Tag: data
-
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.”No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement shared with CNBC News. “This was a release packaging issue caused by human…
-
Google Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data Access
Artificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Alto Networks’ Unit 42 recently uncovered a significant vulnerability in Google Cloud Platform’s (GCP) Vertex AI Agent Engine. By exploiting overly broad default permissions, attackers can deploy a malicious >>double agent<< to secretly exfiltrate sensitive data…
-
Malware detectors trained on one dataset often stumble on another
Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/cross-dataset-malware-detection-research/
-
Anthropic employee error exposes Claude Code source
Tags: access, ai, computer, control, credentials, cybercrime, data, data-breach, malicious, open-source, service, technology, tool, vulnerabilityCSO, “no sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”But it wasn’t the first time this had happened; according to Fortune and other news sources, the same thing happened last…
-
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
The AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company’s systems. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/31/mercor-says-it-was-hit-by-cyberattack-tied-to-compromise-of-open-source-litellm-project/
-
Claude Code source code accidentally leaked in NPM package
Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/claude-code-source-code-accidentally-leaked-in-npm-package/
-
Pentagon’s Zero Trust Push Faces a 2027 Reality Check
Analysts Warn Compliance Goals May Outpace Real Security Outcomes. The Pentagon’s zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains. First seen on govinfosecurity.com Jump to…
-
Check Point Research Reveals ChatGPT Data Exfiltration Flaw
A ChatGPT flaw lets a single prompt silently exfiltrate data via DNS, bypassing safeguards. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/check-point-research-reveals-chatgpt-data-exfiltration-flaw/
-
Implantable Orthopedic Device Maker Reports Hack
TriMed Is Among Several Other Medical Device Firms Recently Attacked. A California maker of implantable orthopedic gear is the latest medical device maker in recent weeks to disclose it’s been a victim of a cybersecurity incident. The disclosure of the hack on TriMed comes on the heels of an Iranian hacktivist attack on Stryker and…
-
Synthetic data is all you need for Reinforcement Learning
We used Tonic Fabricate to generate a fully synthetic email corpus, then RL fine-tuned an open-source model against it. The result: it beat o3 on real Enron emails, without ever seeing a real email. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/synthetic-data-is-all-you-need-for-reinforcement-learning/
-
Google’s Vertex AI Has an Over-Privileged Problem
Palo Alto researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
-
Supply chain attack on Axios npm package: Scope, impact, and remediations
Tags: access, api, attack, breach, cloud, control, credentials, crypto, data, data-breach, defense, exploit, incident response, macOS, malicious, malware, open-source, rat, risk, security-incident, software, supply-chain, theft, threat, vulnerability, windowsThe Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeaways This incident is a…
-
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
/run/bigtlog.pipe and /run/bigstart.ltm and makes changes to system binaries, including /usr/bin/umount and /usr/sbin/httpd. Attackers have also been observed modifying the sys-eicheck utility, which relies on RPM integrity checks to verify on-disk executables.Log analysis can reveal patterns related to the attack. The user “f5hubblelcdadmin” accessing the iControl REST API from localhost, SELinux disable commands in auditd…
-
High Court dismisses judicial review against eVisa system
The High Court rules that the Home Office is acting lawfully in refusing to issue alterative proof of immigration status outside of its electronic visa system, but both the judge and the department accepts that those affected by data quality and integrity issues are facing ‘real difficulties’ in their day-to-day lives First seen on computerweekly.com…
-
Iran actors’ claims raise questions about larger cyber threat to US, allies
Questions are being raised about the veracity and tactics of Iran-linked actors, amid claims that a large trove of Lockheed Martin data is on the market. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-actors-claims-cyber-threat-us-allies/816228/
-
Latest Xloader Obfuscation Methods and Network Protocol
Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windowsIntroduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
-
Beyond the Spectacle RSAC 2026 and The 5 Layers of AI Security FireTail Blog
Tags: ai, attack, business, conference, control, cybersecurity, data, detection, edr, framework, LLM, strategy, technology, tool, vulnerability, vulnerability-managementMar 31, 2026 – Jeremy Snyder – If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of “over-the-top” spectacle. A bit of a circus, if I’m being honest.Coming into RSAC 2026, the vibe shifted. The show floor was noticeably…
-
Synthetic Data and GDPR Compliance
The post <b>Synthetic Data and GDPR Compliance</b> appeared first on Sovy. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/03/synthetic-data-and-gdpr-compliance/
-
Panera’s 5.1 Million User Breach: When ‘No Hack’ Becomes a Ransomware Business Model
ShinyHunters leaked 5.1M Panera accounts after extortion failed. Contact data can’t be changed like passwords”, it’s permanent exposure fueling years of scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/paneras-5-1-million-user-breach-when-no-hack-becomes-a-ransomware-business-model/
-
Panera’s 5.1 Million User Breach: When ‘No Hack’ Becomes a Ransomware Business Model
ShinyHunters leaked 5.1M Panera accounts after extortion failed. Contact data can’t be changed like passwords”, it’s permanent exposure fueling years of scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/paneras-5-1-million-user-breach-when-no-hack-becomes-a-ransomware-business-model/
-
Iran actors claims raise questions about larger cyber threat to U.S., allies
Iran-linked group offers to sell data it claims to have stolen from Lockheed Martin. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-actors-claims-cyber-threat-us-allies/816228/
-
Health data giant CareCloud says hackers accessed patients’ medical records
CareCloud, a major provider of medical records storage, said hackers accessed one of its repositories of patient data earlier in March. It provides technnology for more than 45,000 providers covering millions of patients. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/31/carecloud-breach-hackers-accessed-patients-medical-records-ehr/
-
Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident
Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused some customers to see other users’ account activity within the app, prompting the bank to…
-
New criminal service plans to monetize data stolen by ransomware gangs
A site called Leak Bazaar pitches itself as something closer to a data-processing business than a typical hacking or ransomware-as-a-service operation. First seen on therecord.media Jump to article: therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
Hackers Poison Axios npm Package with 100 Million Weekly Downloads
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide. First seen on hackread.com Jump to article: hackread.com/hackers-poison-axios-npm-package-100m-downloads/
-
CareCloud Incident Exposes Patient Data, Disrupts EHR Systems
CareCloud breach exposed patient data and disrupted EHR systems, highlighting growing SaaS security risks in healthcare. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/carecloud-incident-exposes-patient-data-disrupts-ehr-systems/
-
Backup Day puts the focus on data protection
World Backup Day provides the channel with a chance to encourage customers to get on top of problems around storing their data correctly and safely, especially in the age of AI First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366640805/Backup-Day-puts-the-focus-on-data-protection