Collecting Cyber-News from over 60 sources

Tag: corporate

Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit

Apr 29, 2026 4:39 PM

Tags: access, corporate, credentials, crypto, cyber, fintech, group, intelligence, lazarus, macOS, malware, social-engineering, threat

Lazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by Mauro Eldritch, an offensive security expert and founder of BCA LTD, a company focused on threat intelligence and…
ClickUp Data Leak Exposes Enterprise Emails for Over a Year

Apr 29, 2026 12:39 AM

Tags: api, corporate, data, data-breach, email, government, leak, saas

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-clickup-api-key-email-exposure/
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Medical Device Maker Medtronic Says It’s Been Hacked

Apr 28, 2026 12:38 AM

Tags: corporate, cybercrime

Cybercrime Gang ShinyHunters Claimed to Steal 9M Records. Medtronic has told federal authorities that cybercriminals hacked its corporate IT systems, but said the incident did not affect the medical device makers’ products, manufacturing or distribution operations. Cybercrime gang ShinyHunters reportedly claimed responsibility for the hack. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medical-device-maker-medtronic-says-its-been-hacked-a-31518
Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

Apr 27, 2026 10:39 PM

Tags: breach, corporate, cyberattack, group, hacker, international, security-incident, theft

Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach. Medtronic is an international medical…
Enterprise VPN Solutions Every Business Should Know in 2026

Apr 27, 2026 6:39 PM

Tags: access, business, corporate, vpn

Enterprise VPNs provide secure, encrypted access to corporate resources for remote users. Compare the top enterprise VPN providers in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/enterprise-vpn-solutions/
Hackers impersonate Microsoft Teams help desk to breach corporate networks

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, hacker, malware, microsoft, network

Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found. First seen on therecord.media Jump to article: therecord.media/microsoft-teams-hackers-mandiant
Hackers impersonate Microsoft Teams help desk to breach corporate networks

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, hacker, malware, microsoft, network

Hackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found. First seen on therecord.media Jump to article: therecord.media/microsoft-teams-hackers-mandiant
LINKEDIN BROWSERGATE

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, data-breach, espionage, linkedin

BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
LINKEDIN BROWSERGATE

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, data-breach, espionage, linkedin

BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (browsergate.eu/), an association of commercial LinkedIn users, which documents what it describes as one of the largest data breach and corporate espionage scandals in digital history. The central thesis:…
Medtronic confirms breach after hackers claim 9 million records theft

Apr 27, 2026 4:39 PM

Tags: breach, corporate, data, hacker, network, theft

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT systems.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medtronic-confirms-breach-after-hackers-claim-9-million-records-theft/
UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

Apr 27, 2026 3:39 PM

Tags: breach, corporate, credentials, exploit, hacker, malware, microsoft, network

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks. First seen on hackread.com Jump to article: hackread.com/unc6692-hackers-microsoft-teams-snow-malware/
Fake YouTube Downloads Spread Vidar Malware to Steal Corporate Logins

Apr 27, 2026 3:39 PM

Tags: breach, corporate, credentials, cyber, cybercrime, login, malware, russia, software

A new Vidar infostealer campaign is abusing fake software download links on YouTube to compromise corporate employees and sell their stolen credentials on Russian cybercrime marketplaces. In the investigated case, the victim was searching for software on YouTube and likely followed a link in the video description that led to a third”‘party file”‘sharing service. From…
Attackers use MS Teams, fake mailbox repair utility to breach organizations

Apr 27, 2026 2:38 PM

Tags: breach, corporate, group, malware, microsoft, network, threat

A threat group has penetrated corporate networks by impersonating IT helpdesk staff on Microsoft Teams, tricking employees into downloading malware and surrendering their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/attackers-use-ms-teams-fake-mailbox-repair-utility/
5 Enterprise VPN Solutions Every Business Should Know in 2026

Apr 25, 2026 12:39 AM

Tags: access, business, corporate, vpn

Enterprise VPNs provide secure, encrypted access to corporate resources for remote users. Compare the top enterprise VPN providers in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/enterprise-vpn-solutions/
TDL 020 – Why DNS Is Your First Line of Cyber Defense – Chris Buijs

Apr 24, 2026 9:39 PM

Tags: access, attack, automation, business, cisco, ciso, cloud, container, corporate, country, cyber, cybersecurity, data, ddos, defense, dns, encryption, endpoint, finance, firewall, group, hacker, ibm, infrastructure, Internet, iot, jobs, malicious, microsoft, network, office, phone, programming, router, saas, service, software, startup, strategy, switch, technology, threat, tool, training, update, usa, vulnerability, zero-trust

In Episode 20 of The Defender’s Log, host David Redekop sits down with Amsterdam-based tech veteran Chris Buijs to discuss the often-overlooked backbone of internet security: DNS (Domain Name System). The “Set-it-and-Forget-it” Trap Buijs, who transitioned from an electrician to a network architect, notes that many organizations treat DNS as a “utility” rather than a…
TDL 020 – Why DNS Is Your First Line of Cyber Defense – Chris Buijs

Apr 24, 2026 9:39 PM

Tags: access, attack, automation, business, cisco, ciso, cloud, container, corporate, country, cyber, cybersecurity, data, ddos, defense, dns, encryption, endpoint, finance, firewall, group, hacker, ibm, infrastructure, Internet, iot, jobs, malicious, microsoft, network, office, phone, programming, router, saas, service, software, startup, strategy, switch, technology, threat, tool, training, update, usa, vulnerability, zero-trust

In Episode 20 of The Defender’s Log, host David Redekop sits down with Amsterdam-based tech veteran Chris Buijs to discuss the often-overlooked backbone of internet security: DNS (Domain Name System). The “Set-it-and-Forget-it” Trap Buijs, who transitioned from an electrician to a network architect, notes that many organizations treat DNS as a “utility” rather than a…
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams

Apr 24, 2026 7:38 AM

Tags: attack, breach, corporate, cyber, group, hacker, malware, microsoft, social-engineering, threat

A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite that steals sensitive company data. The Social Engineering Trap The attack begins with an aggressive…
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
Pharma Giant Merck and Google Cloud Sign $1B Agentic AI Deal

Apr 23, 2026 1:39 AM

Tags: ai, cloud, corporate, google

Pact Is Among Other Similar Biotech, AI Firm Collaborations to Speed Up Drug R&D. Merck has struck a multi-year deal with Google Cloud worth up to $1 billion to enhance the pharmaceutical and life sciences giant’s digital backbone as an AI-enabled enterprise. The initiative includes deploying an agentic AI platform across R&D, manufacturing, commercial and…
1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online

Apr 22, 2026 9:39 AM

Tags: attack, corporate, cyber, data-breach, exploit, intelligence, microsoft, network, risk, threat, unauthorized, vulnerability

More than 1,370 Microsoft SharePoint servers remain publicly exposed to an actively exploited spoofing vulnerability, putting countless corporate networks at severe risk. Identified by threat intelligence researchers at The Shadowserver Foundation, these unpatched systems are vulnerable to sophisticated attacks that allow unauthorized individuals to bypass security protocols and compromise network integrity. The vulnerability, officially tracked…
AI Threats Aren’t Waiting

Apr 21, 2026 7:39 PM

Tags: ai, attack, corporate, network, threat

I’ve spent nearly 30 years in cybersecurity. I’ve seen a lot of “game changers” come and go. Mythos is different. When Anthropic’s model chained 32 steps of a corporate network attack, start to finish, in hours, I wasn’t shocked. I was sobered. Because I’ve been telling enterprises for years: your flat network isn’t… First seen…
Top techniques attackers use to infiltrate your systems today

Apr 21, 2026 11:39 AM

Tags: 2fa, access, ai, api, attack, authentication, automation, business, captcha, cloud, container, control, corporate, credentials, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, exploit, flaw, hacking, Hardware, identity, infrastructure, least-privilege, malicious, mfa, microsoft, monitoring, network, password, phishing, powershell, ransomware, risk, saas, scam, service, social-engineering, software, supply-chain, theft, tool, training, vpn, vulnerability, worm

Network security device hacking: Network edge devices have increasingly drawn attackers’ attention over the past two years, establishing a new battleground where the very devices meant to protect the network have become attractive targets for exploitation.As a result, flaws in security device, such as SSL VPN systems and other gateways, are among the top initial…
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker

Apr 21, 2026 9:39 AM

Tags: corporate, cyber, linux, network, threat, vmware, windows

Gentlemen is a fast”‘growing ransomware”‘as”‘a”‘service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi”‘platform design and strong defense”‘evasion features make it a high”‘impact threat to corporate networks worldwide. The Gentlemen RaaS emerged around mid”‘2025 and quickly built an affiliate ecosystem by…
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker

Apr 21, 2026 9:39 AM

Tags: corporate, cyber, linux, network, threat, vmware, windows

Gentlemen is a fast”‘growing ransomware”‘as”‘a”‘service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi”‘platform design and strong defense”‘evasion features make it a high”‘impact threat to corporate networks worldwide. The Gentlemen RaaS emerged around mid”‘2025 and quickly built an affiliate ecosystem by…
The Gentlemen ransomware now uses SystemBC for bot-powered attacks

Apr 20, 2026 10:39 PM

Tags: attack, botnet, corporate, malware, ransomware

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/
Webinar: From phishing to fallout, Why MSPs must rethink both security and recovery

Apr 17, 2026 3:39 PM

Tags: business, corporate, cyberattack, defense, msp, phishing, risk, strategy

Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today’s cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-from-phishing-to-fallout-why-msps-must-rethink-both-security-and-recovery/
The endless CISO reporting line debate, and what it says about cybersecurity leadership

Apr 17, 2026 12:48 AM

Tags: access, business, ceo, cio, ciso, cloud, control, corporate, cyber, cybersecurity, firewall, governance, infrastructure, jobs, monitoring, network, resilience, risk, strategy, technology, vulnerability

The governance gap behind the debate: The persistence of this debate reflects a broader governance gap.Historically, information security emerged as a technical discipline embedded within IT departments. Early security teams focused primarily on protecting infrastructure: Firewalls, access controls, network monitoring and vulnerability management. In that environment, it was natural for the security function to sit…
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Apr 14, 2026 9:52 PM

Tags: backdoor, corporate, malware, wordpress

Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/