Tag: breach
-
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana refused an extortion demand after attackers used a stolen GitHub token to download code, with no customer data exposed so far. The post Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-grafana-github-token-codebase-breach/
-
Verizon Breach Report: Vulnerability Exploitation Surges
Tags: access, breach, data, data-breach, exploit, hacker, Hardware, ransomware, software, update, vulnerabilityPatch Rollout Slows and Ransomware Incident Volume Rises, Finds Latest Verizon DBIR. The frequency of hackers exploiting vulnerabilities in hardware and software to gain initial access to a victim’s environment continues to surge, and half of all successful breaches also now involve some type of ransomware action, according Verizon’s 2026 Data Breach Investigations Report. First…
-
7-Eleven confirms data breach claimed by the ShinyHunters gang
Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/7-eleven-confirms-data-breach-claimed-by-the-shinyhunters-gang/
-
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Dark Reading editors reflect on two decades of dramatic change, from perimeter defense to assume-breach strategies, and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop sophisticated attacks in their tracks. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/looking-back-looking-forward-bouillabaisse-cyber-evolution
-
7 tips for accelerating cyber incident recovery
Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, updateEmphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
-
Grafana Labs Confirms Hackers Stole Source Code
Open source tool maker Grafana says hackers stole codebase via GitHub breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/grafana-labs-confirms-hackers/
-
Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365
Tags: attack, breach, cloud, cyberattack, data, identity, infrastructure, intelligence, microsoft, service, theft, threatMicrosoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can…
-
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
From the MGM and Caesars fiasco and MOVEit’s patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/broken-dreams-2-decades-cyber-fails
-
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
From the MGM and Caesars fiasco and MOVEit’s patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/broken-dreams-2-decades-cyber-fails
-
Grafana confirms GitHub token breach cybercrime group claims the attack
Tags: attack, breach, cybercrime, data, data-breach, extortion, github, group, leak, security-incident, theftGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…
-
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
The New York public healthcare system said hackers stole personal and medical data, and scans of biometrics, including fingerprints, in one of the largest recorded breaches of 2026. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/18/nyc-health-and-hospitals-says-hackers-stole-medical-data-and-fingerprints-during-breach-affecting-at-least-1-8-million-people/
-
NYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
The New York public healthcare system said hackers stole personal and medical data, and scans of biometrics, including fingerprints, in one of the largest recorded breaches of 2026. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/18/nyc-health-and-hospitals-says-hackers-stole-medical-data-and-fingerprints-during-breach-affecting-at-least-1-8-million-people/
-
Fuel Tank Breaches Expand Scope of Iran’s Cyber Offensive
Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fuel-tank-breaches-expand-scope-irans-cyber-offensive
-
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. >>Over 600k Salesforce records containing PII and other internal corporate data have been compromised.<< The…
-
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. >>Over 600k Salesforce records containing PII and other internal corporate data have been compromised.<< The…
-
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/
-
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations. First seen on hackread.com Jump to article: hackread.com/the-gentlemen-ransomware-gang-breach-op-exposed/
-
The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations. First seen on hackread.com Jump to article: hackread.com/the-gentlemen-ransomware-gang-breach-op-exposed/
-
The Canvas breach proved that prevention is no longer enough
Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work, and a warning about how unprepared most organizations still are. First seen on cyberscoop.com Jump to article: cyberscoop.com/canvas-breach-saas-security-identity-governance-op-ed/
-
Why the best security investment a board can make in 2026 isn’t another tool
Tags: access, ai, api, attack, automation, breach, cloud, credentials, data, detection, endpoint, governance, monitoring, network, risk, service, technology, toolAttackers don’t break through your defenses. They walk between them: The most effective attacks today don’t target any single tool’s coverage area. They move through the seams. An attacker who compromises a valid credential doesn’t trigger endpoint detection. An attacker who moves from one cloud service to another using legitimate trust relationships doesn’t trip network…
-
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana…
-
Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?
Businesses are advised against paying but many are prepared to deal to protect users’ privacyAfter a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure which operates the education platform Canvas, used by education providers worldwide announced…
-
Wave of ShinyHunters Extortion Drives Surge in Data Leaks
‘Have I Been Pwned’ Founder Troy Hunt Reviews Impact on People and Organizations. The volume of data breaches that result in stolen personal data being leaked online has been surging, courtesy of the ShinyHunters, and while it affects individuals, the organizations being extorted are bearing the brunt of such attacks, said Troy Hunt, founder and…
-
More than $10 million stolen from crypto platform THORChain
THORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million. First seen on therecord.media Jump to article: therecord.media/more-than-10-million-stolen-crypto-platform-thorchain
-
AI Exploits, Ransomware Breaches, and Cloud Security Gaps Define this Week in May 2026
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-exploits-ransomware-breaches-and-cloud-security-gaps-define-this-week-in-may-2026/
-
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-the-remus-infostealer-session-theft-maas-and-rapid-evolution/
-
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/stolen-iphone-unlocking-tools-telegram-groups/
-
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts. First seen on hackread.com Jump to article: hackread.com/calphishing-eviltokens-kit-outlook-invites-m365/