Tag: breach

New “Punishing Owl” Hacker Group Targets Networks Linked to Russian Security Agency

Feb 2, 2026 11:14 PM

Tags: attack, breach, cyber, cybersecurity, data, government, group, hacker, network, russia, threat

A previously unknown threat actor calling itself Punishing Owl has claimed responsibility for breaching a Russian government security agency, marking the emergence of what cybersecurity researchers believe is a new politically motivated hacktivist collective. The attack demonstrated sophisticated operational security capabilities beyond typical data exfiltration campaigns. On the same day as the breach announcement, Punishing…
Capital Health to Pay $4.5M in LockBit Breach Settlement

Feb 2, 2026 10:14 PM

Tags: attack, breach, data, healthcare, lockbit, ransomware, theft

Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000. Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees. First seen on…
Notepad++ Updates Delivered Malware After Hosting Provider Breach

Feb 2, 2026 7:13 PM

Tags: breach, china, hacker, malware, update

A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider. First seen on hackread.com Jump to article: hackread.com/notepad-updates-malware-hosting-breach/
Notepad++ update service hijacked in targeted state-linked attack

Feb 2, 2026 3:14 PM

Tags: attack, breach, service, update

Breach lingered for months before stronger signature checks shut the door First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/notepad_plusplus_intrusion/
Panera Bread breach impacts 5.1 million accounts, not 14 million customers

Feb 2, 2026 3:14 PM

Tags: breach, data, data-breach, service

The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/panera-bread-data-breach-impacts-51-million-accounts-not-14-million-customers/
Why non-human identities are your biggest security blind spot in 2026

Feb 2, 2026 1:13 PM

Tags: access, api, breach, cloud, control, credentials, data-breach, github, google, governance, identity, least-privilege, password, service, threat, tool

The three blind spots I keep finding: After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess. Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian…
NationStates confirms data breach, shuts down game site

Feb 2, 2026 12:13 PM

Tags: breach, data, data-breach

NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nationstates-confirms-data-breach-shuts-down-game-site/
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game

Feb 2, 2026 11:13 AM

Tags: breach, cyberattack, cybercrime, law, leak, marketplace, risk, threat

The BreachForums marketplace has suffered a leak, exposing the identities of nearly 324,000 cybercriminals. This incident highlights a critical shift in cyberattacks, creating opportunities for law enforcement while demonstrating the risks associated with breaches in the cybercriminal ecosystem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/breachforums-breach-exposes-names-of-324k-cybercriminals-upends-the-threat-intel-game/
IoT Penetration Testing: Definition, Process, Tools, and Benefits

Feb 1, 2026 8:13 AM

Tags: attack, breach, cloud, exploit, firmware, iot, mobile, penetration-testing, risk, service, tool

IoT penetration testing is a security assessment of the complete IoT ecosystem, from backend systems and cloud services to mobile devices and hardware. It involves a multi-stage simulated attack on IoT devices and their supporting system to identify security risks before attackers can exploit them. Unpatched firmware is responsible for 60% of IoT security breaches,……
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Jan 31, 2026 9:15 PM

Tags: access, attack, breach, credentials, extortion, google, group, hacking, mandiant, mfa, phishing, saas, threat, unauthorized

Google-owned Mandiant on Friday said it identified an “expansion in threat activity” that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters.The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim First seen on thehackernews.com Jump…
Thousands more Oregon residents learn their health data was stolen in TriZetto breach

Jan 30, 2026 8:42 PM

Tags: breach, data

Parent company Cognizant hit with multiple lawsuits First seen on theregister.com Jump to article: www.theregister.com/2026/01/30/trizetto_health_data_stolen/
Thousands more Oregon residents learn their health data was stolen in TriZetto breach

Jan 30, 2026 8:42 PM

Tags: breach, data

Parent company Cognizant hit with multiple lawsuits First seen on theregister.com Jump to article: www.theregister.com/2026/01/30/trizetto_health_data_stolen/
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

Jan 30, 2026 6:21 PM

Tags: ai, attack, best-practice, breach, cve, cyber, data, exploit, kali, linux, network, open-source, tool, update, vulnerability

From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous…
Coupang CEO questioned by police investigating obstruction of probe into data breach

Jan 30, 2026 6:21 PM

Tags: breach, ceo, data, data-breach

Seoul Metropolitan Police, as part of their investigation into the data breach at online retail giant Coupang, brought in acting CEO Harold Rogers. First seen on therecord.media Jump to article: therecord.media/coupang-acting-CEO-questioned-police-investigating-data-breach
SoundCloud Data Breach Exposes Nearly 30M User Accounts

Jan 30, 2026 6:21 PM

Tags: breach, data, data-breach, email, phishing

A SoundCloud breach affecting 29.8 million accounts exposed email addresses and profile data, increasing phishing risks. The post SoundCloud Data Breach Exposes Nearly 30M User Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-soundcloud-breach-exposes-nearly-30-million-users/
Critical Exploits, Data Breaches, and AI Threats Define This Week in Cybersecurity

Jan 30, 2026 5:22 PM

Tags: ai, breach, cybersecurity, data, exploit, threat

Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/critical-exploits-data-breaches-and-ai-threats-define-this-week-in-cybersecurity/
Top 6 Data Breaches of January 2026

Jan 30, 2026 4:22 PM

Tags: breach, data

If you followed breach disclosures in January 2026, a pattern quickly became hard to ignore. Very different organizations reported incidents within a short span of time. Global brands, nonprofits, logistics… The post Top 6 Data Breaches of January 2026 appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/01/top-6-data-breaches-of-january-2026/
Top 6 Data Breaches of January 2026

Jan 30, 2026 4:22 PM

Tags: breach, data

If you followed breach disclosures in January 2026, a pattern quickly became hard to ignore. Very different organizations reported incidents within a short span of time. Global brands, nonprofits, logistics… The post Top 6 Data Breaches of January 2026 appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/01/top-6-data-breaches-of-january-2026/
Dating-app giants investigate incidents after cybercriminals claim to steal data

Jan 30, 2026 3:28 PM

Tags: breach, cybercrime, data, group, network

Bumble and Match said they each recently responded to network intrusions. The group ShinyHunters claimed to have stolen data from both. First seen on therecord.media Jump to article: therecord.media/bumble-match-dating-apps-data-breaches
Comcast to Pay $117M in Security Breach Settlement

Jan 30, 2026 11:28 AM

Tags: breach, citrix, flaw, vulnerability

The breach was linked to a vulnerability known as “CitrixBleed,” a flaw affecting Citrix NetScaler Application Delivery Controller and Gateway appliances. The post Comcast to Pay $117M in Security Breach Settlement appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-comcast-security-breach-settlement/
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits

Jan 30, 2026 5:21 AM

Tags: access, ai, breach, business, ceo, ciso, control, corporate, data, finance, framework, governance, Internet, LLM, network, risk, technology, threat, tool, training

51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Jan 30, 2026 5:21 AM

Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized

<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Jan 30, 2026 5:21 AM

Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized

<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
Measuring Agentic AI Posture: A New Metric for CISOs

Jan 30, 2026 5:21 AM

Tags: access, ai, api, attack, breach, business, ciso, cybersecurity, data, data-breach, defense, endpoint, finance, governance, identity, injection, intelligence, metric, radius, risk, strategy, update, waf

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
Breach Roundup: Android RAT Hides Behind Hugging Face

Jan 29, 2026 11:22 PM

Tags: android, breach, cisa, cyber, data-breach, exploit, flaw, microsoft, rat, vmware

Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty. This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach. First seen on govinfosecurity.com Jump to article:…
Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach

Jan 29, 2026 10:24 PM

Tags: breach, data, data-breach, fintech, firewall

The fintech giant said it plans to “seek recoupment of any expenses” from its firewall provider SonicWall after a 2025 data breach exposed customer firewall configurations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/29/fintech-firm-marquis-blames-hack-at-firewall-provider-sonicwall-for-its-data-breach/
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match

Jan 29, 2026 8:22 PM

Tags: breach, cybersecurity, data, group, service

Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/match-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match/
Data Breaches in America Hit All-Time Record High in 2025

Jan 29, 2026 7:21 PM

Tags: breach, data, data-breach, identity, theft, usa

Identity Theft Resource Center Catalogs 3,322 Known US Incidents in 2025. The number of U.S. organizations that reported falling victim to a data breach in 2025 reached an all-time high, while the number of notifications they sent to affected consumers fell sharply, reports the Identity Theft Resource Center’s latest annual breach roundup. First seen on…
Marquis blames ransomware breach on SonicWall cloud backup hack

Jan 29, 2026 7:21 PM

Tags: attack, backup, breach, cloud, finance, ransomware, service, software

Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-blames-ransomware-breach-on-sonicwall-cloud-backup-hack/
The Agentic AI Posture Score: A New Metric for CISOs

Jan 29, 2026 6:25 PM

Tags: ai, api, attack, breach, business, ciso, cybersecurity, data, data-breach, defense, endpoint, finance, governance, identity, injection, metric, radius, risk, strategy, threat, update, waf

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…