Tag: breach
-
Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen
A hacker using the alias “Xorcat” claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident. First seen on hackread.com Jump to article: hackread.com/polymarket-rejects-data-breach-hacker-records-stolen/
-
A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP’s Node.js packages, and it’s still active. Here’s what GitGuardian found. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/a-mini-shai-hulud-targeting-the-sap-ecosystem/
-
Mastering agentic AI security through exposure management
As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic AI systems. Key takeaways Organizations have moved from siloed AI chatbots to autonomous, hyperconnected…
-
Mastering agentic AI security through exposure management
As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic AI systems. Key takeaways Organizations have moved from siloed AI chatbots to autonomous, hyperconnected…
-
Learning from the Vercel breach: Shadow AI & OAuth sprawl
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/learning-from-the-vercel-breach-shadow-ai-and-oauth-sprawl/
-
Data Privacy Leaks The Drip, Drip, Drip of Exposure
Beyond the “headline breach,” modern enterprises face a persistent threat: steady-state data leakage. Learn why traditional privacy definitions fail and how “authorized” data flows in workplace apps create continuous legal and operational risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/data-privacy-leaks-the-drip-drip-drip-of-exposure/
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
ShinyHunters exploit Anodot incident to target Vimeo
The video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails. Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provides AI-driven data analytics and anomaly detection tools. Most of the exposed information includes technical data, video titles, and…
-
Vimeo Confirms Data Breach After Hackers Access User Database
Tags: access, breach, cyber, data, data-breach, hacker, risk, security-incident, software, supply-chain, vulnerabilityVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with software supply chains, where a vulnerability in one vendor can compromise multiple downstream companies.…
-
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bluenoroff-turns-victims-into-new-attack-lures
-
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bluenoroff-turns-victims-into-new-attack-lures
-
Video service Vimeo confirms Anodot breach exposed user data
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/video-service-vimeo-confirms-anodot-breach-exposed-user-data/
-
ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs
ADT confirmed a data breach exposing customer names, addresses, phone numbers, and partial SSNs, with millions of records reportedly affected. The post ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-adt-data-breach-millions-customer-records/
-
Video site Vimeo blames security incident on Anodot breach
The hackers did not access video content, user logins or payment card information, and there was no disruption to Vimeo’s services, First seen on therecord.media Jump to article: therecord.media/vimeo-blames-security-incident-on-anodot-breach
-
The Breach Did Not Knock on the Front Door
Attackers are getting in. Security teams have long accepted that premise. What is unsettling is where they are entering from. They are coming through software packages that development teams trust by default, hijacking single sign-on accounts that serve as master keys to dozens of business applications, and pulling firewall configuration files that reveal how a……
-
Medtronic Confirms Data Breach After ShinyHunters Claims
Medtronic confirms IT breach as ShinyHunters claims millions of records accesseda First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/medtronic-data-breach-shinyhunters/
-
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/checkmarx-confirms-lapsus-hackers-leaked-its-stolen-github-data/
-
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
-
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
-
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
-
Bridging the EU AI Act Compliance Gap FireTail Blog
Tags: ai, breach, cloud, compliance, control, data, GDPR, governance, infrastructure, monitoring, privacy, risk, risk-management, tool, trainingApr 28, 2026 – Lina Romero – What the EU AI Act demandsThe EU AI Act classifies AI according to risk. Unacceptable risk is prohibited outright. High-risk AI systems are heavily regulated. Limited-risk systems face transparency obligations. The majority of obligations fall on providers, though deployers carry meaningful obligations too. If your organisation builds AI, buys…
-
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, trainingThe 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
-
French police arrest 21-year-old >>HexDex<< hacker over 100 alleged data breaches
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western France. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/french-police-arrest-hexdex-hacker
-
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds
A Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access controls. The Nine-Second Data Breach Jer Crane, founder of automotive software platform PocketOS, reported that the…
-
ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack
The ShinyHunters extortion group is claiming responsibility for a breach of home and commercial security vendor ADT that exposed the data of 5.5 million customers. attack appears to be part of a larger and ongoing vishing campaign being run by the prolific threat actors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/adt-breach-exposes-data-of-5-5-million-customers-shinyhunters-likely-behind-attack/
-
Medical and utility tech companies admit digital breakins
Tags: breachItron, Medtronic disclose breaches in Friday filings First seen on theregister.com Jump to article: www.theregister.com/2026/04/27/itron_medtronic_hacked/
-
Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records
Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach. Medtronic is an international medical…