Tag: breach
-
Mercor Breach Linked to LiteLLM Supply-Chain Attack
AI Dependency Attack Reportedly Exposes Data and Source Code. A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility. First seen on govinfosecurity.com Jump to article:…
-
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models. First seen on wired.com Jump to article: www.wired.com/story/meta-pauses-work-with-mercor-after-data-breach-puts-ai-industry-secrets-at-risk/
-
Security lapse lets researchers view React2Shell hackers’ dashboard
Tags: access, attack, breach, credentials, data-breach, exploit, hacker, Internet, risk, update, vulnerabilityIndustrial scale: “This is all about neglect and efficiency,” Gene Moody, field CTO at patch management provider Action1, told CSO . “React2Shell quickly met all the criteria attackers look for: public disclosure, reliable exploitation, and internet-facing exposure. That combination effectively guaranteed widespread abuse. Since then, multiple campaigns have automated the full [attack] lifecycle [of], scanning,…
-
5 critical steps to achieve business resilience in cybersecurity
Tags: access, ai, attack, authentication, automation, backup, breach, business, communications, control, credentials, cybersecurity, data, defense, detection, endpoint, identity, malicious, mfa, msp, password, ransomware, resilience, soc, threat, tool, updateLooking for end-to-end coverage of your environment? Check out N-able Unified Security Solutions. 2. Transition from manual to automated response : SOC teams can’t keep up with the flood of alerts”, N-able handled 2 alerts per minute on average in 2025. That’s why automation and Security Orchestration, Automation and Response (SOAR) saw a 500% YoY surge”, almost one in four responses are now…
-
ISMG Editors: Vendor Breaches Expose Healthcare Risk
Also: RSAC Speakers Warn AI Is Outpacing Security, DoD’s Zero Trust Reality Check. In this week’s panel, four ISMG editors discussed growing cyber risks in healthcare following recent vendor breaches, key takeaways from RSAC Conference and whether the Pentagon’s zero trust push is delivering real security benefits or just checking off boxes. First seen on…
-
EU cyber agency attributes major data breach to TeamPCP hacking group
The European Union’s cybersecurity agency said the hacking group TeamPCP was behind a massive recent data breach at the European Commission. First seen on therecord.media Jump to article: therecord.media/european-commission-cyberattack-teampcp
-
Hims & Hers warns of data breach after Zendesk support ticket breach
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach/
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke (‘The Left’), forcing an IT systems outage at the political party, and threatening sensitive data leak. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/die-linke-german-political-party-confirms-data-stolen-by-qilin-ransomware/
-
Europe’s cyber agency blames hacking gangs for massive data breach and leak
CERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/03/europes-cyber-agency-blames-hacking-gangs-for-massive-data-breach-and-leak/
-
FBI Declares Surveillance System Breach a ‘Major Incident’
China-linked hackers breached an FBI surveillance system, exposing sensitive investigation data and prompting a “major incident” classification. The post FBI Declares Surveillance System Breach a ‘Major Incident’ appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-china-linked-fbi-surveillance-breach-major-incident/
-
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
As organizations disclose breaches tied to TeamPCP’s supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/teampcp-attacks-hacker-infighting
-
AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems. First seen on hackread.com Jump to article: hackread.com/ai-firm-mercor-breach-hackers-4tb-data/
-
High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/high-severity-vulnerabilities-supply-chain-breaches-and-ai-threats-redefine-cybersecurity-this-week/
-
AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech
See what you missed in Daily Tech Insider from March 30April 3. The post AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/ai-breakthroughs-security-breaches-and-industry-shakeups-define-the-week-in-tech/
-
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/evolution-of-ransomware-multi-extortion-ransomware-attacks/
-
Breach of Confidence: 3 April 2026
I once tried to assemble IKEA furniture this week without looking at the instructions. Got halfway through before realising I’d built something structurally sound but utterly useless. Feels like a decent metaphor for most security programmes. America Discovers It Doesn’t Make Routers Anymore The US just banned foreign-made routers because malicious actors kept using them……
-
Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks
Tags: access, attack, breach, credentials, exploit, hacker, infrastructure, russia, ukraine, vulnerabilityIn a new report, CERT-UA said attackers are revisiting previously breached infrastructure to check whether access is still available, whether exploited vulnerabilities have been patched and whether previously obtained credentials remain valid. First seen on therecord.media Jump to article: therecord.media/ukraine-warns-russian-hackers-revisiting-old-attacks
-
Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture
The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That’s the new attack surface, and most organizations are underprepared for it.Cynomi’s new guide, Securing the Modern…
-
The Cyber Express Weekly Roundup: Ransomware, and Supply Chain Breaches Surge
In this week’s weekly roundup, The Cyber Express delivers a concise overview of the latest cybersecurity news, highlighting major cyberattacks, new ransomware risks, and supply chain vulnerabilities. Organizations across industries continue to face a surge in modern cyber threats, ranging from targeted breaches to large-scale exploitation campaigns that disrupt operations and expose sensitive data. First seen on…
-
Trivy supply chain attack enabled European Commission cloud breach
CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/
-
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack
Tags: attack, breach, credentials, cyber, hacker, korea, malicious, north-korea, software, supply-chain, threatA major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malicious code into the popular HTTP client library. Axios is one of the most widely…
-
Adobe Data Breach Allegedly Exposes 13 Million Support Tickets
A threat actor known as >>Mr. Raccoon<< claims to have breached Adobe, stealing a massive amount of sensitive data. According to a report by International Cyber Digest, the stolen files include 13 million customer support tickets, 15,000 employee records, internal documents, and all of the company's HackerOne bug bounty submissions. The attacker did not hack…
-
Breach Roundup: Feds Confirm ‘Major’ Hack of FBI System
Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key Activity. This week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-feds-confirm-major-hack-fbi-system-a-31329
-
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.Cisco Talos has attributed the operation to a threat cluster it tracks as First seen on…
-
Hasbro hit by cyberattack, investigates possible data breach
Hasbro suffers a cyberattack, disrupting some operations; the company is probing the scope and potential data compromise. Toy giant Hasbro reported a cyberattack on Wednesday that disrupted certain company operations. The firm is investigating the full extent of the incident, including whether any files or sensitive data were compromised, as it works to restore normal…
-
Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea
The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved the “rapid takeover” of the company’s security council administrative powers. First seen on therecord.media Jump to article: therecord.media/drift-crypto-confirms-280-million-stolen-north-korea
-
Alleged Starbucks Incident Exposes Code and Firmware
Threat actors claim to have stolen 10GB of Starbucks code and firmware from a misconfigured S3 bucket. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cloud-security/alleged-starbucks-incident-exposes-code-and-firmware/
-
When Trusted Systems Become Attack Paths
A hospital in Chicago is still dealing with stolen patient data. A major U.S. medical manufacturer is restoring order processing, manufacturing, and shipments after a destructive attack. A Washington-based employee benefits administrator is notifying 2,697,540 people that their data may have been exposed. Put those stories together and the same fault lines keep showing up,……