Tag: data-breach
-
Absolute Security: Enterprise PCs Are Left Unprotected 76 Days a Year as Endpoint Tools Fail 21% of the Time
Absolute Security released its 2026 Resilience Risk Index at RSA Conference 2026, and the headline finding is stark: endpoint security software fails to protect devices nearly 21 percent of the time, leaving enterprise PCs exposed to attacks for up to 76 days per year. The report is based on anonymized telemetry analyzed across millions of..…
-
Education company Kaplan reports data breach impacting more than 230,000
The educational services company Kaplan told state regulators that at least 230,000 people had Social Security and driver’s license numbers leaked following a cybersecurity incident in the fall of 2025. First seen on therecord.media Jump to article: therecord.media/kaplan-data-breach-hack-notification
-
The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity
6 min readThe Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity/
-
The hidden cost of AI speed: Unmanaged cyber risk
Tags: access, ai, attack, business, chatgpt, ciso, cloud, control, cyber, cybersecurity, data, data-breach, exploit, flaw, google, governance, identity, infrastructure, injection, intelligence, monitoring, open-source, openai, privacy, radius, risk, service, software, threat, tool, vulnerabilityAI isn’t just moving fast. It’s creating new attack paths. Cyber teams must now manage vulnerabilities and their ramifications throughout their IT environments in AI tools deployed without enough governance guardrails. The answer for securing this new attack surface? Unified exposure management. Key takeaways AI as an attack vector: By connecting to core workflows and…
-
Russia-linked malware operation collapses after security failures, developer’s arrest
An Android malware operation that briefly gained traction in Russia appears to have collapsed within months of its launch after security flaws exposed its infrastructure and authorities arrested the suspected developer, researchers said. First seen on therecord.media Jump to article: therecord.media/russia-malware-arrest-clayrat
-
Foster City Cyberattack Disrupts Services, Raises Data Breach Fears
A ransomware attack has disrupted municipal operations in Foster City, California, as officials continue to respond. The Bay Area city, home to roughly 34,000 residents, was forced to suspend most public services after suspicious activity was detected early Thursday morning. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/foster-city-cyberattack/
-
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf.The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that’s consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It’s…
-
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
LAPSUS$ claims it breached AstraZeneca, offering alleged source code, credentials, cloud configs, and employee data for sale in leaked samples. First seen on hackread.com Jump to article: hackread.com/hacker-group-lapsus-astrazeneca-data-breach/
-
Navia data breach impacts nearly 2.7 Million people
Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident. Navia Benefit Solutions is a U.S.-based company that provides…
-
Patch Now: Oracle’s Fusion Middleware Has Critical RCE Flaw
Tags: authentication, data-breach, flaw, identity, oracle, rce, remote-code-execution, service, updateAttackers can execute arbitrary code without authentication if Oracle’s Identity or Web Services Managers are exposed to the Web. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/patch-oracle-fusion-middleware-rce-flaw
-
A French Navy officer accidentally leaked the location of an aircraft carrier by logging his run on Strava
Tags: data-breachA French naval officer went on a run around the deck of the Charles de Gaulle aircraft carrier, inadvertently leaking the warship’s location when he uploaded the workout to Strava. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/a-french-navy-officer-accidentally-leaked-the-location-of-an-aircraft-carrier-by-logging-his-run-on-strava/
-
Reunifying the Cloud: Introducing Aurelian for Multi-Cloud Security Testing
You are one week into a cloud penetration test. The client handed you an AWS access key, pointed you at three Azure subscriptions, and mentioned a GCP project that “someone on the platform team set up last year.” Your objective: find everything that is exposed, misconfigured, or one IAM policy away from a full compromise….…
-
2.7 million hit in workplace benefits data breach exposing SSNs, dates of birth and health account data
Nearly 2.7 million Americans are being notified that their personal data may have been compromised following a cyberattack on Navia Benefit Solutions, a backend benefits administrator that serves over 10,000 employers across the US. The company manages Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), COBRA services and more, meaning millions of people could receive…
-
Navia Confirms Data Breach Exposing Sensitive Information of 2.7 Million Users
Navia Benefit Solutions has confirmed a significant data breach impacting nearly 2.7 million individuals. The incident resulted from unauthorised access to the company’s systems, exposing sensitive personal and health plan information. As a prominent administrator of employee benefits for over 10,000 employers in the United States, Navia holds a vast amount of sensitive data, including…
-
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
Tags: ai, authentication, automation, breach, cloud, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, government, identity, malware, monitoring, password, phishing, ransomware, supply-chain, theft, threat, tool67 / sixseven: 140.4Msweet / cookie / candy / cake / pie: 5.7Mchiefs / kansas city chiefs: 5M2025: 4.1Mapple / banana / orange / strawberry / fruit: 2.6MPassword reuse remains widespread, and the report also identified 1.1 million password manager master passwords circulating in underground sources, raising concerns about vault-level compromise when master credentials are…
-
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
Tags: ai, authentication, automation, breach, cloud, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, government, identity, malware, monitoring, password, phishing, ransomware, supply-chain, theft, threat, tool67 / sixseven: 140.4Msweet / cookie / candy / cake / pie: 5.7Mchiefs / kansas city chiefs: 5M2025: 4.1Mapple / banana / orange / strawberry / fruit: 2.6MPassword reuse remains widespread, and the report also identified 1.1 million password manager master passwords circulating in underground sources, raising concerns about vault-level compromise when master credentials are…
-
Navia discloses data breach impacting 2.7 million people
Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/navia-discloses-data-breach-impacting-27-million-people/
-
Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss
Interlock’s post-exploit toolkit exposed First seen on theregister.com Jump to article: www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
-
Bolster your defenses and close the codecloud gap with Tenable and OX
Tags: access, ai, application-security, attack, business, ciso, cloud, container, control, data, data-breach, defense, detection, endpoint, exploit, framework, identity, infrastructure, intelligence, Internet, risk, service, software, strategy, technology, threat, tool, training, vulnerabilityToday, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is designed to eliminate visibility gaps and accelerate remediation. Key takeaways Bridge…
-
The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat
Most cloud setup errors, 8 out of 10, happen because people slip up, not because code fails.One out of three cloud setups sits empty, ignored by any oversight. A third of online storage spaces get zero attention from monitors.Almost one out of every two hundred storage units on Amazon’s cloud sits open, per a 2024…
-
The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat
Most cloud setup errors, 8 out of 10, happen because people slip up, not because code fails.One out of three cloud setups sits empty, ignored by any oversight. A third of online storage spaces get zero attention from monitors.Almost one out of every two hundred storage units on Amazon’s cloud sits open, per a 2024…
-
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
A misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The discovery shows how financially or personally motivated actors can reuse tradecraft seen in Iranian APT…
-
Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure
Interlock’s post-exploit toolkit exposed First seen on theregister.com Jump to article: www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
-
Everyone Is Deploying AI Agents. Almost Nobody Knows What They’re Doing.
Tags: access, ai, api, attack, ceo, ciso, credentials, data, data-breach, finance, infrastructure, Internet, LLM, risk, service, tool, vulnerability, wafOne constant I hear from CISOs I speak with is that AI agents are not coming. They are already inside organizations, reasoning through goals, selecting tools, and taking action through the same APIs that connect your most sensitive systems. And most security teams have no idea what those agents are doing. The problem Is not…
-
Everyone Is Deploying AI Agents. Almost Nobody Knows What They’re Doing.
Tags: access, ai, api, attack, ceo, ciso, credentials, data, data-breach, finance, infrastructure, Internet, LLM, risk, service, tool, vulnerability, wafOne constant I hear from CISOs I speak with is that AI agents are not coming. They are already inside organizations, reasoning through goals, selecting tools, and taking action through the same APIs that connect your most sensitive systems. And most security teams have no idea what those agents are doing. The problem Is not…
-
FancyBear Server Leak Exposes Stolen Credentials, 2FA Secrets, NATO Targets
Tags: 2fa, breach, credentials, cyber, data-breach, espionage, government, infrastructure, leak, military, russiaFancyBear’s latest operational security failure has exposed a live Russian espionage server packed with stolen credentials, 2FA secrets, and detailed insight into the ongoing targeting of European government and military networks. The exposed infrastructure, tied to APT28/FancyBear and previously reported by CERT”‘UA and Hunt.io, reveals both the scale of the compromises and the carelessness of…