Phreesia’s ConnectOnCall software has suffered a data breach, exposing the personal and health information of over 900,000 individuals. Between February and May 2023, an unknown third party infiltrated the data, compromising medical records, names, phone numbers, and some social security numbers. The healthcare software is offline and under investigation. Though no misuse of data has yet been found, the company has offered identity and credit monitoring services to those with exposed social security numbers.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is