Tag: data
-
Hydra Saiga Espionage Campaign Targets Critical Utilities Using Telegram C2 for Data Theft
Hydra Saiga is running a long-running espionage campaign that abuses Telegram as command-and-control (C2) to infiltrate critical utilities in Central Asia and exfiltrate sensitive data from government and infrastructure networks. The first known Hydra Saiga activity dates to December 2024, when an executable named “Letter from the Permanent Representative of Turkmenistan to the UN addressed…
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
AI Shocks the Cybersecurity Market
Tags: ai, business, compliance, crowdstrike, cybersecurity, data, defense, detection, governance, identity, incident response, intelligence, ml, okta, risk, service, software, threat, tool, update, vulnerabilityThe cybersecurity market was jolted last week after Anthropic dropped a bombshell announcement. The company’s new AI Claude model identified 500 previously unknown high-risk vulnerabilities hidden in widely used software. That is not a minor milestone. It is a technically significant achievement and a clear demonstration of how quickly AI capabilities are advancing. What came…
-
AI Shocks the Cybersecurity Market
Tags: ai, business, compliance, crowdstrike, cybersecurity, data, defense, detection, governance, identity, incident response, intelligence, ml, okta, risk, service, software, threat, tool, update, vulnerabilityThe cybersecurity market was jolted last week after Anthropic dropped a bombshell announcement. The company’s new AI Claude model identified 500 previously unknown high-risk vulnerabilities hidden in widely used software. That is not a minor milestone. It is a technically significant achievement and a clear demonstration of how quickly AI capabilities are advancing. What came…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Marquis Sues SonicWall Over 2025 Firewall Data Breach
Tags: attack, authentication, backup, breach, cloud, credentials, data, data-breach, firewall, flaw, ransomware, softwareLawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis. Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits. First seen…
-
Medical device maker UFP Technologies warns of data stolen in cyberattack
American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medical-device-maker-ufp-technologies-warns-of-data-stolen-in-cyberattack/
-
FTC says it won’t enforce COPPA against proper use of age verification tools
The Federal Trade Commission (FTC) on Wednesday issued a policy statement advising industry that it will not bring enforcement actions against website and online service providers who collect, use and share personal data using age verification technologies. First seen on therecord.media Jump to article: therecord.media/ftc-says-it-wont-enforce-coppa-age-verification
-
ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump
ShinyHunters allegedly leaked 12.4 million CarGurus records, exposing personal and financing data and raising risks of phishing and data extortion attacks. The post ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-shinyhunters-cargurus-data-leak-12-million-records/
-
Medical Device Maker Reports Data Theft Hack to SEC
Attack Spotlights Threats, Risks Facing Healthcare Supply Chain. UFP Technologies, a Massachusetts-based maker of single-use medical devices and other healthcare supplies, has notified the U.S. Securities and Exchange Commission of a cyber incident discovered on Valentine’s Day that involved the theft or destruction of company data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medical-device-maker-reports-data-theft-hack-to-sec-a-30847
-
Informatica Test Data Management pros and cons: a complete guide
Informatica has long been a dominant force in enterprise data management. But the landscape is changing. Learn how its shift to cloud-only impacts its viability as a test data management tool. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/informatica-test-data-management-pros-and-cons-a-complete-guide/
-
Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach
A breach of TriZetto software first described by counties in Oregon affected millions of Americans overall, according to public data released this week by the company. First seen on therecord.media Jump to article: therecord.media/trizetto-healthcare-tech-company-data-breach-update
-
Randall Munroe’s XKCD ‘Chemical Formula’
Tags: datavia the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/02/randall-munroes-xkcd-chemical-formula/
-
Beyond the Perimeter: Anti Data Exfiltration is the New Cybersecurity Standard
We all know the old >>castle and moat<< approach to network security is failing. BlackFog CEO Darren Williams sat down with Alan Shimel to talk about why traditional data loss prevention (DLP) struggles in today's hybrid environments. The reality is that legacy DLP requires far too much manual data classification and relies on a network..…
-
Police created ‘intelligence profile’ of BBC journalist subject to phone surveillance
Police and MI5 conducted seven unlawful operations to obtain phone data relating to former BBC journalist Vincent Kearney, the Investigatory Powers Tribunal heard today First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639366/Police-created-intelligence-profile-of-BBC-journalist-subject-to-phone-surveillance
-
Modern Vulnerability Management in the Age of AI
<div cla Vulnerability management today is not failing because teams stopped scanning. It’s failing because the ground underneath it shifted. The approach we’ve relied on, complete advisory data, upstream fixes on demand, and fast upgrades, no longer holds up. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/modern-vulnerability-management-in-the-age-of-ai/
-
NDSS 2025 On Borrowed Time Preventing Static Side-Channel Analysis
Tags: attack, conference, control, data, exploit, Internet, network, side-channel, technology, threatSession 13C: Side Channels 2 Authors, Creators & Presenters: Robert Dumitru (Ruhr University Bochum and The University of Adelaide), Thorben Moos (UCLouvain), Andrew Wabnitz (Defence Science and Technology Group), Yuval Yarom (Ruhr University Bochum) PAPER On Borrowed Time — Preventing Static Side-Channel Analysis In recent years a new class of side-channel attacks has emerged. Instead…
-
PowerSchool, Chicago Public Schools to settle student data privacy lawsuit for $17 million
In addition to the $17.25 million payout, which will be split between more than 10 million potential class members, the settlement requires PowerSchool to establish a “web governance” committee to monitor certain actions. First seen on therecord.media Jump to article: therecord.media/powerschool-cps-settle-proposed-class-action
-
ShinyHunters Claims Odido NL and Ben.nl Breach as Company Confirms Cyberattack
ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data. First seen on hackread.com Jump to article: hackread.com/shinyhunters-odido-nl-ben-nl-breach-confirm-cyberattack/
-
Medical device firm UFP says backup data systems deployed following cyberattack
In a filing with U.S. regulators, Massachusetts-based medical device manufacturer UFP Technologies said intruders possibly stole or destroyed company data during an incident earlier in February. First seen on therecord.media Jump to article: therecord.media/ufp-technologies-medical-devices-sec-filing-cyberattack
-
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
OpenClaw has sparked heavy Telegram and dark web chatter, but Flare’s data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-of-chatter-from-open-source-deep-and-dark-web/
-
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outdated when systems receive updates. If you’ve ever tried to analyze a memory dump only…
-
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications. First seen on thehackernews.com Jump…
-
Querying the free DNSBLs via Oracle? Move to Spamhaus Technology’s free Data Query Service
If you’re using the free DNS Blocklists (DNSBLs) through the Public Mirrors while running on Oracle’s network, you’ll need to make a few small adjustments to your email setup. These changes are simple to apply, but if you don’t take action, you risk having some – or even all – of your email blocked after…
-
Poisoning AI Training Data
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs.” Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my…
-
Wynn Resorts takes attacker’s word for it that stolen staff data was deleted
Security pros question assurances as company offers staff credit monitoring First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/wynn_resorts_shinyhunters/
-
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S.,…
-
Reddit fined $19.5 million for failing to protect children’s personal data
The UK’s Information Commissioner’s Office (ICO) has fined Reddit $19.5 million after finding that the company failed to use children’s personal information lawfully, exposing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/uk-reddit-children-privacy-fine/
-
CISA Issues Alert on Active Exploitation of FileZen Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese vendor Soliton Systems K.K. The flaw, tracked as CVE-2026-25108, is classified as an OS Command…