Tag: data
-
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that >>hundreds of thousands of stolen secrets could potentially be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/supply-chain-hacks-data-theft/
-
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that >>hundreds of thousands of stolen secrets could potentially be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/supply-chain-hacks-data-theft/
-
Standardize or Suffer: The JCHK Blueprint for MSSPs Defending SMB and SME Clients
Advanced persistent threats don’t discriminate by organization size, they discriminate by defense capability. Nation-state actors and their proxies invest months conducting reconnaissance, moving laterally through networks with surgical patience, and exfiltrating data long before any alert fires. The reality for small and mid-sized businesses and enterprises is particularly brutal: they carry the same exposure.. First…
-
The agentification of Test Data Management is here. Meet the Structural Agent.
Tonic.ai announces the launch of the Structural Agent, an intelligent AI copilot that fuels AI-native software development by transforming how teams configure and provision anonymized test data. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-agentification-of-test-data-management-is-here-meet-the-structural-agent/
-
Medtech giant Stryker fully operational after data-wiping attack
Stryker Corporation, one of the world’s leading medical technology companies, says it’s fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data-wiping-attack/
-
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/github-covert-multi-stage-malware/
-
EvilTokens abuses Microsoft device code flow for account takeovers
A phishing package with post-compromise focus: Beyond the initial access vector, EvilTokens is structured as a full-service phishing platform. The kit provides affiliates with ready-to-use lures, infrastructure, and automation tools designed to carry out both the phishing phase and post-compromise activity.The lures used in the campaign include fake SharePoint document notifications, DocuSign requests, and account…
-
Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm
Tags: breach, cyber, cybersecurity, data, data-breach, defense, group, hacker, international, iran, military, threatThe international cybersecurity community was alerted to a major data breach involving Israeli military infrastructure. Handala, a recognized Iranian nation-state threat actor, claims to have successfully breached PSK Wind Technologies, a key Israeli defense contractor. The incident has resulted in the public release of highly classified military data, representing a significant compromise of sensitive operational…
-
The State of Trusted Open Source Report
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside…
-
OT Cyber Resilience: Strategic Data Protection for IEC 62443 and NIS2 Compliance
Learn how to protect OT systems, ICS, and SCADA infrastructure from ransomware with backup strategies built for legacy, air-gapped industrial environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ot-cyber-resilience-strategic-data-protection-for-iec-62443-and-nis2-compliance/
-
Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders
A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/inside-the-talos-2025-year-in-review-a-discussion-on-what-the-data-means-for-defenders/
-
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
The Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applications, particularly those developed by companies based in China. While the advisory focuses on apps widely used in the United States, the risks highlighted are global and relevant to users worldwide. Apps operating within China’s…
-
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project
The AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company’s systems. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/31/mercor-says-it-was-hit-by-cyberattack-tied-to-compromise-of-open-source-litellm-project/
-
Google’s Vertex AI Is Over-Privileged. That’s a Problem
Palo Alto Networks researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
-
AI Data Quality Risk at the Schema Layer – Liquibase Secure
64% of AI risk lives at the schema layer, not the model. Learn why database governance matters more than model governance for reliable AI systems. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-data-quality-risk-at-the-schema-layer-liquibase-secure/
-
Microsoft Teams to Improve Privacy With EXIF Data Removal Feature
Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF metadata from shared images. These upcoming changes are designed to protect user privacy by default, streamline biometric data management, and enforce modern browser security standards across the platform. For cybersecurity professionals…
-
A Taxonomy of Cognitive Security
Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but”, even better”, Menton has a long essay laying out the basic concepts and ideas. The whole thing is important and well worth reading, and I hesitate to excerpt.…
-
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging they stole sensitive source code and data affecting Cisco, Salesforce, Aura, and various AWS storage buckets. The breach stems from a recent supply chain attack involving…
-
Mazda Data Breach Exposing Employee and Partner Records Via System Vulnerability
Modern enterprises rely heavily on cloud platforms and interconnected systems to manage operations and customer data. While these technologies enable scale and efficiency, they also introduce new risks when configurations are not properly secured. New reporting from Cybersecurity News reveals a data exposure incident involving Mazda, where sensitive data was reportedly left accessible due to…
-
Defending Encryption in the Post Quantum Era
Post-quantum cryptography explained, risks of quantum attacks, and steps to secure data, systems, and infrastructure for a quantum-resilient… First seen on hackread.com Jump to article: hackread.com/defending-encryption-in-the-post-quantum-era/
-
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a powerful toolkit that combines remote access, data theft, surveillance, and even prank-based disruption features. Security researchers identified the campaign in March 2026, noting that the malware is being sold under a subscription model with three pricing…
-
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests
Hackers are increasingly targeting hotel booking workflows to trick travelers into handing over payment details, using a technique that blends real reservation data with convincing social engineering. The message references real booking details such as the hotel name, stay dates, or payment status making it appear legitimate. Instead of raising suspicion, the message feels like…
-
9 ways CISOs can combat AI hallucinations
Tags: access, ai, breach, ciso, compliance, control, corporate, cybersecurity, data, defense, encryption, flaw, framework, GDPR, governance, identity, metric, penetration-testing, regulation, risk, soc, tool, trainingTreat AI outputs as drafts, not finished products: One of the biggest risks is over-trusting AI, according to security experts. Coté says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.”The moment your team starts treating an AI-generated answer as a finished work product, you have…
-
AI Startup Mercor Hit by Supply Chain Attack Linked to LiteLLM
Tags: ai, attack, breach, cyberattack, data, data-breach, malicious, open-source, risk, software, startup, supply-chainA recent Mercor cyberattack has brought renewed attention to the risks associated with open-source software dependencies, after the AI recruiting startup confirmed it was impacted by a broader supply chain compromise. The Mercor data breach, which is still under investigation, has been linked to a malicious incident involving the widely used LiteLLM project. First seen…
-
AI Startup Mercor Hit by Supply Chain Attack Linked to LiteLLM
Tags: ai, attack, breach, cyberattack, data, data-breach, malicious, open-source, risk, software, startup, supply-chainA recent Mercor cyberattack has brought renewed attention to the risks associated with open-source software dependencies, after the AI recruiting startup confirmed it was impacted by a broader supply chain compromise. The Mercor data breach, which is still under investigation, has been linked to a malicious incident involving the widely used LiteLLM project. First seen…
-
Free VPNs leak your data while claiming privacy
Most free Android VPNs track users, request dangerous permissions, and connect to risky servers, privacy comes at a hidden cost. Free VPN apps are some of the most popular downloads on Android, promising privacy at no cost. But the reality is far from what they advertise. Most users tap “install” without a second thought, unaware…
-
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.”No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by human…
-
Google Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Access
Artificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Alto Networks’ Unit 42 recently uncovered a significant vulnerability in Google Cloud Platform’s (GCP) Vertex AI Agent Engine. By exploiting overly broad default permissions, attackers can deploy a malicious >>double agent<< to secretly exfiltrate sensitive data…