Tag: data-breach
-
How to mitigate the risk of a data breach in non-production environments
Non-production environments are often overlooked when it comes to data security, but they can be just as vulnerable to breaches as production systems. Learn how to keep them protected. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-mitigate-the-risk-of-a-data-breach-in-non-production-environments/
-
8-Minute Access: AI Accelerates Breach of AWS Environment
The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/8-minute-access-ai-aws-environment-breach
-
Iron Mountain: Data breach mostly limited to marketing materials
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iron-mountain-data-breach-mostly-limited-to-marketing-materials/
-
IPIDEA Proxy Network Dismantled: Global Cybercrime and Botnet Risks Exposed
Researchers have found what they believe is one of the world’s largest residential proxy networks: the IPIDEA proxy operation. The action targeted a little-known but deeply embedded component of the online ecosystem that has been quietly enabling large-scale cybercrime, espionage, and botnet activity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ipidea-proxy-residential-network-disruption/
-
IT Security
In a world where businesses are built on digital infrastructure, IT security has become a critical pillar of organizational resilience and trust. From cloud computing and remote workforces to SaaS applications and connected devices, modern IT environments are larger, more complex, and more exposed than ever before. At the same time, cyber threats are growing…
-
Nitrogen Ransomware: ESXi malware has a bug!
Nitrogen ransomware was derived from the previously leaked Conti 2 builder code, and is similar to Nitrogen ransomware, but a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them. This means that even the threat actor is incapable of decrypting them, and that…
-
Why Your WAF Missed It: The Danger of Double-Encoding and Evasion Techniques in Healthcare Security
Tags: access, ai, api, attack, data, data-breach, detection, exploit, governance, hacker, healthcare, intelligence, malicious, risk, technology, threat, tool, wafThe “Good Enough” Trap If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe. But attackers know exactly how your WAF works, and, more importantly, how to trick it. We recently worked…
-
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Have I Been Pwned says Panera Bread ‘s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive…
-
OpenClaw’s Rapid Rise Exposes Thousands of AI Agents to the Public Internet
More than 21,000 OpenClaw AI agents are now publicly exposed, raising security concerns over their action-capable design and extensibility. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openclaws-rapid-rise-exposes-thousands-of-ai-agents-to-the-public-internet/
-
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tags: ai, attack, cloud, compliance, data, data-breach, endpoint, gartner, google, governance, iam, identity, infrastructure, Internet, least-privilege, microsoft, mitigation, network, radius, risk, risk-analysis, service, supply-chain, switch, tool, training, vulnerabilityTenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key takeaways Graph-based multi-cloud exploration: We’ve leveraged our unified data model to provide deep visibility across all cloud environments. You…
-
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using…
-
How risk culture turns cyber teams predictive
Tags: access, compliance, control, credentials, cyber, cybersecurity, data-breach, detection, identity, intelligence, jobs, ransomware, resilience, risk, serviceRisk culture: What it is when you strip the slogans: People talk about culture like it’s soft. Posters. Values. A town hall with applause on cue.Culture is harder. Culture is what people do when nobody is watching, and when the clock is loud. Culture is what gets you the truth at 4 p.m., not at…
-
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/panera-bread-data-breach-impacts-51-million-accounts-not-14-million-customers/
-
Why non-human identities are your biggest security blind spot in 2026
Tags: access, api, breach, cloud, control, credentials, data-breach, github, google, governance, identity, least-privilege, password, service, threat, toolThe three blind spots I keep finding: After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess. Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian…
-
NationStates confirms data breach, shuts down game site
NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nationstates-confirms-data-breach-shuts-down-game-site/
-
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
Tags: attack, authentication, cyber, data-breach, exploit, extortion, hacker, Internet, ransom, ransomware, threatA widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and demand Bitcoin ransoms, turning configuration negligence into a scalable extortion operation. Attack Resurfaces After Years…
-
Exposed MongoDB instances still targeted in data extortion attacks
A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exposed-mongodb-instances-still-targeted-in-data-extortion-attacks/
-
Researcher reveals evidence of private Instagram profiles leaking photos
Tags: data-breachA researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/researcher-reveals-evidence-of-private-instagram-profiles-leaking-photos/
-
Coupang CEO questioned by police investigating obstruction of probe into data breach
Seoul Metropolitan Police, as part of their investigation into the data breach at online retail giant Coupang, brought in acting CEO Harold Rogers. First seen on therecord.media Jump to article: therecord.media/coupang-acting-CEO-questioned-police-investigating-data-breach
-
SoundCloud Data Breach Exposes Nearly 30M User Accounts
A SoundCloud breach affecting 29.8 million accounts exposed email addresses and profile data, increasing phishing risks. The post SoundCloud Data Breach Exposes Nearly 30M User Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-soundcloud-breach-exposes-nearly-30-million-users/
-
Measuring Agentic AI Posture: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
MongoDB Ransomware Is Still Actively Hitting Exposed Databases
MongoDB ransomware remains an active threat, fueled by exposed databases and insecure deployment practices rather than advanced exploits. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/mongodb-ransomware-is-still-actively-hitting-exposed-databases/
-
Breach Roundup: Android RAT Hides Behind Hugging Face
Also, SmarterMail Flaw, Nike Breach Probe, Empire Market Co-Creator Pleads Guilty. This week, researchers exposed an Android RAT abusing Hugging Face. Attackers exploited a SmarterMail flaw. Automakers raised cyber spending. CISA flagged a VMware bug. Microsoft patched Office. An Empire Market co-creator pleaded guilty. Nike probed a breach. First seen on govinfosecurity.com Jump to article:…
-
Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach
The fintech giant said it plans to “seek recoupment of any expenses” from its firewall provider SonicWall after a 2025 data breach exposed customer firewall configurations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/29/fintech-firm-marquis-blames-hack-at-firewall-provider-sonicwall-for-its-data-breach/
-
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast “unmanaged, publicly accessible layer of AI compute infrastructure” that spans 175,000 unique Ollama hosts across 130 countries.These systems, which span both cloud and residential networks across the world, operate outside the First seen…
-
Moltbot Personal Assistant Goes Viral”, And So Do Your Secrets
Early 2026, Moltbot a new AI personal assistant went viral. GitGuardian detected 200+ leaked secrets related to it, including from healthcare and fintech companies. Our contribution to Moltbot: a skill that turns secret scanning into a conversational prompt, letting users ask “is this safe?” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/moltbot-personal-assistant-goes-viral-and-so-do-your-secrets/
-
Data Breaches in America Hit All-Time Record High in 2025
Identity Theft Resource Center Catalogs 3,322 Known US Incidents in 2025. The number of U.S. organizations that reported falling victim to a data breach in 2025 reached an all-time high, while the number of notifications they sent to affected consumers fell sharply, reports the Identity Theft Resource Center’s latest annual breach roundup. First seen on…