Tag: data
-
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
Right to view: LinkedIn will doubtless point out to the Austrian Data Protection Authority that all users, including free subscribers, can opt out of having their profile visit made visible by toggling off the feature in Settings/Visibility tab/’Visibility when viewing other profiles’. Then each visit a user makes to another profile is recorded as one…
-
Breach Roundup: Microsoft Edge Turns Passwords Into Targets
Tags: attack, breach, data, data-breach, ddos, government, ivanti, microsoft, north-korea, password, scamAlso, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence. This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another…
-
Data residency becomes the GCC’s next AI battleground
As sovereign AI strategies accelerate across the Gulf, organisations are shifting their focus from ‘how do we use AI?’ to ‘where does the data live?’, turning data residency into a strategic differentiator rather than a compliance exercise First seen on computerweekly.com Jump to article: www.computerweekly.com/feature/Data-residency-becomes-the-GCCs-next-AI-battleground
-
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Tags: cloud, container, credentials, cve, cybersecurity, data, data-breach, exploit, finance, framework, infrastructure, service, theft, wormCybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments.”The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting First seen on thehackernews.com Jump to article:…
-
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/legacy-security-tools-are-failing/
-
Cyber Blind Spots: The hidden technology that poses the greatest security risk
By Peter Villiers, Director of Cyber Risk at Barrier Networks There’s a growing risk across the UK’s Critical National Infrastructure (CNI) that is placing the country at serious risk of disruption. It isn’t ransomware or a headline-grabbing data breach. It sits within the systems that keep the country running. The risk is growing over time,…
-
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Your security controls aren’t failing, they’re missing where most of today’s work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-browser-is-breaking-your-dlp-how-data-slips-past-modern-controls/
-
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
Not everyone agrees that the problem requires AI: Some practitioners argue that much of the challenge can still be solved through deterministic engineering approaches rather than AI.”With a good understanding of both schemas, it’s just a body of work,” said Rahul Yadav, founder of cybersecurity firm CyberEvolve.Xu disagreed that rule translation can be reduced to…
-
Why Outdated Maintenance Software Is a Growing Ransomware Risk
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers. First seen on hackread.com Jump to article: hackread.com/outdated-maintenance-software-growing-ransomware-risk/
-
Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web
Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds”, and in thousands of cases, spill highly sensitive data onto the public internet. First seen on wired.com Jump to article: www.wired.com/story/thousands-of-vibe-coded-apps-expose-corporate-and-personal-data-on-the-open-web/
-
CISOs: Align cyber risk communication with boardroom psychology
Tags: breach, business, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, psychology, resilience, risk, threat, updateStop reporting risk as a technical status update: Executives do not need a master class in threat modeling. They need to know what the business stands to lose.Risk has to be framed in terms boards already use to weigh other enterprise decisions: financial exposure, operational disruption, compliance consequences, legal risk and the cost of delay.…
-
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence…
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
Salesforce Marketing Cloud Vulnerabilities Expose Cross-Tenant Subscriber Data Risks
A recently disclosed set of vulnerabilities in Salesforce Marketing Cloud, widely known as SFMC, has drawn attention to the security risks tied to centralized marketing infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/salesforce-sfmc-ampscript-vulnerability/
-
Malicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto Wallets
Malicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI and infrastructure libraries with a heavily protected infostealer payload, making it hard for developers and traditional security tools to spot. Packages IR.DantUI, IR.OscarUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core,…
-
Data Security Posture Management: Datensicherheit mit KI Sensible Informationen automatisch finden und schützen
Moderne DSPM-Lösungen verschaffen Unternehmen Transparenz über ihre sensiblen Daten und die Risiken, denen sie ausgesetzt sind. Eine Schlüsselrolle spielt dabei KI: Sie ermöglicht es, große und verteilte Datenbestände weitgehend automatisiert zu klassifizieren. First seen on ap-verlag.de Jump to article: ap-verlag.de/data-security-posture-management-datensicherheit-mit-ki-sensible-informationen-automatisch-finden-und-schuetzen/104214/
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
A DOD contractor’s API flaw exposed military course data and service member records
Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. First seen on cyberscoop.com Jump to article: cyberscoop.com/schemata-dod-contractor-api-flaw-military-data-exposure/
-
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…
-
ESecurity-Spezialist Seppmail beruft neuen CEO und stärkt Fokus auf ESecurity und Data-Sovereignty
Seppmail, ein führender Anbieter von Lösungen für sichere E-Mail-Kommunikation, startet mit einem neuen CEO in die nächste Wachstumsphase. Zum 15. April 2026 hat Marcus Zeidler die Position des Chief Executive Officer übernommen und tritt damit die Nachfolge von Gründer Stefan Klein an. Gemeinsam mit LEA Partners, einem führenden Partner für B2B-SaaS-Unternehmen, wird Seppmail den eingeschlagenen…
-
Cloud and data sovereignty caught in a paradox
We asked the hyperscalers how they would respond to US court-ordered eavesdropping on foreign citizen data and got responses that highlight a paradoxical situation First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642487/Cloud-and-data-sovereignty-caught-in-a-paradox
-
Salat Malware Abuses QUIC and WebSockets for Stealthy C2 Control
A powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSocket command-and-control (C2) channel and resilient blockchain-backed infrastructure. Written in Go, it supports remote shell access, desktop and webcam streaming, keylogging, clipboard theft, browser and crypto”‘wallet data theft, and SOCKS5-based pivoting, giving operators interactive…
-
Kooperation für mehr Souveränität – G Data, Ikarus und Securepoint schließen Security-Allianz
Tags: dataFirst seen on security-insider.de Jump to article: www.security-insider.de/g-data-ikarus-und-securepoint-schliessen-security-allianz-a-ce7ff2f71c78683a0fb11d95b9219139/
-
Salesforce Marketing Cloud Vulnerability Exposes Email Data Risk
Salesforce Marketing Cloud (SFMC) recently patched a cluster of high”‘impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised marketing clouds to deliver branded, trackable campaigns at massive scale. SFMC (formerly ExactTarget) is one of the dominant platforms, powering dynamic…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
Argo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes Secrets
A critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisation and data-masking gap within the platform. According to the disclosure, this exposure primarily affects environments…
-
Ransomware Gang Member Linked to Russian Cybercrime Group Sentenced to Prison
A Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft and extortion campaigns against over 54 organizations worldwide between June 2021 and August 2023. The…