Tag: breach
-
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
Tags: breach, cloud, container, credentials, cyber, data-breach, docker, extortion, framework, fraud, infrastructure, kubernetes, malware, spam, threat, wormA newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entirely and instead appears optimized for fraud, spam, extortion, and resale of stolen access. TeamPCP itself drew attention earlier in 2026…
-
The Canvas Hack Is a New Kind of Ransomware Debacle
Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters. First seen on wired.com Jump to article: www.wired.com/story/canvas-hack-shinyhunters-ransomware-instructure/
-
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks
Palo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a month. After exploiting the flaw, attackers deployed tunneling tools such as EarthWorm and ReverseSocks5, used stolen credentials…
-
Breach Roundup: Microsoft Edge Turns Passwords Into Targets
Tags: attack, breach, data, data-breach, ddos, government, ivanti, microsoft, north-korea, password, scamAlso, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence. This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another…
-
Proof of Concept: Anatomy of a Breach – the Aftermath
Blackbaud’s Attorneys Jon Olson and Ron Raether on Legal Risk, Trust and Recovery. In part three of the Anatomy of a Breach series, attorneys Jon W. Olson and Ron Raether examine what happens in the aftermath of a breach crisis. The experts discuss legal exposure, regulatory scrutiny and how early decisions can shape long-term trust,…
-
One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches
The hardest part of cybersecurity isn’t the technology, it’s the people.Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection.In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on your watch,…
-
World’s First AI-Driven Cyberattack Couldn’t Breach OT Systems
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/worlds-first-ai-driven-cyberattack-couldnt-breach-ot-systems
-
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week.Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram…
-
CISOs: Align cyber risk communication with boardroom psychology
Tags: breach, business, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, psychology, resilience, risk, threat, updateStop reporting risk as a technical status update: Executives do not need a master class in threat modeling. They need to know what the business stands to lose.Risk has to be framed in terms boards already use to weigh other enterprise decisions: financial exposure, operational disruption, compliance consequences, legal risk and the cost of delay.…
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
Instructure Breach Exposes Schools’ Vendor Dependence
ShinyHunters’ attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/instructure-breach-exposes-schools-vendor-dependence
-
AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
Braintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/06/ai-evaluation-startup-braintrust-confirms-breach-tells-every-customer-to-rotate-sensitive-keys/
-
ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks. First seen on hackread.com Jump to article: hackread.com/shinyhunters-instructure-canvas-lms-vimeo-data-breach/
-
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-devs-confirm-breach-release-malware-free-version/
-
When the Breach Gets In Through the CEO’s Inbox, Not the Firewall
Tags: authentication, breach, ceo, detection, endpoint, firewall, framework, mfa, vulnerability, zero-trustSecurity teams have put in a lot of effort in the last decade to make sure that security parameters are as robust as possible. Because of this, zero trust frameworks, multi-factor authentication, endpoint detection, patched vulnerabilities have become baseline requirements for security. The technical stack for security has never been more sophisticated. And yet, breaches…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
Train like you fight: Why cyber operations teams need no-notice drills
Tags: breach, business, cloud, communications, credentials, cyber, cybersecurity, detection, framework, healthcare, injection, login, military, psychology, ransomware, risk, skills, soc, threat, training, updateThe Yerkes-Dodson inverted-U curve: Performance rises with arousal to an optimal point, then falls sharply.Wikimedia Commons, CC-ZeroWhat repeated no-notice drills do is shift a team’s position on that curve. By building familiarity with threat-level arousal, they raise the threshold at which stress becomes performance-impairing. The stimulus is no longer novel. The cascade is shorter. Executive…
-
Vimeo Confirms Breach Exposing 119,000 Unique User Email Addresses
Video hosting platform Vimeo has confirmed a data breach that exposed approximately 119,000 unique user email addresses, attributing the incident to a security compromise at Anodot, a third-party analytics vendor integrated with its systems. The breach came to light after the ShinyHunters extortion group listed Vimeo on its >>pay or leak<< portal in April 2026,…
-
Middle East Cyber Battle Field Broadens, Especially in UAE
As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks, many targeting critical infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/middle-east-cyber-battle-field-broadens-uae
-
Instructure hacker claims data theft from 8,800 schools, universities
The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/
-
Vimeo confirms breach via third-party vendor impacts 119K users
Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third”‘party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third”‘party…
-
Trellix Source Code Breach Highlights Growing Supply Chain Threats
Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trellix-source-code-breach-supply-chain-threats
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
Vimeo confirms breach via third-party vendor impacts 119K users
Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third”‘party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third”‘party…
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
Vimeo confirms breach via third-party vendor impacts 119K users
Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third”‘party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third”‘party…
-
Trellix investigating breach of source code repository
The cybersecurity company said there is no immediate evidence of code being exploited or released. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/trellix-investigating-breach-source-code-repository/819327/
-
Hackers steal students’ data during breach at education tech giant Instructure
The data breach at education tech giant Instructure includes students’ private data, according to a sample of the allegedly stolen data seen by TechCrunch. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/
-
Vimeo data breach exposes personal information of 119,000 people
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/
-
AI finds 20-year-old bugs in PostgreSQL and MariaDB
Tags: ai, breach, credentials, cve, exploit, flaw, github, injection, nist, rce, remote-code-execution, sql, vulnerabilityInadequate JSON parsing allowed RCE on the MariaDB server: In MariaDB, a buffer overflow bug, tracked as CVE-2026-32710, was found in the JSON_SCHEMA_VALID() function using Xint Code. The vulnerability allows an authenticated user to trigger a crash, which, under controlled conditions, could be escalated into remote code execution.Compared to the PostgreSQL flaws, exploitation here is…