Tag: security-incident
-
Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/cisco-sd-wan-cve-2026-20262-exploited/
-
Maine Shuts Down Breach Reporting Portal Following Fake VRChat and Discord Submissions
The Office of the Maine Attorney General has temporarily taken its public data breach reporting portal offline following the discovery of fraudulent submissions falsely claiming security incidents at VRChat and Discord. The incident, disclosed in an official statement on June 12, 2026, highlights growing concerns over the integrity and potential abuse of publicly accessible breach…
-
Japanese energy firm loses drive with data of 10.9 million clients
Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/japanese-energy-firm-loses-drive-with-data-of-109-million-clients/
-
Mehr als die Hälfte der europäischen Unternehmen hat im vergangenen Jahr einen Sicherheitsvorfall durch nicht-menschliche Identitäten erlebt
Keeper Security weist heute auf eine erhebliche Lücke in der Governance hin: Unternehmen weiten den Einsatz von KI-gesteuerten und nicht-menschlichen Identitäten aus, ohne über die erforderlichen Kontrollmechanismen zu verfügen, um deren Sicherheit zu gewährleisten. Erkenntnisse aus einer Umfrage unter Cybersicherheitsexperten auf der Infosecurity Europe 2026 in London zeigen, dass KI-Agenten und nicht-menschliche Identitäten mittlerweile fest…
-
Mackay Sugar Security Incident Forces Mill Shutdowns and Halts Harvesting Operations
Australia’s second-largest sugar producer, Mackay Sugar, is investigating a cyberattack that has disrupted parts of its operations and temporarily halted sugarcane harvesting in Queensland’s Mackay region. The Mackay Sugar security incident has led to the suspension of milling activities at two of the company’s facilities while cybersecurity specialists and authorities work to determine the nature and impact…
-
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code.”Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email. “We…
-
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
-
Cloud Security Alliance Report Highlights Growing Patch Gap Risks
AI is accelerating exploitation timelines while known vulnerabilities remain a leading cause of security incidents, according to a CSA report. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cloud-security-alliance-report-highlights-growing-patch-gap-risks/
-
The worst hacks and breaches of 2026 (so far)
From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/03/the-worst-hacks-and-breaches-of-2026-so-far/
-
Known vulnerabilities behind most application security incidents
Eight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/csa-application-security-incidents/
-
Organisationen vor Supply-Chain-Attacken schützen
Der Sicherheitsvorfall bei Unimed ist nur einer der letzten in einer langen Kette von Supply-Chain-Angriffen, die verheerende Wirkung erzeugen können. Die Auswirkungen sind besonders in Bezug auf IT-Infrastrukturen in Krankenhäusern enorm, denn sie treffen auf durch Reformen verunsicherte Belegschaften, die sich täglichem Stress ausgesetzt sehen und darauf angewiesen sind, dass die Digitalisierung das bringt, was sie…
-
Responding to Breaches With AI? Beware Cross-Contamination
Separate Breach Details Can Bleed Into Each Other, Incident Responders Find. Cybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security incident can contaminate a report into a separate incident, if both get drafted using the same AI tool in the same session, researchers warn. First seen…
-
Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning
A zero-click attack targeting iPhones on iOS 16 hijacked WhatsApp accounts without linked devices, warnings, or user interaction. There is a particular kind of security incident that is harder to explain than most: your WhatsApp account is sending messages you did not write, asking your contacts for money transfers, and when you check the >>Linked…
-
71 Prozent der Unternehmen waren im vergangenen Jahr von mindestens einem Identitätsdiebstahl betroffen
Der Report ‘State of Identity Security 2026″ von Sophos kommt zu dem Ergebnis, dass menschliches Versagen und mangelhaftes Identitätsmanagement bei nicht-menschlichen Akteuren die Hauptursachen für die meisten Angriffe sind, während autonome KI das Risiko weiter erhöht. Die Umfrage zeigt, dass 71 Prozent der Unternehmen (Deutschland: 62 Prozent) im vergangenen Jahr mindestens einen identitätsbezogenen Sicherheitsvorfall erlitten…
-
Cisco warns of AI inaccuracies in security incident reports
First seen on scworld.com Jump to article: www.scworld.com/brief/cisco-warns-of-ai-inaccuracies-in-security-incident-reports
-
Grafana confirms GitHub token breach cybercrime group claims the attack
Tags: attack, breach, cybercrime, data, data-breach, extortion, github, group, leak, security-incident, theftGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…
-
Veeam warnt nach Cyberangriff auf Canvas vor unterschätzten SaaS-Risiken
Entscheidend bleibt die Fähigkeit von Unternehmen, Daten unabhängig wiederherstellen und den Geschäftsbetrieb auch nach einem Sicherheitsvorfall schnell fortsetzen zu können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-warnt-nach-cyberangriff-auf-canvas-vor-unterschaetzten-saas-risiken/a45086/
-
Security Affairs newsletter Round 576 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence Braintrust security incident…
-
Day Zero Readiness: The Operational Gaps That Break Incident Response
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do. That distinction matters far more than many organizations realize. In…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
Voyage Privé Datenleck: Reisepass- und Buchungsdaten kompromittiert
Das Voyage Privé Datenleck entwickelt sich zu einem gravierenden Sicherheitsvorfall für Reisende. Neben Kontaktdaten könnten auch sensible Passdaten betroffen sein. Gleichzeitig warnen Experten vor gezielten Phishing-Angriffen im Zusammenhang mit echten Buchungen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/voyage-prive-datenleck
-
ISOP Traffic Forensics
When a customer business system experiences a security incident, they often need to conduct forensic analysis on historical network traffic to identify the source of the intrusion and reconstruct the entire incident for targeted emergency response. In scenarios where customers have such traffic-analysis requirements, we can leverage the traffic forensics capabilities of the ISOP platform……
-
Vimeo Confirms Data Breach After Hackers Access User Database
Tags: access, breach, cyber, data, data-breach, hacker, risk, security-incident, software, supply-chain, vulnerabilityVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with software supply chains, where a vulnerability in one vendor can compromise multiple downstream companies.…
-
Video site Vimeo blames security incident on Anodot breach
The hackers did not access video content, user logins or payment card information, and there was no disruption to Vimeo’s services, First seen on therecord.media Jump to article: therecord.media/vimeo-blames-security-incident-on-anodot-breach