Hidden Spy for 1.6 Million Users: Popular Browser Extension ModHeader Secretly Collected Browsing History
🇷🇺 securitylab_n•July 14, 2026

Hidden Spy for 1.6 Million Users: Popular Browser Extension ModHeader Secretly Collected Browsing History

Google and Microsoft have removed the popular ModHeader browser extension from the Chrome Web Store and Microsoft Edge Add-ons after security researchers discovered a hidden mechanism designed to secretly collect users' browsing history. The extension, which had approximately 1.6 million installations, allowed developers to modify HTTP headers for testing and debugging purposes but contained a dormant data-collection module in its legitimate codebase. British firm Stripe OLT confirmed that the suspicious code was part of the genuine signed build rather than a fake version. Although the history-stealing functionality remained inactive due to an empty internal browser list, the extension still transmitted telemetry data and could have been activated remotely via a simple update. Experts recommend immediate removal of the extension, replacement of any credentials entered through it, and blocking of the domains stanfordstudies[.]com and extensions-hub[.]com.

Translated from Russian

Read full article

Latest News

UK Plans Nighttime Social Media Curfew and Addictive Feature Restrictions for Teens from 2027
🇷🇺AntiMalware•Jul 15

UK Plans Nighttime Social Media Curfew and Addictive Feature Restrictions for Teens from 2027

The United Kingdom has announced plans to restrict social media access for teenagers aged 16-17, introducing a nightly curfew from midnight to 6 a.m. starting in spring 2027. In addition to the time-based ban, platforms will be required to disable addictive features such as infinite personalized feeds, autoplay videos, Reels, and TikTok-style content by default for this age group. The measures are designed as a transitional step ahead of a complete social media ban for children under 16, which will also take effect in spring 2027. Government officials cite a pilot study involving 300 participants that demonstrated improved sleep quality and concentration after implementing similar nighttime restrictions. The policy also targets AI chatbots, mandating mandatory breaks for minors and potentially banning services that provide dangerous or unverified mental health advice. Schools will incorporate new digital literacy modules covering safe AI usage, detection of deepfakes, disinformation, and harmful content such as violent or misogynistic material.

Translated from Russian

Russia Launches Paid 'Tochka Kontakta' Messenger for Inmates in SIZO and Correctional Facilities
🇷🇺AntiMalware•Jul 15

Russia Launches Paid 'Tochka Kontakta' Messenger for Inmates in SIZO and Correctional Facilities

A new messaging platform called 'Tochka Kontakta' has been introduced in Russia to enable communication between relatives and individuals held in pre-trial detention centers (SIZO) and correctional colonies. The service supports text messages, photographs, video clips, and voice recordings, but operates on a strict pay-per-action model with no free tier for basic correspondence. Prices range from 3.09 rubles for short texts up to 200 characters to 35 rubles for longer electronic letters of up to 2,500 characters, while video and voice messages carry separate fees between 4.29 and 7.99 rubles. Paid content subscriptions are also available at 99 rubles per thematic section with ongoing updates. The platform promises a familiar chat interface that includes payment notifications for incoming messages, and developers plan to distribute it through all major app stores. However, key operational details such as the identity of the service operator, the message moderation process, and the list of participating institutions remain undisclosed.

Translated from Russian

Intel Unveils Starfire Chip Designed for AI Processing on US Military Satellites in Orbit
🇷🇺securitylab_n•Jul 15

Intel Unveils Starfire Chip Designed for AI Processing on US Military Satellites in Orbit

Intel has announced the Starfire system-on-chip, a radiation-tolerant processor developed specifically for orbital deployment aboard US government satellites. The chip integrates eight CPU cores, a three-die neural accelerator, and a graphics block using Foveros packaging, delivering up to 75 TOPS at 35 W. It combines Intel’s advanced 18A process for the CPU and AI blocks with the older Intel 3 node for the GPU, relying on architectural hardening rather than process maturity to withstand space radiation. Unlike legacy rad-hard processors such as BAE Systems’ RAD750, Starfire targets on-board AI inference and data processing instead of basic telemetry and control. The device remains a demonstration platform whose radiation performance is still under evaluation, with first test samples scheduled for the third quarter of 2026. Intel Government Technologies will handle distribution, and the project supports Pentagon programs RAMP-C and SHIP while Intel’s 18A yield roadmap extends into 2027.

Translated from Russian

Russia's МВД Proposes Mandatory Purchase of Special Smartphones for Migrants to Enable Permanent Digital Location Tracking
🇷🇺securitylab_n•Jul 15

Russia's МВД Proposes Mandatory Purchase of Special Smartphones for Migrants to Enable Permanent Digital Location Tracking

Russia's Ministry of Internal Affairs is advancing plans to replace paper-based migration controls with continuous digital surveillance by requiring labor migrants to purchase a dedicated smartphone upon entry. Deputy Minister Igor Zubov announced that the device would create an electronic profile allowing police to monitor the owner's movements in real time and prevent unauthorized relocation between regions. The initiative builds on the existing "Amina" app already mandatory in Moscow and the Moscow region since September 2025, which has already led to more than 139,000 migrants being removed from registration. From July 2026, all visa-free foreigners must use the RuID app to create digital profiles, while a unified МВД database containing documents, employment, housing, fines, and phone numbers is already operational. The new proposal differs from current rules by making the purchase of a government-specified device a condition of entry rather than simply installing software on an existing phone. Human rights advocates, including Svetlana Gannushkina, have previously criticized similar ideas, noting that forcing migrants to buy expensive devices is unlawful given financial and technical barriers. The plan remains a future proposal and has not yet been enacted into law.

Translated from Russian

Over 600 Leaked Corporate Accounts Found Per Major Russian Company, with Half Exposing Plaintext Passwords
🇷🇺AntiMalware•Jul 15

Over 600 Leaked Corporate Accounts Found Per Major Russian Company, with Half Exposing Plaintext Passwords

A study by Solar AURA examined nearly 19,300 records tied to the ten largest Russian companies from the RBC500 ranking and uncovered 6,194 unique corporate accounts. More than half of these credentials — 3,739 — were circulating on the dark web with passwords in plaintext. Only 4% of cases showed evidence of direct compromise of corporate infrastructure, indicating that the majority stemmed from employees reusing work emails and passwords on external platforms such as marketplaces, forums, and SaaS services. Researchers also identified over 12,600 additional records containing employee personal data that can be leveraged for targeted social-engineering attacks. The findings highlight how credential-stuffing, phishing, and password-reset abuse become trivial once external leaks occur, especially when short or reused passwords are involved. Experts recommend continuous leak monitoring, mandatory multi-factor authentication, and rapid blocking of exposed accounts to reduce risk.

Translated from Russian

Microsoft Permanently Locks Hacked Account After Security Changes, Erasing 25 Years of OneDrive Data and Purchases
🇷🇺AntiMalware•Jul 15

Microsoft Permanently Locks Hacked Account After Security Changes, Erasing 25 Years of OneDrive Data and Purchases

A streamer named Joshua Kane lost access to his Microsoft account containing 25 years of digital files, family photos, and purchased content after it was compromised by an attacker who altered security settings. Microsoft confirmed the account belonged to him and had been breached but refused to restore access, citing internal policies that prevent manual recovery once security information is changed by an unauthorized party. The company stated that OneDrive content cannot be extracted due to its encryption architecture and privacy protections, leaving the data permanently inaccessible even to Microsoft engineers. Kane was advised to create a new account and repurchase games and services, while the incident quickly gained over two million views on social media and prompted other users to share similar experiences. The case underscores the risks of insufficient account protection and the permanent consequences of account takeovers when two-factor authentication and backup strategies are not properly implemented.

Translated from Russian

US Prepares for Free Chinese AI Models Distributed Like Torrents, Weighs Policy Shift on Open-Source Systems
🇷🇺securitylab_n•Jul 15

US Prepares for Free Chinese AI Models Distributed Like Torrents, Weighs Policy Shift on Open-Source Systems

The Trump administration is actively discussing uniform capability requirements for American open-source AI models, using advanced Chinese systems as the benchmark. Chinese developers are expected to release powerful Mythos-class models within the next 6–12 months that anyone can freely download, run locally, fine-tune, and integrate without developer oversight. This development creates a policy dilemma for Washington, as overly strict controls risk slowing domestic innovation while failing to prevent the spread of foreign technology. China is deliberately promoting open AI releases to expand the global reach of its developers, especially after restrictions limited the availability of leading U.S. models. At the same time, the industry is exploring superconducting cables and optical interconnects to curb the rapid growth in data-center electricity consumption, which already accounts for 1.5% of global power usage. The Washington Post notes that long-term energy forecasts may be overstated if these efficiency technologies are adopted at scale.

Translated from Russian

Secure Boot Bypassed for Over a Decade Through Unrevoked Vulnerable Shim Bootloaders, ESET Finds
🇷🇺securitylab_n•Jul 15

Secure Boot Bypassed for Over a Decade Through Unrevoked Vulnerable Shim Bootloaders, ESET Finds

ESET researchers have disclosed that Secure Boot, the UEFI mechanism designed to block malicious code before Windows or Linux starts, could be bypassed for more than ten years using old but still-trusted shim bootloader images signed by Microsoft. The 11 vulnerable shims, some dating back to 2013, were never added to revocation lists despite known vulnerabilities, allowing attackers to load unsigned or malicious code early in the boot process. The flaw affected both Linux distributions and Windows systems because UEFI firmware does not tie a Microsoft-signed shim to a specific operating system. After Microsoft finally revoked the images in its June updates following ESET’s disclosure, users were advised to check firmware policies and Linux Vendor Firmware Service for proper propagation of the new revocation data. The incident highlights systemic weaknesses in managing thousands of signed boot components and the central trust role played by Microsoft in the UEFI ecosystem.

Translated from Russian

Microsoft Patches Record 570 Windows Vulnerabilities in July Update, Including Three Actively Exploited Zero-Days
🇷🇺AntiMalware•Jul 15

Microsoft Patches Record 570 Windows Vulnerabilities in July Update, Including Three Actively Exploited Zero-Days

Microsoft released its largest Patch Tuesday update to date, addressing 570 vulnerabilities across Windows and related products. Among them are three zero-day flaws, two of which have already been exploited in real-world attacks. Fifty-nine issues were rated critical, with 48 enabling remote code execution. The company credited its use of AI for discovering more vulnerabilities in the Windows codebase. The update covers a wide range of components including .NET, Active Directory services, Microsoft Office, Azure services, and Microsoft Defender. Administrators are urged to apply the patches promptly to mitigate risks from privilege escalation, remote code execution, and information disclosure flaws.

Translated from Russian

🇷🇺

From Russian sources

Translated from Russian

View all (63) →
Home Internet Tariffs in Russia Rise Up to 20% in First Half of 2026 Amid Rising Costs and Surging Demand
🇷🇺AntiMalware•Jul 15

Home Internet Tariffs in Russia Rise Up to 20% in First Half of 2026 Amid Rising Costs and Surging Demand

Tariffs for residential broadband in Russia accelerated sharply in the first half of 2026, climbing an average of 8-10% and reaching as much as 20% in some regions and with certain providers. This marks a significant increase compared with the modest 5-7% growth recorded across the entire previous year of 2025. Major operators including Rostelecom and ER-Telecom implemented price hikes ranging from 50-60 rubles to around 100 rubles per month, while some legacy plans became more expensive and previously free connection fees were introduced. The primary drivers cited are higher costs for equipment, electricity, employee wages, infrastructure leasing, and ongoing network modernization projects. Additional pressure came from springtime restrictions on mobile data that pushed large numbers of users onto fixed-line Wi-Fi connections, forcing providers to handle substantially higher traffic volumes. Regulators at the Ministry of Digital Development and the Federal Antimonopoly Service have stated they are monitoring the justification for these increases and may launch inspections, yet industry participants warn that further rises of 12-15% could occur in the second half of the year if infrastructure access costs continue to climb.

Google Urges European Commission to Stop Mass Blocking of IP Addresses, DNS Services and VPNs in Piracy Fight
🇷🇺securitylab_n•Jul 15

Google Urges European Commission to Stop Mass Blocking of IP Addresses, DNS Services and VPNs in Piracy Fight

Google has called on the European Commission to abandon the widespread practice of blocking IP addresses, DNS services and VPNs as a means of combating pirate sites, describing the approach as both ineffective and risky. The company explained that such blocks fail to remove illegal content permanently and allow users to quickly switch to alternative DNS providers, VPNs or new addresses, enabling piracy to continue uninterrupted. Blocking entire IP ranges is particularly problematic because a single address or range is often shared by multiple unrelated legitimate websites and cloud services, leading to collateral damage for lawful users. Google cited the December 2019 incident in Portugal, where ISP blocks on virtual IP addresses disrupted important Google services and affected Google Cloud customers sharing the same infrastructure. A similar outcome followed the blocking of The Pirate Bay in the United Kingdom, after which lists of proxy servers rapidly appeared online to restore access. The search giant stressed that these measures only create temporary obstacles rather than eliminating the source of pirated material and increase the chance of accidentally disabling legitimate online resources.

WinFsp Vulnerability CVE-2026-3006 Allows Local Attackers to Escalate Privileges to SYSTEM via Race Condition in Kernel Driver
🇷🇺securitylab_n•Jul 15

WinFsp Vulnerability CVE-2026-3006 Allows Local Attackers to Escalate Privileges to SYSTEM via Race Condition in Kernel Driver

A critical vulnerability has been discovered in WinFsp, the open-source platform used to implement virtual disks, network file shares, and custom file systems on Windows. The flaw, tracked as CVE-2026-3006 with a CVSS 3.1 score of 7.0, affects version 2.1.25156 and all earlier releases, enabling a local attacker to trigger a race condition that leads to a memory overflow inside the kernel-mode driver. Successful exploitation grants full SYSTEM-level privileges, allowing modification of protected files, installation of services and drivers, disabling of security mechanisms, and creation of new accounts. The issue cannot be exploited remotely and requires the attacker to already have the ability to execute code on the target system, either through a compromised account or by running malicious software. WinFsp components are frequently bundled inside third-party virtualization and storage applications, significantly expanding the potential attack surface. Developers have released a fix in WinFsp 2.2B1, while Singapore’s Cyber Security Agency recommends immediate updates, restriction of local administrative rights, and monitoring for unexpected driver or service changes.

Poisson's Spot: 200-Year-Old Optical Effect That Proved Light Is a Wave Now Enables Simple Creation of Optical Skyrmions for Future Photonic Computing
🇷🇺securitylab_n•Jul 15

Poisson's Spot: 200-Year-Old Optical Effect That Proved Light Is a Wave Now Enables Simple Creation of Optical Skyrmions for Future Photonic Computing

Researchers have discovered a remarkably simple method to generate optical skyrmions—stable topological structures in light fields—by directing a laser at a small opaque disk and exploiting the Poisson spot, also known as the Arago spot. This phenomenon, first observed over 200 years ago, played a pivotal role in confirming the wave nature of light during debates between particle and wave theories in the early 19th century. Unlike previous approaches that required expensive and precisely engineered metamaterials, the new technique uses only a coherent laser beam and a basic circular obstacle, allowing multiple types of skyrmions to form naturally in the bright central spot within the shadow. The experiment produced up to four varieties simultaneously, including spin skyrmions, Stokes skyrmions, and structures tied to electric and magnetic field vectors, all exhibiting topological stability that preserves their form under minor distortions. These properties make optical skyrmions promising candidates for encoding and transmitting information in future photonic computers, data storage systems, and high-speed communication technologies. The approach dramatically lowers the barrier for laboratories to reproduce and study these complex light configurations, potentially accelerating research into topology-protected data handling that is resilient to environmental noise.

t.me Domain Restored in DNS After Sudden Outage, But Full Recovery for Telegram Links May Take Up to 24 Hours
🇷🇺AntiMalware•Jul 14

t.me Domain Restored in DNS After Sudden Outage, But Full Recovery for Telegram Links May Take Up to 24 Hours

The short domain t.me has been restored to active DNS status after the .me registry removed the restrictive serverHold flag that had taken it offline worldwide. DNS records have been reinstated, allowing t.me links to function again in browsers, although propagation delays caused by caching at ISPs and recursive resolvers mean not all users will see the change immediately. The outage occurred when the registry-level serverHold status was applied, preventing resolution of the domain despite Telegram continuing to operate normally. As a precaution, Telegram began automatically substituting t.me links with telegram.me inside its mobile and desktop applications. Old t.me addresses continued to work when opened directly within the messenger, but external browsers were unable to reach them. The exact cause of the serverHold status remains unknown, with possibilities including a technical error, legal request, or deliberate action by the registry operator. The domain is now formally active again, and full global visibility depends on DNS cache expiration across networks.

Generative AI Can Clone and Modify Android Apps for as Little as 88 Kopecks, Positive Technologies Warns
🇷🇺AntiMalware•Jul 14

Generative AI Can Clone and Modify Android Apps for as Little as 88 Kopecks, Positive Technologies Warns

Positive Technologies researchers have demonstrated that generative AI models can successfully modify, reassemble, and preserve the functionality of Android applications in just minutes at extremely low cost. In experiments involving 90 diverse commercial apps, closed-source AI models achieved an 84% success rate while open-weight models reached 61%, requiring an average of 14 iterations and between 5.5 and 9 minutes per attempt. The cost of each successful modification ranged from 0.88 to 40.89 rubles, meaning an attacker could attempt to clone around 100 popular applications for only a few thousand rubles. Although the researchers inserted only neutral changes rather than malicious code, the same technique could be used to embed data interception, alter app behavior, or add connections to external command servers. The resulting fake APKs can then be distributed through third-party stores, websites, messengers, and online communities, primarily threatening users who sideload applications outside official marketplaces. The study shows that AI does not create entirely new attack vectors but dramatically lowers the technical barrier that previously required advanced reverse-engineering skills.

🇨🇳

From Chinese sources

Translated from Chinese

View all (7) →
Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats
🇨🇳安全客•Jul 14

Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats

A 37-year-old German textile processing company, ZEGO Textilveredelungszentrum, has filed for insolvency after a cyber attack halted its production lines for nearly six weeks, demonstrating that business interruption alone can destroy even well-established manufacturing firms without any data theft or ransom demands. The firm, based in Bavaria and serving automotive, workwear, and technical textiles industries, suffered the attack on March 29, 2026, leading to irrecoverable financial losses despite eventual system recovery. Managing Director Johannes Zenglein described the decision as one of the most difficult in the company's history, noting that the prolonged downtime caused severe cash flow disruption, lost orders, and customer attrition. The incident highlights a growing trend where cyber attacks on industrial systems lead directly to bankruptcy, as seen in prior cases like the 158-year-old British transport company Knights of Old and a German mobile phone repair firm. Key lessons include the critical need for robust business continuity plans, quantified downtime cost assessments, and supply chain resilience evaluations beyond traditional security measures. Unlike typical ransomware events, this attack required no encryption or extortion to achieve devastating results, underscoring that operational resilience is now a matter of corporate survival.

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets
🇨🇳安全客•Jul 13

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets

A novel supply-chain attack called Ghostcommit allows attackers to embed prompt-injection instructions inside PNG images, bypassing AI-powered code review tools and tricking coding agents into leaking sensitive .env configuration files and API keys. Researchers from the ASSET Research Group demonstrated that direct plaintext instructions are immediately flagged by tools such as Cursor and CodeRabbit, but splitting the payload across an AGENTS.md file and a seemingly innocuous image evades detection. The attack remains dormant until a developer later asks the agent to perform normal development tasks, at which point the agent reads the image, extracts the .env contents byte-by-byte, and outputs them as a long tuple of ASCII numbers. Testing across 11 tool-model combinations revealed that success depends primarily on the runtime framework rather than the underlying LLM, with Cursor and Antigravity leaking secrets while Claude Code successfully blocked the attack in most cases. The team also released an open-source multimodal defense prototype based on Gemma 4 that runs on a single 4 GB GPU and achieved near-perfect detection rates on both known and unknown attack samples.

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
🇨🇳安全客•Jul 12

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches

The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
🇨🇳安全客•Jul 12

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security

In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
🇨🇳安全客•Jul 12

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools

In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
🇨🇳安全客•Jul 12

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk

In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.