Collecting Cyber-News from over 60 sources

Tag: access

Novo Nordisk Confirms Cyberattack Exposing Patient Medical Data and Internal AI Assets

Jun 16, 2026 3:02 PM

Tags: access, ai, breach, cyber, cyberattack, cybersecurity, data, healthcare, intelligence, unauthorized

Novo Nordisk, the Danish pharmaceutical giant behind blockbuster weight-loss drugs Ozempic and Wegovy, has confirmed a cybersecurity breach involving unauthorized access to sensitive clinical data and internal artificial intelligence (AI) assets. The company disclosed that attackers successfully exfiltrated a limited volume of non-public information, raising concerns over data security within highly regulated healthcare and research…
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem

Jun 16, 2026 10:02 AM

Tags: access, backdoor, cyber, group, ibm, ransomware, supply-chain

Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors that help them stage intrusion chains before encryption. The core finding is that both operations…
iRhythm Discloses Data Breach After Threat Actor Claims PHI Theft

Jun 16, 2026 9:02 AM

Tags: access, breach, business, cybersecurity, data, data-breach, monitoring, theft, threat, unauthorized

Cardiac monitoring company iRhythm Technologies has disclosed a cybersecurity incident involving unauthorized access to data stored within certain third-party-hosted business applications. The company revealed details of the iRhythm data breach in a recent SEC filing, stating that sensitive information, including protected health information (PHI), may have been accessed and exfiltrated by a threat actor. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/irhythm-data-breach/
iRhythm Discloses Data Breach After Threat Actor Claims PHI Theft

Jun 16, 2026 9:02 AM

Tags: access, breach, business, cybersecurity, data, data-breach, monitoring, theft, threat, unauthorized

Cardiac monitoring company iRhythm Technologies has disclosed a cybersecurity incident involving unauthorized access to data stored within certain third-party-hosted business applications. The company revealed details of the iRhythm data breach in a recent SEC filing, stating that sensitive information, including protected health information (PHI), may have been accessed and exfiltrated by a threat actor. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/irhythm-data-breach/
PRC-Nexus Hackers Abuse REDCap Servers to Monitor US Medical Research Organizations

Jun 16, 2026 8:01 AM

Tags: access, china, communications, credentials, cyber, cyberespionage, hacker, military, threat

A sophisticated, long-running cyberespionage campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, that systematically targets North American academic, medical, and military research institutions. The campaign, active since at least September 2023, remained undetected for over a year while the threat actor silently harvested credentials, exfiltrated sensitive communications, and maintained persistent access across victim…
Microsoft Website Displays Security Warning After Certificate Expiry

Jun 16, 2026 8:01 AM

Tags: access, cyber, microsoft, network, service

Microsoft has triggered widespread browser security warnings after allowing the TLS certificate for a critical Microsoft 365 connectivity testing domain to expire, raising concerns over certificate lifecycle management practices. The affected domain, connectivity.office.com, widely used by system administrators and enterprise IT teams to validate network access to Microsoft 365 services, began returning NET::ERR_CERT_DATE_INVALID errors in…
EvilTokens: Neue Phishing-Kampagne verschafft sich Zugriff mit legitimen Mitteln

Jun 16, 2026 8:01 AM

Tags: access, cyberattack, infrastructure, phishing

Was passiert, wenn bei einem Phishing-Angriff offizielle Infrastruktur genutzt wird, anstatt diese zu fälschen? EvilTokens markiert eine Weiterentwicklung des Phishing: Es werden nicht mehr Anmeldedaten gestohlen, sondern die Opfer dazu verleitet, legitime Sitzungen zu autorisieren. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/cybercrime/eviltokens-neue-phishing-kampagne-verschafft-sich-zugriff-mit-legitimen-mitteln/
EvilTokens: Neue Phishing-Kampagne verschafft sich Zugriff mit legitimen Mitteln

Jun 16, 2026 8:01 AM

Tags: access, cyberattack, infrastructure, phishing

Was passiert, wenn bei einem Phishing-Angriff offizielle Infrastruktur genutzt wird, anstatt diese zu fälschen? EvilTokens markiert eine Weiterentwicklung des Phishing: Es werden nicht mehr Anmeldedaten gestohlen, sondern die Opfer dazu verleitet, legitime Sitzungen zu autorisieren. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/cybercrime/eviltokens-neue-phishing-kampagne-verschafft-sich-zugriff-mit-legitimen-mitteln/
Gigamon and Zscaler integrate network telemetry with zero-trust access

Jun 16, 2026 6:01 AM

Tags: access, network, zero-trust

First seen on scworld.com Jump to article: www.scworld.com/brief/gigamon-and-zscaler-integrate-network-telemetry-with-zero-trust-access
UK to ban social media access for children under 16

Jun 16, 2026 5:02 AM

Tags: access, government

The ban will apply to all “user-to-user platforms, whose purpose is to enable social interaction and”¯which allow users to post material, alongside algorithms,” according to a press release from the government’s Department for Science, Innovation and Technology. First seen on therecord.media Jump to article: therecord.media/uk-to-ban-social-media-access-for-children-under-16
Mythos Shutdown Contains a Message: Don’t Wait for Mythos

Jun 16, 2026 1:01 AM

Tags: access, cyber, government, technology

OT Operators Shouldn’t Wait for Mythos Access to Probe Codebases. The abrupt, government-ordered cut-off of access to Mythos 5, the most cyber-capable of Anthropic’s large language models, has underlined a message security experts have been trying to get out to the operational technology community: You don’t need Mythos. First seen on govinfosecurity.com Jump to article:…
Cyberattack on Russian tech firm Astral disrupts business, government services for week

Jun 15, 2026 6:02 PM

Tags: access, authentication, business, corporate, cyberattack, email, government, russia, service

According to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electronic human resources document management systems and authentication using digital certificates. First seen on therecord.media Jump to…
Big tech must introduce age checks to support UK’s under-16s social media ban

Jun 15, 2026 6:02 PM

Tags: access, service

Keir Starmer announces UK social media ban for under-16s that requires mandatory age verification to access social media services First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644294/Big-tech-must-introduce-age-checks-to-support-UKs-under-16s-social-media-ban
1Password Buys Apono to Expand AI Access Governance

Jun 15, 2026 5:01 PM

Tags: access, ai, control, credentials, governance, risk, startup

Buying New York Startup Adds Just-in-Time Authorization and Governance Controls. 1Password acquired access governance startup Apono to combine credential security, just-in-time authorization and intent-based access controls into a unified platform designed to govern humans, machines and AI agents while reducing risks tied to static permissions. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/1password-buys-apono-to-expand-ai-access-governance-a-31963
US Anthropic Export Controls Sparks Sharp EU Reaction

Jun 15, 2026 5:01 PM

Tags: access, ai, control, government

Decision to Restrict Access Exposes EU Dependency on US Made Models. The U.S. government’s decision to cut foreign nationals’ access to Anthropic’s most powerful AI models has sparked a massive increase in calls for Europe to reduce its reliance on American technology. Tech sovereignty has become a live topic in Europe. First seen on govinfosecurity.com…
Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t

Jun 15, 2026 4:01 PM

Tags: access, breach, cyberattack, cybersecurity, data, theft, threat, unauthorized

Novo Nordisk suffered a cyberattack where clinical trial data was copied. The breach is confirmed, but no threat actor has claimed responsibility. The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand…
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network

Jun 15, 2026 3:01 PM

Tags: access, authentication, backdoor, china, cyber, hacker, infrastructure, Internet, network, spy

A long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and PAM modules across a segregated critical-infrastructure network. The intrusion chain began with compromises of internet-facing systems where the operator…
US Cracks Down on Anthropic AI Models Amid Abuse Concerns

Jun 15, 2026 3:01 PM

Tags: access, ai, control

Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the AI models. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/us-cracks-down-anthropic-ai-models-abuse-concerns
The Onboarding Password Mistake That Creates Unnecessary Risk

Jun 15, 2026 3:01 PM

Tags: access, email, password, risk

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe.That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent over…
Cybersecurity Experts Urge US to Lift Ban on Anthropic’s Frontier AI Models

Jun 15, 2026 1:01 PM

Tags: access, ai, cybersecurity

Access to two Anthropic large language models, Mythos 5 and Fable 5, has effectively been banned to any non-US nationals by the Trump administration First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyber-experts-urge-us-lift-ban/
Backdoor eingeschleust: Supply-Chain-Angriff gefährdet Millionen von Websites

Jun 15, 2026 12:01 PM

Tags: access, backdoor, cyberattack, exploit, supply-chain, wordpress

Ein Angreifer hat über mehrere populäre Plug-ins Schadcode verbreitet, der unter WordPress heimlich eine Backdoor mit Admin-Zugriff einrichtet. First seen on golem.de Jump to article: www.golem.de/news/backdoor-eingeschleust-supply-chain-angriff-gefaehrdet-millionen-von-websites-2606-209767.html
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited

Jun 15, 2026 11:01 AM

Tags: access, authentication, cve, cyber, exploit, flaw, network, vpn, vulnerability

Palo Alto Networks has issued an urgent warning after confirming active exploitation of a GlobalProtect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with specific configurations. The flaw, which affects the GlobalProtect portal and gateway components, enables an authentication bypass that allows unauthenticated attackers to establish VPN sessions and potentially gain access to internal enterprise…
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Jun 15, 2026 10:02 AM

Tags: access, authentication, cve, exploit, flaw, network, software, threat, unauthorized, vpn, vulnerability

Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals.The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by…
Admin-Zugriff für alle: Unzählige Onlineforen seit 10 Jahren angreifbar

Jun 15, 2026 10:02 AM

Tags: access

Wer ein Onlineforum auf Basis von phpBB betreibt, sollte dringend handeln. Eine Lücke lässt Angreifer beliebige Konten kapern, auch jene der Admins. First seen on golem.de Jump to article: www.golem.de/news/admin-zugriff-fuer-alle-unzaehlige-onlineforen-seit-10-jahren-angreifbar-2606-209759.html
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Jun 15, 2026 10:02 AM

Tags: access, authentication, cve, exploit, flaw, network, software, threat, unauthorized, vpn, vulnerability

Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals.The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by…
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations

Jun 15, 2026 9:01 AM

Tags: access, attack, cve, cyber, exploit, hacker, russia, ukraine, vulnerability

CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain attributed to an intrusion set we temporarily label SHADOW-EARTH-066 (tracked by CERT”‘UA as UAC”‘0226) and…
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page

Jun 15, 2026 8:01 AM

Tags: access, cyber, data-breach, intelligence, malware, monitoring, software, threat

A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026, began with routine threat intelligence monitoring on X (formerly Twitter), where a suspicious software download…
Hackers Hide New Argamal Malware Inside Working Hentai Games

Jun 14, 2026 9:01 PM

Tags: access, hacker, kaspersky, malware

Kaspersky found Argamal malware hidden in hentai game installers, giving hackers remote access through working games shared on adult sites and torrents. First seen on hackread.com Jump to article: hackread.com/hackers-hide-argamal-malware-hentai-games/
Wer hat die Kontrolle? Angreifer verwandeln legitime Remote-Zugriff-Tools in Einfallstore

Jun 14, 2026 6:01 AM

Tags: access, crypto, mail, phishing, tool

Angreifer nutzen Steuer-Phishing, vorgetäuschte Tools zur Wiederherstellung von Krypto-Wallets und gefälschte Audiodateien, um Kontrolle über PCs zu erlangen. Highlights: Angreifer missbrauchen legitime Remote-Zugriff-Tools, die über Phishing-E-Mails zum Steuerjahresende und gefälschte Downloads von Dating-Websites verbreitet werden, um dauerhafte Kontrolle über Geräte zu erlangen. Gefälschte Tools zur Wiederherstellung von Krypto-Wallets, werden zum Diebstahl von Anmeldedaten und……
Amazon CEO reportedly raised Anthropic model concerns before government crackdown

Jun 13, 2026 10:02 PM

Tags: access, ceo, government

Amazon CEO Andy Jassy may have been the source of security concerns that led Anthropic to cut off worldwide access to two models on Friday. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/13/amazon-ceo-reportedly-raised-anthropic-model-concerns-before-government-crackdown/