Hit by Massive Data Breach — Google News Security
A breach at China's Tianjin Supercomputing Center resulted in the theft of 10 petabytes of military data, allegedly by a group named 'FlamingChina'. This significant data exfiltration poses a strategic threat to national security and underscores the importance of securing critical infrastructure against sophisticated cyberattacks. Security teams should enhance their threat detection and response capabilities, particularly against nation-state actors.
- OneDigital Warns Clients of Alleged Salesforce Data Breach - Wealth Management [Google News Security]
- DermCare Management Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims - GlobeNewswire [Google News Security]
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks [BleepingComputer]
- Industrial Controllers Still Vulnerable As Conflicts Move to Cyber [Dark Reading]
- Microsoft: Canadian employees targeted in payroll pirate attacks [BleepingComputer]