In late 2024, the US Department of Health and Human Services Office for Civil Rights achieved numerous settlements linked to inadequate healthcare risk assessments. The activity reflects the office’s focus on performing accurate and robust potential risk assessments and vulnerabilities to electronic protected health information. The office initiated 22 HIPAA enforcement actions in 2024, resulting in $9.9 million in penalties and settlements. Investigations will likely continue under the Trump administration despite a general slowdown in actions as appointees settle into their roles.
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild
Shadow Servers have identified 454 vulnerable SAP NetWeaver systems affected by a critical zero-day flaw, CVE-2025-31324, allowing unauthenticated file uploads and potential system compromise. Discovered
