Tag: breach
-
500GB Stolen From Namibia Airports A Wake Up Call for Aviation Security
Airports are critical infrastructure hubs that manage sensitive operational, passenger, and logistics data. A breach in such environments does not just impact data privacy. It can introduce broader risks to national security and operational continuity. New reporting from Africa Press reveals that hackers have claimed a 500GB data breach involving the Namibia Airports Company, raising…
-
Recent Navia data breach impacts HackerOne employee data
A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that a data breach at Navia Benefit Solutions exposed the personal information of nearly 300 of its employees. The incident stems from an attack on the third-party benefits provider, highlighting how breaches at external partners can…
-
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
Tags: access, breach, business, ceo, control, credentials, extortion, github, incident response, Internet, malicious, mandiant, open-source, saas, software, supply-chain, theft, updateA pattern of persistent access: This is the second compromise affecting the Trivy ecosystem within roughly a month. Socket identified compromised Aqua Trivy VS Code extension releases on OpenVSX in late February, and now trivy-action, Trivy’s official GitHub Action for running scans in CI/CD workflows, has been abused through manipulated version tags to distribute malicious…
-
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
New research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than 48 hours far faster than traditional breach detection timelines. Unlike database breaches that take weeks or months to uncover, infostealer infections move at machine speed. A typical scenario begins when…
-
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys to the same Telegram bot-based command-and-control (C2) channel. The campaign hits both Solana and Ethereum…
-
You don’t have to choose between BAS or automated pentesting, you shouldn’t
There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/picus-bas-vs-automated-pentesting/
-
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
Tags: breach, bug-bounty, cyber, cyberattack, data, data-breach, network, security-incident, service, vulnerabilityHackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed through a targeted cyberattack on a third-party service provider known as Navia. Employee Data Stolen According to a…
-
HackerOne, Mazda, Infinite Campus and Dutch Ministry Hit by Data Breaches
HackerOne, Mazda, Infinite Campus and the Dutch Ministry report data breaches, exposing employee and partner data across multiple sectors worldwide. First seen on hackread.com Jump to article: hackread.com/hackerone-mazda-infinite-campus-dutch-ministry-data-breaches/
-
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
-
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
-
Data breach at Dutch Ministry of Finance impacts staff following cyberattack
Dutch Ministry of Finance disclosed a data breach affecting some employees following a cyberattack, investigation is ongoing. The Dutch Ministry of Finance disclosed a cyberattack detected on March 19 after a third-party alert. Attackers breached some internal systems, the incident impacted a >>portion of the employees<<. Authorities are still investigating the incident and its full…
-
Cy4Data Labs Brings Real-Time Insider Threat Detection to RSAC 2026
Cy4Data Labs announced at RSAC 2026 that its flagship platform Cy4Secure now includes a Behavior Engine for insider threat detection, designed to bring the time it takes to identify and contain a data breach from more than 200 days down to seconds. The Behavior Engine is built around a three-phase response model: Detect, Deny, Eject……
-
OVHcloud Founder Denies Massive 590TB Data Breach Claims
OVHcloud denies breach after hacker claims 600TB data theft affecting millions of sites, with experts doubting authenticity due to weak proof First seen on hackread.com Jump to article: hackread.com/ovhcloud-founder-denies-590tb-data-breach-claims/
-
QualDerm Partners December 2025 data breach impacts over 3 Million people
Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 million people are affected by a December 2025 data breach at QualDerm Partners, where hackers stole personal, medical, and health insurance information from the company’s internal systems. QualDerm Partners is a U.S.-based healthcare management…
-
Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach
A reported breach of P3 Global Intel exposed millions of anonymous crime and school safety tips, raising new concerns about privacy and trust. The post Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-p3-global-intel-data-breach/
-
Utimaco Survey: 78% of US Companies Say Data Breaches Are the Top GenAI Risk, But Most Haven’t Acted
Companies know they have a problem with generative AI and quantum security. They just haven’t done much about it yet. That’s the upshot of Utimaco’s 2026 Digital Trust Report, a commissioned study of 250 large U.S. companies released at RSAC 2026. The research, conducted by 451 Research from S&P Global, exposes a stark gap between..…
-
Dutch Finance Ministry probing cyber breach affecting internal systems
The Dutch Ministry of Finance is investigating a cyberattack that compromised some of its internal systems, officials confirmed Monday. First seen on therecord.media Jump to article: therecord.media/netherlands-finance-ministry-cyberattack-breach
-
Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets
The popular anime streaming platform Crunchyroll confirmed that a batch of customer information that was stolen through a third-party customer service vendor and leaked online is legitimate. First seen on therecord.media Jump to article: therecord.media/crunchyroll-hacker-anime-data-theft
-
HackerOne discloses employee data breach after Navia hack
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackerone-discloses-employee-data-breach-after-navia-hack/
-
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/
-
HackerOne slams supplier for delayed breach notice after staff data exposed
Nearly 300 employees caught up in intrusion at benefits provider Navia First seen on theregister.com Jump to article: www.theregister.com/2026/03/24/hackerone_supplier_breach/
-
Dutch Ministry of Finance discloses breach affecting employees
The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dutch-ministry-of-finance-discloses-breach-affecting-employees/
-
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.The workflows, both maintained by the supply chain security company Checkmarx, are listed below -checkmarx/ast-github-actioncheckmarx/kics-github-actionCloud security First seen on thehackernews.com Jump to article:…
-
Russian Access Broker Jailed for Facilitating Ransomware Attacks Targeting U.S. Companies
A United States federal court has sentenced Aleksei Volkov, a 26-year-old Russian national, to 81 months in prison for operating as an initial access broker. Volkov played a critical part in enabling major cybercrime syndicates, including the Yanluowang ransomware group, to breach corporate networks across the country. His illicit activities resulted in more than $9…
-
Founder of CoinDCX Arrested Amid Serious Fraud and Cheating Charges
The Indian cryptocurrency sector is currently facing a significant legal and cybersecurity controversy following the recent arrest of prominent CoinDCX executives. Local law enforcement from Mumbra police in Thane apprehended co-founders Sumit Gupta and Neeraj Khandelwal in Bengaluru. Both executives were produced before a court and remanded into police custody, facing charges of criminal breach…
-
Why CISOs should embrace AI honeypots
Tags: access, ai, api, attack, breach, business, ciso, credentials, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, hacker, LLM, mitigation, open-source, RedTeam, risk, service, threat, tool, vulnerabilityWhy CISOs should consider honeypots: Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these…