Tag: breach
-
Alleged Cyberattack on Crunchyroll Exposes Risks in Outsourced Systems
The reported Crunchyroll data breach has sparked a new debate across First seen on thecyberexpress.com Jump to article: thecyberexpress.com/crunchyroll-data-breach/
-
Mazda discloses security breach exposing employee and partner data
Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mazda-discloses-security-breach-exposing-employee-and-partner-data/
-
Live from RSAC 2026: ColorTokens on Breach Readiness, Measurable Risk Reduction, and What’s Ahead
RSAC 2026 is here, and for ColorTokens, this year’s focus is “breach readiness for measurable risk reduction.” From March 23 to 26, at Booth #1933 in the South Expo Hall, Moscone Center, we are meeting with security leaders facing a hard reality. Attacks are moving faster. AI is reducing the effort needed to exploit modern……
-
Live from RSAC 2026: ColorTokens on Breach Readiness, Measurable Risk Reduction, and What’s Ahead
RSAC 2026 is here, and for ColorTokens, this year’s focus is “breach readiness for measurable risk reduction.” From March 23 to 26, at Booth #1933 in the South Expo Hall, Moscone Center, we are meeting with security leaders facing a hard reality. Attacks are moving faster. AI is reducing the effort needed to exploit modern……
-
Education company Kaplan reports data breach impacting more than 230,000
The educational services company Kaplan told state regulators that at least 230,000 people had Social Security and driver’s license numbers leaked following a cybersecurity incident in the fall of 2025. First seen on therecord.media Jump to article: therecord.media/kaplan-data-breach-hack-notification
-
Crunchyroll probes breach after hacker claims to steal 6.8M users’ data
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/crunchyroll-probes-breach-after-hacker-claims-to-steal-68m-users-data/
-
What “Most Innovative Breach Readiness Solution” Actually Means
A transmission from the team”¦ Guys, the AttackersAre Already Inside.Are You Ready? Breach readiness is not a posture you claim. It is an architecture you prove, measured in seconds, not compliance checkboxes. In an era defined by digital acceleration and AI-enabled innovation, simply aiming for prevention is no longer sufficient. Enterprises must embrace a new……
-
US chip testing firm shrugged off ransomware hit as minor then came the data leak
Trio-Tech International initially said hack wasn’t ‘material,’ but then stolen data was published First seen on theregister.com Jump to article: www.theregister.com/2026/03/23/us_chip_testing_firm_shrugged/
-
Lockheed Martin targeted in alleged breach by pro-Iran hacktivist
The group is demanding millions of dollars to not sell the information to U.S. adversaries. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/lockheed-martin-breach-pro-iran-hacktivist/815430/
-
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.40.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
-
US chip testing firm shrugged off ransomware hit as minor – then came the data leak
Trio-Tech International initially said hack wasn’t ‘material,’ but then stolen data was published First seen on theregister.com Jump to article: www.theregister.com/2026/03/23/us_chip_testing_firm_shrugged/
-
Foster City Cyberattack Disrupts Services, Raises Data Breach Fears
A ransomware attack has disrupted municipal operations in Foster City, California, as officials continue to respond. The Bay Area city, home to roughly 34,000 residents, was forced to suspend most public services after suspicious activity was detected early Thursday morning. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/foster-city-cyberattack/
-
Does your NHI system deliver essential value
Is Your Organization’s Non-Human Identity Strategy Robust Enough? What if the backbone of your organization’s cybersecurity strategy is more susceptible to breaches than you think? Where machine identities increasingly outnumber human ones, focusing on Non-Human Identities (NHIs) is critical. NHIs serve as the “tourists” navigating through vast cloud environments. Much like human identities, they require……
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
73% of Breaches Happen Due to Weak GRC Implement It The Right Way
Most organizations assume breaches happen because of sophisticated zero-day exploits or highly advanced attackers. The reality is far less dramatic and far more risky. Nearly 73% of breaches stem from weak Governance, Risk, and Compliance (GRC) practices. This means attackers are not breaking in, they’re walking through open doors created by poor risk visibility, weak……
-
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials
Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerabilityA highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
-
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials
Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerabilityA highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples. First seen on hackread.com Jump to article: hackread.com/hacker-group-lapsus-astrazeneca-data-breach/
-
ISMG Editors: Stryker Attack Hits Healthcare Supply Chain
Also: CISA Protocol Concerns, AI Agents Push Past Cybersecurity Controls. In this week’s panel, four ISMG editors unpacked the cyber dimensions of the Stryker attack amid the escalating Iran-Israel-U.S. tensions, the growing controversy around CISA leadership and alleged protocol breaches, and a new set of concerns related to AI agents bypassing security controls. First seen…
-
Navia data breach impacts nearly 2.7 Million people
Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident. Navia Benefit Solutions is a U.S.-based company that provides…
-
2.7 million hit in workplace benefits data breach exposing SSNs, dates of birth and health account data
Nearly 2.7 million Americans are being notified that their personal data may have been compromised following a cyberattack on Navia Benefit Solutions, a backend benefits administrator that serves over 10,000 employers across the US. The company manages Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), COBRA services and more, meaning millions of people could receive…
-
How CISOs Can Survive the Era of Geopolitical Cyberattacks
Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-cisos-can-survive-the-era-of-geopolitical-cyberattacks/
-
The Invisible Breach: ‘Operation GhostMail’ Uses Zero-Click XSS to Hijack Ukrainian Webmail
The post The Invisible Breach: ‘Operation GhostMail’ Uses Zero-Click XSS to Hijack Ukrainian Webmail appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/invisible-breach-operation-ghostmail-zero-click-xss-ukraine/
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…