Collecting Cyber-News from over 60 sources

Tag: breach

Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach

Apr 28, 2026 3:38 PM

Tags: breach, data, data-breach, finance, group

Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
Bridging the EU AI Act Compliance Gap FireTail Blog

Apr 28, 2026 1:39 PM

Tags: ai, breach, cloud, compliance, control, data, GDPR, governance, infrastructure, monitoring, privacy, risk, risk-management, tool, training

Apr 28, 2026 – Lina Romero – What the EU AI Act demandsThe EU AI Act classifies AI according to risk. Unacceptable risk is prohibited outright. High-risk AI systems are heavily regulated. Limited-risk systems face transparency obligations. The majority of obligations fall on providers, though deployers carry meaningful obligations too. If your organisation builds AI, buys…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Stopping AiTM attacks: The defenses that actually work after authentication succeeds

Apr 28, 2026 11:39 AM

Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, training

The 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
French police arrest 21-year-old >>HexDex<< hacker over 100 alleged data breaches

Apr 28, 2026 11:39 AM

Tags: breach, data, data-breach, hacker

A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western France. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/french-police-arrest-hexdex-hacker
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds

Apr 28, 2026 7:39 AM

Tags: access, ai, backup, breach, cyber, data, data-breach, infrastructure, saas, software, startup

A Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access controls. The Nine-Second Data Breach Jer Crane, founder of automotive software platform PocketOS, reported that the…
ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack

Apr 27, 2026 11:39 PM

Tags: attack, breach, data, data-breach, extortion, group, threat

The ShinyHunters extortion group is claiming responsibility for a breach of home and commercial security vendor ADT that exposed the data of 5.5 million customers. attack appears to be part of a larger and ongoing vishing campaign being run by the prolific threat actors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/adt-breach-exposes-data-of-5-5-million-customers-shinyhunters-likely-behind-attack/
Medical and utility tech companies admit digital breakins

Apr 27, 2026 11:39 PM

Tags: breach

Itron, Medtronic disclose breaches in Friday filings First seen on theregister.com Jump to article: www.theregister.com/2026/04/27/itron_medtronic_hacked/
Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

Apr 27, 2026 10:39 PM

Tags: breach, corporate, cyberattack, group, hacker, international, security-incident, theft

Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach. Medtronic is an international medical…
Medical and utility tech companies hacked by digital intruders

Apr 27, 2026 8:39 PM

Tags: breach, Intruder

Itron, Medtronic disclose breaches in Friday filings First seen on theregister.com Jump to article: www.theregister.com/2026/04/27/itron_medtronic_hacked/
FIRESIDE CHAT: Leaked secrets are now the go-to attack vector, and AI is accelerating exposures

Apr 27, 2026 7:39 PM

Tags: ai, attack, breach, credentials, data-breach

A consequential shift is underway in how enterprise breaches begin. The leaked credential, once treated as a hygiene problem, has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/fireside-chat-leaked-secrets-are-now-the-go-to-attack-vector-and-ai-is-accelerating-exposures/
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

Apr 27, 2026 7:39 PM

Tags: breach, cloud, data, data-breach, leak

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems. First seen on hackread.com Jump to article: hackread.com/shinyhunters-leak-udemy-zara-7-eleven-data-breach/
Home Security Firm ADT Breach: 5.5M Customers’ Data Exposed

Apr 27, 2026 7:39 PM

Tags: attack, breach, data, data-breach, extortion, group, leak, threat

Prolific ShinyHunters Extortion Group Made ‘Pay or Leak’ Threat to Victim. Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee. First seen…
âš¡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Apr 27, 2026 6:39 PM

Tags: ai, attack, backdoor, breach, malware, supply-chain, tool

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds.…
âš¡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Apr 27, 2026 6:39 PM

Tags: ai, attack, backdoor, breach, malware, supply-chain, tool

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds.…
Home security giant ADT data breach affects 5.5 million people

Apr 27, 2026 5:39 PM

Tags: breach, data, data-breach, extortion, group, service

The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/home-security-giant-adt-data-breach-affects-55-million-people/
Hackers impersonate Microsoft Teams help desk to breach corporate networks

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, hacker, malware, microsoft, network

Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found. First seen on therecord.media Jump to article: therecord.media/microsoft-teams-hackers-mandiant
Hackers impersonate Microsoft Teams help desk to breach corporate networks

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, hacker, malware, microsoft, network

Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found. First seen on therecord.media Jump to article: therecord.media/microsoft-teams-hackers-mandiant
LINKEDIN BROWSERGATE

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, data-breach, espionage, linkedin

BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
LINKEDIN BROWSERGATE

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, data-breach, espionage, linkedin

BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
Medtronic confirms breach after hackers claim 9 million records theft

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, hacker, network, theft

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT systems.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medtronic-confirms-breach-after-hackers-claim-9-million-records-theft/
Fake YouTube Downloads Spread Vidar Malware to Steal Corporate Logins

Apr 27, 2026 3:39 PM

Tags: breach, corporate, credentials, cyber, cybercrime, login, malware, russia, software

A new Vidar infostealer campaign is abusing fake software download links on YouTube to compromise corporate employees and sell their stolen credentials on Russian cybercrime marketplaces. In the investigated case, the victim was searching for software on YouTube and likely followed a link in the video description that led to a third”‘party file”‘sharing service. From…
27th April Threat Intelligence Report

Apr 27, 2026 3:39 PM

Tags: access, breach, cloud, intelligence, security-incident, threat, unauthorized

Vercel, a frontend cloud platform, has disclosed a security incident linked to a compromise at Context.ai, where stolen OAuth tokens enabled unauthorized access through a connected app. The company reported access to employee […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/27th-april-threat-intelligence-report/
UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

Apr 27, 2026 3:39 PM

Tags: breach, corporate, credentials, exploit, hacker, malware, microsoft, network

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks. First seen on hackread.com Jump to article: hackread.com/unc6692-hackers-microsoft-teams-snow-malware/
Money launderer linked to $230M crypto heist gets 70 months in prison

Apr 27, 2026 3:39 PM

Tags: breach, crypto

22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/money-launderer-linked-to-230m-crypto-heist-gets-70-months-in-prison/
Attackers use MS Teams, fake mailbox repair utility to breach organizations

Apr 27, 2026 2:38 PM

Tags: breach, corporate, group, malware, microsoft, network, threat

A threat group has penetrated corporate networks by impersonating IT helpdesk staff on Microsoft Teams, tricking employees into downloading malware and surrendering their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/attackers-use-ms-teams-fake-mailbox-repair-utility/
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Apr 27, 2026 2:38 PM

Tags: attack, breach, exploit, group, network, russia, software, threat, ukraine, vulnerability

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025.That’s according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible First seen on…
Hackers claim millions of records stolen in ADT breach

Apr 27, 2026 1:39 PM

Tags: breach, hacker, monitoring

ADT, a Florida-based provider of alarm monitoring solutions, confirmed that hackers breached its systems and accessed a portion of customer data. According to a company … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/adt-systems-data-breach/
Hackers claim millions of records stolen in ADT breach

Apr 27, 2026 1:39 PM

Tags: breach, hacker, monitoring

ADT, a Florida-based provider of alarm monitoring solutions, confirmed that hackers breached its systems and accessed a portion of customer data. According to a company … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/adt-systems-data-breach/