Tag: breach
-
Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack
Bitcoin Depot filed a notice with the Securities Exchange Commission (SEC) explaining that a threat actor “gained access to certain systems and obtained control of credentials associated with the company’s digital asset settlement accounts.” First seen on therecord.media Jump to article: therecord.media/crypto-atm-bitcoin-depot-reports-cyberattack
-
Eurail says December data breach impacts 300,000 individuals
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/eurail-says-december-data-breach-impacts-300-000-individuals/
-
Cybercriminals target accountants to drain Russian firms’ bank accounts
Cybercriminals have stolen millions from Russian companies by hacking accountants’ computers and disguising transfers as salary payments, with the largest confirmed theft exceeding 14 million rubles. First seen on therecord.media Jump to article: therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
-
The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China’s National Supercomputing Center, risking national security. A massive alleged breach has hit China’s National Supercomputing Center (NSCC) in Tianjin. A hacker claims to have exfiltrated over 10 petabytes of highly sensitive data, including military, aerospace, and missile-related information. The facility supports…
-
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC) in Tianjin. The stolen dataset reportedly includes sensitive defense documents, missile schematics, and advanced aerospace research. The Tianjin center serves as a centralized infrastructure hub…
-
Capita’s troubled Civil Service Pension Scheme hit by data breach
A data breach affecting 138 members of the Civil Service Pension Scheme piles pressure on the service’s administrator, Capita, amid ongoing issues. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641501/Capitas-troubled-Civil-Service-Pension-Scheme-hit-by-data-breach
-
Passport numbers for more than 300,000 leaked during December Eurail data breach
In February, a hacker claimed the attack and said they stole 1.3 TB of data that included source code, database backups and Zendesk support tickets. First seen on therecord.media Jump to article: therecord.media/eurail-reports-data-breach-impacting-over-300000
-
Breach exposes sensitive LAPD files stored in city attorney system
The LA Times reported that social media posts allegedly featuring information about the stolen material, some of which have since been taken down, revealed there were 7.7 terabytes of data available for download. First seen on therecord.media Jump to article: therecord.media/breach-exposes-lapd-files-city-attorney-systems
-
Hackers steal and leak sensitive LAPD police documents
The LAPD said the breach affected “a digital storage system” belonging to the city’s Attorney’s Office. The World Leaks extortion gang was reported to be behind the attack. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/08/hackers-steal-and-leak-sensitive-lapd-police-documents/
-
US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure
The newly disclosed cyberattack campaign is the latest evidence of the threat end-of-life routers pose to major organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russia-routers-hacking-dns-fbi-disruption/816960/
-
AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats FireTail Blog
Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, conference, control, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, framework, gartner, GDPR, governance, guide, infrastructure, injection, LLM, malicious, microsoft, monitoring, network, nvidia, office, regulation, risk, saas, software, threat, tool, training, vulnerabilityApr 08, 2026 – – Quick Facts: Enterprise AI Security Most enterprises are running AI at scale before their security teams have visibility into it. Shadow AI (unsanctioned AI tools spreading department by department) is now the most common entry point for data leakage. Agentic AI introduces a new category of risk: autonomous systems that…
-
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end”‘to”‘end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to mid-skill threat actors to run highly tailored BEC operations in minutes rather than days. First…
-
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
-
The zero-day timeline just collapsed. Here’s what security leaders do next
Tags: access, ai, api, attack, authentication, breach, cio, ciso, control, cyber, cybersecurity, data, data-breach, defense, endpoint, exploit, google, Internet, Intruder, leak, least-privilege, open-source, penetration-testing, resilience, service, strategy, tactics, update, vulnerability, zero-dayScaling vulnerability discovery to machine speed: Agentic AI is AI that can act, not just advise. Give it an objective, and it will plan steps, run them, learn from what happens and adjust until it succeeds or hits a hard stop. In cybersecurity, that looks like an automated operator. It can probe an application, test…
-
The tabletop exercise grows up
would do. They do not do it.Every experienced facilitator knows the moment: someone in the room challenges the premise and the facilitator asks participants to “suspend disbelief.” That phrase should give us pause. If the scenario requires suspension of disbelief, it is not building preparedness. It is building familiarity with a document.The gap between documentation…
-
Top 10 Best Multi-Factor Authentication (MFA) Providers in 2026
Tags: authentication, breach, credentials, cyber, cybersecurity, data, malware, mfa, password, phishingIn the digital realm of 2026, the traditional password stands as a flimsy barrier against an onslaught of sophisticated cyber threats. From phishing campaigns and credential stuffing to ever-evolving malware, attackers are relentlessly targeting the weakest link in cybersecurity: single-factor authentication. A staggering percentage of data breaches continue to stem from compromised credentials, underscoring the…
-
US warns of Iran-affiliated cyber-attacks on critical infrastructure across country
Tags: attack, breach, compliance, country, cyber, cyberattack, government, infrastructure, iran, middle-east, resilience, threat, updateSecurity agencies say municipalities should watch out for unusual activity, especially in water and energy sectors<ul><li><a href=”https://www.theguardian.com/world/live/2026/apr/07/iran-war-live-updates-trump-hormuz-threats-deadline-strikes-middle-east-conflict”>Middle East crisis live updates</li></ul>Top government security agencies issued a warning of Iran-affiliated cyber-attacks on critical infrastructure across the US on Tuesday. In a <a href=”https://www.ic3.gov/CSA/2026/260407.pdf”>joint statement, the agencies said municipalities, especially in the water and energy sectors, should…
-
US warns of Iran-affiliated cyberattacks on critical infrastructure across country
Tags: breach, compliance, country, cyberattack, government, infrastructure, iran, middle-east, resilience, threat, updateSecurity agencies say municipalities should watch out for unusual activity, especially in water and energy sectors<ul><li><a href=”https://www.theguardian.com/world/live/2026/apr/07/iran-war-live-updates-trump-hormuz-threats-deadline-strikes-middle-east-conflict”>Middle East crisis live updates</li></ul>Top government security agencies issued a warning of Iran-affiliated cyberattacks on critical infrastructure across the US on Tuesday. In a <a href=”https://www.ic3.gov/CSA/2026/260407.pdf”>joint statement, the agencies say that municipalities, especially in the water and energy sectors,…
-
Cyber Fraud Cost Americans $17 Billion in 2025, AI Scams Make List: FBI
Cyber-driven fraud from investment schemes to business email compromise (BEC) to confidence and romance scams accounted for almost 85% of the losses Americans suffered through fraud crimes last year, totaling an eye-watering $17.7 billion in money stolen, according to the FBI. It also made up 45% of all the fraud-related complaints to the.. First seen…
-
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/
-
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…
-
React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data
The stolen information could help the hackers plan follow-up attacks and breach more organizations, Cisco researchers said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/credential-harvesting-campaign-react2shell-cisco/816726/
-
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa
Tags: access, attack, breach, china, data, data-breach, exploit, flaw, group, network, ransomware, theft, update, vulnerabilityChina-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…
-
Support platform breach exposes Hims amp; Hers customer data
Healthcare companies handle some of the most personal data imaginable, and that makes them a magnet for hackers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/support-platform-breach-exposes-hims-amp-hers-customer-data/
-
Windmill Developer Platform Flaws Expose Users to RCE Attacks, ProofConcept Published
Tags: attack, breach, control, cyber, cybersecurity, data, flaw, network, rce, remote-code-execution, update, vulnerabilityCybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine. These severe flaws allow remote attackers to take full control of affected systems without requiring any passwords. System administrators must patch immediately to prevent catastrophic network breaches and data theft. Recently, security researcher Chocapikk released…