Hello. U.S. Secret Service investigators found 300 servers and 100,000 SIM cards in empty New York apartments and locations throughout the tri-state area.

Law-enforcement officials say the tech was tied to foreign actors and capable of crippling the city’s cellular network, including EMS and police communications. Early analysis of the network shows that the devices have communicated with nation-state threat actors, the Secret Service said. Read the full story.

Also today: 

• TikTok collected children's data, Canadian officials said
• North Korea's fake worker scam could lead U.S. companies into sanctions trouble
• Breach at casino company Boyd Gaming
• Hackers hit Michigan hospital twice
• Some business leaders feel better about cyber risk

• Boyd didn't say when the incident happened or how many people had their data exposed. 

Inadvertently hiring and paying a North Korean who poses as an everyday tech worker could put a company on the wrong side of U.S. sanctions policies, cyber and legal experts said at Google’s Cyber Defense Summit. North Korean nationals have been falsifying their identities to draw paychecks from U.S. companies, to help fund their country's regime. The U.S. has far-reaching sanctions against North Korea. (CyberScoop)

Hit twice: Michigan-based Sturgis Hospital, in the midst of investigating a December 2024 cyberattack, discovered it had been hacked a second time in June 2025. Patient and employee data was stolen in both incidents, Sturgis said in a notice on its website. 

• That includes Social Security and bank account numbers, health insurance details and clinical information such as prescriptions, treatment records and other medical information. 
• More than 77,700 people were affected. (Becker's Hospital Review)

Cybersecurity risks dropped to No. 3 among the top five business concerns ranked by 1,202 corporate decision-makers in the U.S. in a new survey from insurance giant Travelers. Cyber ranked first in last year's survey, followed by broad economic uncertainty. 

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.