Tag: data

Overly permissive ‘guest’ settings put Salesforce customers at risk

Mar 11, 2026 1:49 PM

Tags: access, api, attack, ceo, credentials, data, least-privilege, risk, strategy

Why Salesforce environments make tempting targets: Salesforce deployments are particularly attractive because of the sensitive data they hold and the complexity of their access models.”Salesforce instances often contain highly sensitive customer data, including credentials and secrets that can be used for lateral movement,” said Vincenzo Lozzo, CEO and cofounder of SlashID. At the same time,…
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Mar 11, 2026 12:49 PM

Tags: access, advisory, cisa, control, credentials, data, endpoint, exploit, firewall, flaw, infrastructure, kev, remote-code-execution, software, switch, update, vulnerability

Exposure spans campus to data center switching: The vulnerabilities affect AOS-CX software across four active version branches, spanning entry-level campus switches to data center-class hardware. Versions that reached the end of support before the advisory’s publication are also expected to be vulnerable, the advisory said. Organizations running AOS-CX 10.17.0001 and below, 10.16.1020 and below, 10.13.1160…
A 5-step approach to taming shadow AI

Mar 11, 2026 12:49 PM

Tags: ai, api, business, communications, compliance, control, data, defense, finance, framework, governance, incident response, monitoring, network, nist, risk, risk-assessment, risk-management, service, strategy, technology, tool

thought work happened and how it actually does today.Here’s a five-step approach to put a robust AI-risk management framework in place: Employees often use public model APIs, browser-based prompt tools and unsanctioned or ungoverned internal chatbots to boost productivity without considering the risk of exposing sensitive data.AI usage is not difficult to identify; you just need…
Cyber-Attacks on UK Firms Increase at Four Times Global Rate

Mar 11, 2026 12:49 PM

Tags: attack, cyber, data

Check Point data shows attack volumes are growing much faster in the UK than worldwide First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyberattacks-uk-firms-increase/
Your Data Lake Is Turning Into a Junk Drawer? Here’s How to Clean It Up

Mar 11, 2026 10:46 AM

Tags: data, organized

Data lakes start organized but can turn into dumping grounds. Learn the signs of data lake clutter and simple steps to clean it up without rebuilding. First seen on hackread.com Jump to article: hackread.com/data-lake-turning-junk-drawer-how-to-clean-it-up/
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
Trojanized Red Alert App Targets Israeli Users in SMS Scam to Steal Sensitive Data

Mar 11, 2026 8:47 AM

Tags: android, cyber, data, mobile, scam, service, smishing, spyware

A mobile spyware campaign abusing a trojanized version of the Red Alert rocket warning Android app to target Israeli users via SMS smishing messages that impersonate official Home Front Command alerts. The fake app keeps full rocket alert functionality so it looks and behaves like the legitimate service while silently exfiltrating sensitive data in the…
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Mar 11, 2026 7:47 AM

Tags: ai, cybersecurity, data, exploit, malicious, rust, threat

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.The Rust packages, published to crates.io, are listed below -chrono_anchordnp3timestime_calibratortime_calibratorstime-syncThe crates, per Socket, impersonate timeapi.io and were published between late February and early March First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html
MCP Authentication and Authorization Patterns

Mar 11, 2026 5:48 AM

Tags: authentication, data, identity

6 min readIn MCP, every request comes from a nonhuman identity: an agent, server or tool. These identities don’t act under direct human oversight. They generate requests dynamically, chain operations and carry data across trust boundaries. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/mcp-authentication-and-authorization-patterns/
Jack & Jill went up the hill, and an AI tried to hack them

Mar 11, 2026 5:48 AM

Tags: access, ai, attack, authentication, data, email, endpoint, exploit, hacking, injection, jobs, phishing, RedTeam, service, social-engineering, strategy, tool, vulnerability

get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
Jack & Jill went up the hill, and an AI tried to hack them

Mar 11, 2026 5:48 AM

Tags: access, ai, attack, authentication, data, email, endpoint, exploit, hacking, injection, jobs, phishing, RedTeam, service, social-engineering, strategy, tool, vulnerability

get_or_create_company” endpoint that determines from a user’s email domain whether it should create a new company on the platform or associate them with an existing company to auto-join CodeWall’s account. Thanks to the bug that failed to check user roles when onboarding, it then obtained full org admin privileges and was able to access team…
Middle East Conflict Highlights Cloud Resilience Gaps

Mar 11, 2026 5:48 AM

Tags: attack, cloud, cyberattack, data, government, middle-east, resilience

Data centers, used by both governments and militaries for operations, are now fair game, not just for cyberattacks, but for kinetic attacks as well. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps
Can AI-driven cloud security fully protect data

Mar 11, 2026 12:47 AM

Tags: ai, cloud, cybersecurity, data, intelligence, technology

How Can Non-Human Identities Transform AI-Driven Cloud Security? Have you ever pondered the pivotal role machine identities, or Non-Human Identities (NHIs), play in enhancing AI-driven cloud security and data protection? With technology evolves, the intersection between cybersecurity and artificial intelligence becomes increasingly critical. NHIs are often the unsung heroes in securing the cloud environment, ensuring……
Cal AI, New Owner of MyFitnessPal, Hit by Alleged Breach of 3 Million Users

Mar 10, 2026 11:48 PM

Tags: ai, breach, data, data-breach, email, hacker

Cal AI faces data breach claims after hackers post alleged data of 3 million users, including emails, health details, and subscriptions. First seen on hackread.com Jump to article: hackread.com/cal-ai-myfitnesspal-data-breach-3m-users/
AI Startup Jazz Secures $61M to Rethink Data Loss Prevention

Mar 10, 2026 11:48 PM

Tags: ai, cybersecurity, data, risk, startup, threat

Startup Exits Stealth Targeting Insider Risk, Shadow AI and GenAI Data Exposure. Cybersecurity startup Jazz has raised $61 million with an AI-driven approach to data loss prevention. Its platform deploys agent investigators that analyze data context, users, systems and processes to detect insider threats and risky AI usage more accurately than legacy rule-based tools. First…
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Mar 10, 2026 10:48 PM

Tags: access, ai, attack, authentication, best-practice, cve, cyber, data, dos, exploit, flaw, identity, infrastructure, iot, linux, microsoft, mobile, office, rce, remote-code-execution, service, sql, tool, update, vulnerability, windows

8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack

Mar 10, 2026 10:48 PM

Tags: attack, data, finance, microsoft

Could steal sensitive personal and financial data First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/zeroclick_microsoft_info_disclosure_bug/
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!

Mar 10, 2026 9:48 PM

Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-day

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
Threat intelligence by ESET is a game changer

Mar 10, 2026 9:48 PM

Tags: ai, business, ciso, cybersecurity, data, detection, edr, exploit, identity, india, intelligence, phishing, service, social-engineering, threat, vulnerability, zero-day

The Advent of AI Ransomware detections in India surged by 70% between the second half of 2024 and the first half of 2025 as per ESET’s Telemetry. Phishing remains the most prevalent cyberthreat affecting Indian users, underscoring the ongoing need for vigilance and education around social engineering tactics.Attacks are increasing on edge systems and appliances as…
The CSO role is evolving fast with AI in Cyber Defense strategy

Mar 10, 2026 9:48 PM

Tags: ai, cyber, data, defense, strategy

First seen on csoonline.com Jump to article: www.csoonline.com/article/4143188/the-cso-role-is-evolving-fast-with-ai-in-cyber-defense-strategy.html
The CSO role is evolving fast with AI in Cyber Defense strategy

Mar 10, 2026 9:48 PM

Tags: ai, cyber, data, defense, strategy

First seen on csoonline.com Jump to article: www.csoonline.com/article/4143188/the-cso-role-is-evolving-fast-with-ai-in-cyber-defense-strategy.html
DOGE employee stole Social Security data and put it on a thumb drive, report says

Mar 10, 2026 9:48 PM

Tags: data

A whistleblower is accusing a former DOGE member of stealing a large number of Americans’ personal data while he was working at the Social Security Administration, with the plan of using it at his new job. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/
Attackers exploit FortiGate devices to access sensitive network information

Mar 10, 2026 9:48 PM

Tags: access, breach, corporate, credentials, data, exploit, network, service, vulnerability

Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…
Salesforce Sounds Alarm Over Fresh Data Extortion Campaign

Mar 10, 2026 9:48 PM

Tags: access, cybercrime, data, exploit, extortion, google, ransom, service, tool, vulnerability

CRM-Obsessed ShinyHunters Gang Exploits Misconfigured Customer Experience Portals. A prolific and noisy cybercrime gang with a penchant for stealing Salesforce customers’ data and holding it ransom is taking advantage of misconfigured guest accounts meant to provide public access to services meant to remain private, using a Google scanning tool to identify vulnerable accounts. First seen…
ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data

Mar 10, 2026 8:46 PM

Tags: breach, data, hacker, leak, ransom

ShinyHunters claims to have stolen data from 400 firms via Salesforce portals and is threatening to leak the information unless ransom demands are paid. First seen on hackread.com Jump to article: hackread.com/shinyhunters-hackers-threat-stolen-salesforce-data/
Data Diodes Have Become Essential to Modern OT Cybersecurity

Mar 10, 2026 8:46 PM

Tags: attack, control, cybersecurity, data, Hardware, infrastructure

Segmentation Mandates Make One-Way Data-Flow Architectures Essential Data diodes are re-emerging as a preferred control as IT-OT convergence expands the industrial attack surface and regulators tighten segmentation mandates. Hardware-enforced, one-way data flow offers provable isolation for critical infrastructure and growing executive accountability. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/data-diodes-have-become-essential-to-modern-ot-cybersecurity-p-4063
OpenAI Acquires Security Startup Promptfoo to Fortify AI Agents

Mar 10, 2026 5:47 PM

Tags: ai, business, data, finance, intelligence, openai, startup

OpenAI has snapped up Promptfoo, a specialized artificial intelligence (AI) security startup, to bolster the safety of autonomous digital workers and convince enterprise clients that AI co-workers are ready for high-stakes business environments. OpenAI did not disclose financial terms of the transaction. PitchBook data indicates Promptfoo was valued at $119 million following a $22 million..…
‘BlackSanta’ EDR Killer Targets HR Workflows

Mar 10, 2026 4:46 PM

Tags: data, edr, malware, russia

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/blacksanta-edr-killer-hr-workflows
Ericsson Breach Exposes Data of 15k Employees and Customers

Mar 10, 2026 4:46 PM

Tags: breach, data, data-breach, service

Ericsson data breach affects 15k employees/customers after third-party service provider compromise First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ericsson-breach-exposes-data-15k/
Inference protection for LLMs: Keeping sensitive data out of AI workflows

Mar 10, 2026 3:48 PM

Tags: ai, data, LLM, privacy

Inference protection is a preventive approach to LLM privacy that stops sensitive data from ever reaching AI models. Learn how de-identification enables secure, compliant AI workflows with unstructured text. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/inference-protection-for-llms-keeping-sensitive-data-out-of-ai-workflows/