Tag: finance
-
Columbia University Data Breach Exposes Personal and Financial Data of 870,000
Columbia University disclosed a significant cybersecurity incident that compromised personal and financial information of nearly 870,000 individuals, making it one of the largest data breaches affecting an educational institution this year. The breach, which occurred between May 16 and June 2025, was discovered on July 8, 2025, and affected individuals were notified on August 7,…
-
Columbia University data breach impacts nearly 870,000 individuals
An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university’s network in May. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/columbia-university-data-breach-impacts-nearly-870-000-students-applicants-employees/
-
Bouygues Telecom Data Breach Exposes 6.4 Million Customer Records
Bouygues Telecom revealed the attackers stole personal data of 6.4 million customers, including contact details, contractual data and international bank account numbers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bouygues-telecom-breach-customer/
-
Silent Guardian of Your Codebase: The Role of SAST
In 2025, the average cost of a data breach reached an alarming Rs 22 Crore; a 13% increase from the previous year. This trend highlights how breaches are not only more frequent and sophisticated but also increasingly costly, putting an organization’s reputation and finances at risk. To combat these threats, companies are investing in robust……
-
What is a CISO? The top IT security leader role explained
Tags: access, authentication, breach, business, ceo, cio, cisa, ciso, compliance, computer, container, control, corporate, credentials, cyber, cybersecurity, data, ddos, defense, dns, encryption, exploit, finance, firewall, framework, fraud, guide, Hardware, healthcare, infosec, infrastructure, intelligence, international, jobs, kubernetes, mitigation, msp, mssp, network, nist, programming, RedTeam, regulation, risk, risk-management, security-incident, service, skills, software, strategy, technology, threat, training, vpn, zero-day, zero-trust. You’ll often hear people say the difference between the two is that CISOs focus entirely on information security issues, while a CSOs remit is wider, also taking in physical security as well as risk management.But reality is messier. Many companies, especially smaller ones, have only one C-level security officer, called a CSO, with IT…
-
Cyberangriff auf ein Öl- und Gasunternehmen in Pakistan
Hackers paralyze PPL IT systems, demand ransom; financial operations suspended for two days First seen on profit.pakistantoday.com.pk Jump to article: profit.pakistantoday.com.pk/2025/08/07/hackers-paralyze-ppl-it-systems-demand-ransom-financial-operations-suspended-for-two-days/
-
Cyberangriff auf ein Öl- und Gasunternehmen in Pakistan
Hackers paralyze PPL IT systems, demand ransom; financial operations suspended for two days First seen on profit.pakistantoday.com.pk Jump to article: profit.pakistantoday.com.pk/2025/08/07/hackers-paralyze-ppl-it-systems-demand-ransom-financial-operations-suspended-for-two-days/
-
Air France, KLM Alert Authorities of Data Breach
While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, phone numbers, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/air-france-klm-data-breach
-
Project Ire: Microsoft’s autonomous AI agent that can reverse engineer malware
Tags: ai, attack, ceo, cloud, compliance, computing, control, cybersecurity, defense, detection, exploit, finance, governance, government, healthcare, infrastructure, LLM, malicious, malware, microsoft, programming, risk, service, siem, soar, soc, software, threat, tool, trainingReal-world testing: In real-world tests on 4,000 “hard-target” files that had stumped automated tools, Project Ire flagged 9 malicious files out of 10 files correctly, and a low 4% false positive rate.This makes Project Ire suitable for organizations that operate in high-risk, high-volume, and time-sensitive environments where traditional human-based threat triage is insufficient.Rawat added that…
-
IRGC-Linked Hackers Target Financial, Government, and Media Organizations
A sophisticated network of hackers with ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) unleashed a barrage of cyber-operations designed to disrupt adversaries, steal sensitive data, and propagate ideological narratives. SecurityScorecard’s STRIKE threat intelligence team analyzed over 250,000 messages from 178 active groups, revealing a highly coordinated digital campaign that mirrored military actions on the…
-
Massive IPTV piracy service with 28,000 channels taken offline
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/massive-illegal-iptv-service-provider-rare-breed-tv-taken-offline/
-
Secrets Management Fireside Chat: Doppler, Financial Times, BODi, and Secureframe
Why a secrets management strategy is now critical for modern security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/secrets-management-fireside-chat-doppler-financial-times-bodi-and-secureframe/
-
New Android Malware Poses as SBI Card and Axis Bank Apps to Steal Financial Data
McAfee’s Mobile Research Team has identified a sophisticated Android malware campaign primarily aimed at Hindi-speaking users in India, masquerading as legitimate financial applications from institutions like SBI Card, Axis Bank, and IndusInd Bank. This operation distributes malicious APKs through dynamically created phishing websites that mimic official banking portals, leveraging real assets such as images and…
-
5 hard truths of a career in cybersecurity, and how to navigate them
Tags: access, ai, application-security, attack, awareness, best-practice, breach, business, cio, ciso, conference, control, cyber, cybersecurity, data-breach, finance, firewall, framework, gartner, identity, ISO-27001, jobs, mitigation, network, regulation, risk, risk-assessment, risk-management, skills, strategy, technology, threat, training, wafCybersecurity teams protect systems but neglect people: After all the effort it takes to break into cybersecurity, professionals often end up on teams that don’t feel welcoming or supportive.Jinan Budge, a research director at Forrester who focuses on enabling CISOs and other technical leaders, believes the way most cybersecurity career paths are structured plays a…
-
Streamlit Vulnerability Exposes Users to Cloud Account Takeover Attacks
A critical security flaw in Streamlit, the popular open-source framework for building data applications, has been discovered that could allow cybercriminals to execute cloud account takeover attacks and manipulate financial data systems. The vulnerability, found in Streamlit’s file upload feature, demonstrates how a simple oversight in client-side validation can lead to devastating consequences for organizations…
-
Top cybersecurity M&A deals for 2025
Tags: 5G, access, ai, api, apple, application-security, attack, automation, awareness, banking, breach, business, ceo, cisco, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, ddos, defense, detection, edr, email, endpoint, finance, firewall, gitlab, government, group, ibm, identity, incident response, infrastructure, intelligence, leak, microsoft, mitigation, network, password, programming, risk, risk-management, saas, service, software, sophos, strategy, supply-chain, technology, threat, tool, training, vulnerability, waf, zero-trustPalo Alto Networks to buy CyberArk for $25B as identity security takes center stage July 30, 2025: Palo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. “We envision Identity Security becoming the next major pillar of our multi-platform strategy, complementing our leadership…
-
India’s Markets Regulator Wants to Ease Rules on Related-Party Deals. Here’s What That Means
India’s capital markets regulator, SEBI (the Securities and Exchange Board of India), has proposed a set of changes to its oversight of related-party transactions (RPTs), the often-sensitive financial dealings between companies and their affiliates. The changes would significantly raise the thresholds for which transactions must be disclosed or approved by shareholders, particularly for large corporations….…
-
Black Hat 2025: Latest news and insights
Tags: access, ai, api, attack, ciso, cloud, conference, crowdstrike, cvss, cyber, cybersecurity, data, defense, email, exploit, finance, firmware, flaw, group, hacker, hacking, identity, Internet, LLM, malicious, malware, reverse-engineering, sap, service, threat, tool, training, update, usa, vulnerability, windowsBlack Hat USAAugust 2-7, 2025Las Vegas, NVBlack Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and othersThe week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range…
-
Noma Raised $100M to Expand Agentic AI Security Platform
Red-Hot Startup Noma Security to Deepen Protection for AI Models and Agents. With agentic AI deployments accelerating, Noma Security’s $100 million Series B will fuel development of risk management and runtime protection features. CEO Niv Braun said demand for securing agentic AI has surged among Fortune 500 firms and healthcare and financial institutions. First seen…
-
How UK SMBs Can Handle Sensitive Information Without Breaking the Law (or the Bank)
How UK SMBs Can Handle Sensitive Information Without Breaking the Law (or the Bank) Introduction Data is the lifeblood of modern businesses, but for small and medium-sized enterprises (SMBs), it can also be a legal, financial, and reputational minefield. Whether you’re a two-person law firm or a 50-employee tech startup, if you’re handling personal, financial,……
-
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash
Criminals used undocumented techniques and well-placed insiders to remotely withdraw money First seen on theregister.com Jump to article: www.theregister.com/2025/08/01/cybercrooks_bribed_lackeys_in_physical/
-
Microsoft Upgrades .NET Bounty Program, Offers Rewards Up to $40,000
Microsoft has announced significant enhancements to its .NET Bounty Program, introducing expanded coverage, streamlined award structures, and substantially increased financial incentives for security researchers. The updated program now offers maximum rewards of USD 40,000 for critical vulnerabilities affecting .NET and ASP.NET Core frameworks, including Blazor and Aspire components. These changes represent Microsoft’s continued commitment to…
-
Over 17,000 SharePoint Servers Found Exposed Online, 840 Vulnerable to Active 0-Day Attacks
Tags: attack, china, cve, cyber, cybersecurity, data-breach, finance, government, healthcare, Internet, microsoft, threat, vulnerability, zero-dayA significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerability, designated CVE-2025-53770 and dubbed >>ToolShell
-
Hackers Connected Raspberry Pi to ATM in Bank Heist Attempt
Runners Hired to Connect Device to Bank’s Network, Facilitating Remote Hacks. Researchers tied a cybercrime group tracked as UNC2891 to an attempted Asia-Pacific bank heist, in which remote attackers physically installed a 4G-enabled Raspberry Pi onto an ATM network switch, giving them remote access to the internal IT environment as part of an attempted cashout…