Tag: data-breach
-
Cloudflare Pingora Flaws Enable Request Smuggling and Cache Poisoning Attacks
Tags: advisory, attack, cve, cyber, data-breach, flaw, Internet, network, open-source, vulnerabilityIn a recent security advisory, Cloudflare disclosed multiple HTTP request smuggling and cache poisoning vulnerabilities in its open-source Pingora framework. Tracked under the identifiers CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836, these flaws specifically impact standalone Pingora deployments that are exposed directly to the internet as ingress proxies. Cloudflare has explicitly confirmed that its own Content Delivery Network…
-
iPhone Hacking Toolkit Tied to Russian Espionage May Have Originated in the U.S.
A highly advanced iPhone hacking toolkit, originally developed for Western intelligence agencies, has leaked into the hands of Russian spies and Chinese cybercriminals. The exploit framework, known internally as >>Coruna,<< was likely created by Trenchant, the hacking and surveillance division of U.S. defense contractor L3Harris. This major breach demonstrates how strictly controlled military cyber weapons…
-
Ericsson US Unit Reports Data Breach Tied To Third-Party Service Provider
Ericsson reached out to employees and customers in the U.S. whose data was breached via a service provider last April to offer security services. First seen on crn.com Jump to article: www.crn.com/news/security/2026/ericsson-u-s-unit-reports-data-breach-tied-to-third-party-service-provider
-
What is the Salesforce GraphQL Exploit and What You Should Do
Salesforce GraphQL exploit exposed misconfigured guest data in Experience Cloud. Learn how it happened and how to prevent exposure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/what-is-the-salesforce-graphql-exploit-and-what-you-should-do/
-
Ericsson US discloses data breach after service provider hack
Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ericsson-us-discloses-data-breach-after-service-provider-hack/
-
Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients
A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare…
-
TriZetto Provider Solutions Breach Hits 3.4 Million Patients
Billing services provider TriZetto Provider Solutions has begun notifying millions of patients about a data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/trizetto-provider-solutions-breach/
-
Cognizant TriZetto breach exposes health data of 3.4 million patients
TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cognizant-trizetto-breach-exposes-health-data-of-34-million-patients/
-
900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks
A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub. First seen on hackread.com Jump to article: hackread.com/certificates-fortune-500-gov-exposed-key-leaks/
-
LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability. The post LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lexisnexis-breach-3-9m-records-react-vulnerability/
-
LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability. The post LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-lexisnexis-breach-3-9m-records-react-vulnerability/
-
Breaches Up, Number of Victims Down, Impact Stronger
The number of data breach victims may have dropped last year, but that’s only because bad actors are getting better at what they do, prioritizing quality over quantity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/breaches-up-number-of-victims-down-impact-stronger/
-
AVideo Platform Vulnerability Allows Hackers to Hijack Streams via Zero-Click Command Injection
A highly critical security flaw has been disclosed in the AVideo platform, leaving media servers exposed to complete system takeover. Tracked as CVE-2026-29058, this zero-click, unauthenticated operating system command injection vulnerability allows hackers to hijack streams and remotely execute malicious shell commands. The flaw carries a maximum critical severity score of 9.8 out of 10.…
-
The Silent Supply Chain: Why Your Fourth-Party Vendor is Your Biggest Blindspot
The CDK Global breach exposed how niche vendors can cripple entire industries. Move beyond questionnaires to continuous, AI-driven monitoring of third-, fourth- and nth”‘party dependencies, dynamic prioritization, and threat”‘informed supply”‘chain risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-silent-supply-chain-why-your-fourth-party-vendor-is-your-biggest-blindspot/
-
The Top 5 Questions: How DSPM Illuminates the Murky World of Multi-Cloud Data Security
Tags: access, ai, api, attack, breach, cloud, compliance, computing, container, control, corporate, cryptography, cyber, data, data-breach, detection, encryption, exploit, firewall, intelligence, mitigation, monitoring, PCI, resilience, risk, risk-assessment, service, software, strategy, tactics, threat, tool, vulnerabilityThe Top 5 Questions: How DSPM Illuminates the Murky World of Multi-Cloud Data Security andrew.gertz@t“¦ Thu, 03/05/2026 – 16:09 Multi-cloud data security threats are escalating at an unprecedented rate. According to Forrester and the 2025 Thales Global Cloud Data Security Study, the primary drivers of multi-cloud risks are: growing complexity, insufficient access controls, and the…
-
Cisco issues emergency patches for critical firewall vulnerabilities
root access to the device.”And CVE-2026-20131 is described thusly: “An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”There are no workarounds for either…
-
Cisco issues emergency patches for critical firewall vulnerabilities
root access to the device.”And CVE-2026-20131 is described thusly: “An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”There are no workarounds for either…
-
New MongoDB Vulnerability Allows Attackers to Crash Servers, Exposing Critical Data
Cato CTRL’s senior security researcher, Vitaly Simonovich, has uncovered a high-severity dos vulnerability in MongoDB, tracked as CVE-2026-25611, that lets unauthenticated attackers crash any exposed MongoDB server.”‹ CVE-2026-25611 is rooted in MongoDB’sOP_COMPRESSED wire protocol, a compression feature introduced in version 3.4 and enabled by default since version 3.6. The flaw is classified underCWE-405 (Asymmetric Resource Consumption),…
-
Discover Exposed AI Infrastructure with Indusface WAS
Indusface WAS now detects exposed AI servers like Ollama across your attack surface, helping security teams identify publicly accessible AI infrastructure early. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/discover-exposed-ai-infrastructure-with-indusface-was/
-
Discover Exposed AI Infrastructure with Indusface WAS
Indusface WAS now detects exposed AI servers like Ollama across your attack surface, helping security teams identify publicly accessible AI infrastructure early. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/discover-exposed-ai-infrastructure-with-indusface-was/
-
Europol Operation Seizes LeakBase Data Breach Site
A global operation has resulted in the takedown of popular cybercrime forum LeakBase First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/europol-seizes-leakbase-data/
-
LeakBase cybercrime forum with 142,000 users taken down in global operation
LeakBase, an open-web cybercrime forum facilitating the trade of leaked databases and “stealer logs” containing stolen credentials, has been taken down in an international law … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/europol-leakbase-forum-takedown/
-
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk
GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/2622-valid-certificates-exposed-a-google-gitguardian-study-maps-private-key-leaks-to-real-world-risk/
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
The Instagram API Scraping Crisis: When ‘Public’ Data Becomes a 17.5 Million User Breach
17.5 million Instagram accounts leaked through API scraping. Meta denies breach, but your data is on the dark web. Here’s what actually happened. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-instagram-api-scraping-crisis-when-public-data-becomes-a-17-5-million-user-breach/
-
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/