Tag: breach

Poor Risk Analysis Cost 4 Firms $1.7 Million in HIPAA Fines

Apr 25, 2026 12:39 AM

Tags: breach, group, healthcare, HIPAA, insurance, ransomware, risk, risk-analysis

HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures. Faulty or non-existent security risk analyses cost a medical imaging provider, a women’s healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn’t do enough to prevent ransomware attacks. First seen on govinfosecurity.com…
ADT says customer data stolen in cyber intrusion

Apr 24, 2026 9:39 PM

Tags: breach, cyber, cybercrime, data

The home security company ADT said cybercriminals breached company systems on Monday and stole a “limited set” of customer and prospective customer information. First seen on therecord.media Jump to article: therecord.media/ADT-data-breach-cyberattack
ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface

Apr 24, 2026 6:39 PM

Tags: breach, email, leak

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface

Apr 24, 2026 6:39 PM

Tags: breach, email, leak

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
ShinyHunters Claims Udemy Data Breach of 1.4M Users

Apr 24, 2026 6:39 PM

Tags: breach, data, data-breach

ShinyHunters claims to have breached Udemy and stolen 1.4 million user records. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/shinyhunters-claims-udemy-data-breach-of-1-4m-users/
Data Breaches, AI Expansion, and Cloud Security Define This Week’s Cyber Landscape in April 2026

Apr 24, 2026 6:39 PM

Tags: ai, breach, cloud, cyber, cybersecurity, data

Weekly summary of Cybersecurity Insider newsletters in April 2026 First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/data-breaches-ai-expansion-and-cloud-security-define-this-weeks-cyber-landscape-in-april-2026/
DORA and operational resilience: Credential management as a financial risk control

Apr 24, 2026 5:39 PM

Tags: access, authentication, breach, control, credentials, dora, finance, regulation, resilience, risk

Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dora-and-operational-resilience-credential-management-as-a-financial-risk-control/
UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China

Apr 24, 2026 4:39 PM

Tags: breach, china, data, data-breach, government

UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-biobank-data-beach-health-data/
The Cyber Express Weekly Roundup: Data Breaches, Malware Campaigns, and Cyber Fraud Investigations

Apr 24, 2026 2:39 PM

Tags: breach, cyber, cybersecurity, data, fraud, law, malware

In this week’s edition of The Cyber Express weekly roundup, we explore the latest developments in the world of cybersecurity, focusing on high-profile data breaches, growing malware campaigns, and law enforcement actions against cybercriminals. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-april-2026/
Breach of Confidence: 24 April 2026

Apr 24, 2026 1:38 PM

Tags: breach, business, chatgpt, strategy

I spent an hour this week explaining to someone that no, ChatGPT cannot reliably fact-check itself, and yes, that’s a problem when your entire business strategy depends on it being right. They looked at me like I’d just told them Father Christmas works part-time at Argos. The Swing That Crosses Borders 40 Times a Minute……
Checkmarx supply chain attack impacts Bitwarden npm distribution path

Apr 24, 2026 12:39 PM

Tags: attack, breach, github, malicious, supply-chain

Bitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected version, @bitwarden/cli 2026.4.0, contained malicious code hidden in the bw1.js file. The breach likely stemmed…
UK Biobank Leak Prompts Urgent Review of Data Protection in Biomedical Research

Apr 24, 2026 11:39 AM

Tags: breach, data, data-breach, leak

The UK Biobank data breach has intensified scrutiny around the handling and protection of sensitive health information, even when such data is stripped of personally identifiable details. Widely regarded as one of the most significant biomedical research resources in the world, UK Biobank holds extensive genetic, lifestyle, and medical data contributed by around 500,000 volunteers. …
UK Biobank Leak Prompts Urgent Review of Data Protection in Biomedical Research

Apr 24, 2026 11:39 AM

Tags: breach, data, data-breach, leak

The UK Biobank data breach has intensified scrutiny around the handling and protection of sensitive health information, even when such data is stripped of personally identifiable details. Widely regarded as one of the most significant biomedical research resources in the world, UK Biobank holds extensive genetic, lifestyle, and medical data contributed by around 500,000 volunteers. …
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams

Apr 24, 2026 7:38 AM

Tags: attack, breach, corporate, cyber, group, hacker, malware, microsoft, social-engineering, threat

A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite that steals sensitive company data. The Social Engineering Trap The attack begins with an aggressive…
Bitwarden CLI Compromised After Malicious GitHub Actions Workflow

Apr 24, 2026 7:38 AM

Tags: breach, cyber, cybersecurity, github, malicious, password, supply-chain

Cybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’s npm package. This breach is part of the broader, ongoing Checkmarx supply chain campaign. Bitwarden CLI Compromised The compromised package, identified…
Breach Roundup: Myanmar Scam Compound Managers Charged

Apr 24, 2026 5:39 AM

Tags: apache, breach, cisa, ddos, exploit, flaw, hacking, infrastructure, network, ransomware, russia, scam

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal Hit. This week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat. First seen on…
Medical data of half a million Britons on sale in China after Biobank breach

Apr 24, 2026 1:38 AM

Tags: breach, china, data

Biobank operator is taking steps to improve security after biological, health and lifestyle information from its database was offered for sale on a Chinese website First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642041/Medical-data-about-half-a-million-Britains-on-sale-in-China-after-Biobank-breach
Doctor Lobby Urges Congress to Set AI Chatbot Safeguards

Apr 24, 2026 12:38 AM

Tags: ai, breach, data, intelligence, privacy, risk, tool

AMA Wants Privacy, Security AI Tool Protections, Especially in Mental Health. The American Medical Association says using artificial intelligence chatbots carries risks – including data privacy and security breaches – and the largest U.S. professional association for physicians and medical students is urging Congress to take action to protect patients from potential harm. First seen…
Five steps to become Mythos ready

Apr 23, 2026 9:39 PM

Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-day

AI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
Five steps to become Mythos ready

Apr 23, 2026 9:39 PM

Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-day

AI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Luxury cosmetics giant Rituals discloses data breach impacting member personal details

Apr 23, 2026 8:39 PM

Tags: access, breach, data, data-breach, hacker, unauthorized

Rituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals disclosed a data breach impacting My Rituals members after attackers gained unauthorized access to its systems and downloaded part of the database. The security breach occurred earlier this month, and the company is…
New Checkmarx supply-chain breach affects KICS analysis tool

Apr 23, 2026 6:39 PM

Tags: breach, data, docker, hacker, supply-chain, tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/
New Checkmarx supply-chain breach affects KICS analysis tool

Apr 23, 2026 6:39 PM

Tags: breach, data, docker, hacker, supply-chain, tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/
Vercel says some of its customers’ data was stolen prior to its recent hack

Apr 23, 2026 5:39 PM

Tags: breach, data

The app and website hosting company has found evidence of a second compromise of customer accounts after expanding its initial investigation following a breach in early April. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/23/vercel-says-some-of-its-customers-data-was-stolen-prior-to-its-recent-hack/
Cosmetics giant Rituals discloses data breach affecting customers

Apr 23, 2026 5:39 PM

Tags: breach, data, data-breach

Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its “My Rituals” membership database. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cosmetics-giant-rituals-discloses-data-breach-affecting-customers/
Hacker with a special interest in breaching sports institutions ends behind bars

Apr 23, 2026 4:39 PM

Tags: breach, data, hacker

French police have arrested a suspected hacker linked to a series of data breaches affecting organizations in the country. Citing authorities, Le Parisien reported that the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/france-hacker-arrested-data-breaches-sports-federations/
Vercel Confirms Security Breach Affecting Customer Accounts

Apr 23, 2026 3:39 PM

Tags: access, breach, cloud, cyber, incident response, law

Vercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number of customer accounts and stored data. The cloud platform provider disclosed that it is actively investigating the incident with help from outside incident response experts and has also notified law enforcement. According…