Tag: breach
20 articles

LastPass Breach Exposes Customer Data in Supply Chain Hack
LastPass recently discovered a security incident at Klue, a third-party platform they use, which led to an unauthorized actor accessing some customer data through its Salesforce environment. Fortunately, customer vaults and core products remain secure, and swift action has been taken to mitigate the breach.

GitHub Discloses Breach from Poisoned VS Code Extension
GitHub swiftly detected and contained a security breach that originated from a tainted Visual Studio Code extension, taking immediate action to remove the malicious version and isolate the affected endpoint. The breach appears to be limited to GitHub's internal repositories, with the company rotating critical secrets and conducting a thorough investigation.

ShinyHunters Breach Exposes Educational SaaS Canvas
ShinyHunters hackers have claimed responsibility for taking down educational software platform Canvas in a cyberattack that left users offline. The group didn't hold back, giving the developer a scathing "F for security" in their criticism of the breach.

ShinyHunters Breach Educational SaaS Canvas
A recent cyberattack has left Canvas, a popular educational software-as-a-service platform, offline, with hackers group ShinyHunters taking credit for the breach and raising serious concerns about the platform's security. The incident has disrupted learning and left many wondering about the safety of sensitive data.

ShinyHunters Breach Exposes 330 Colleges in Canvas Hack
The notorious ShinyHunters gang has breached Instructure's Canvas, exposing a staggering 330 colleges to a devastating hack, and issued a chilling ultimatum with a May 2026 deadline to negotiate. The attackers replaced login pages with an extortion message, demanding schools seek cyber advisory help and secretly reach out to settle.

firewall vulnerabilities: Exclusive Risky Flaws Exposed
Senator Cassidy has blasted Cisco with a pointed letter after critical firewall flaws were reportedly used to breach at least one federal agency, asking whether the vendor delayed disclosure or patches while networks stayed exposed. His probe spotlights urgent questions about vendor transparency, coordinated disclosure, and who’s accountable when core defenses fail.

stolen source code: Exclusive Critical Threat Revealed
When F5 confirmed nation-state theft of source code and undisclosed vulnerability info, it turned a theoretical threat into an urgent call to action: patch quickly, tighten monitoring and segment networks before attackers can weaponize that roadmap. Consider this a wake-up call — assume adversaries may already know your weak spots and move now to protect them.

Oracle E-Business Suite: Stunning Critical Breach Risk
A zero-day in Oracle E-Business Suite, actively exploited by CL0P since Aug. 9, 2025, likely hit dozens of organizations and put payroll, financial and HR data at risk. Security teams and leaders are racing to contain the damage, patch systems and lock down access before attackers strike again.

cloud backups Risky: Stunning SonicWall Breach Exposes All
Imagine your firewall’s master keys were left exposed — that’s what SonicWall customers discovered after the vendor revised its estimate from 5% to 100% of cloud backups affected, potentially exposing VPN credentials and network topology. If you used SonicWall cloud backups, inventory impacted devices, rotate credentials, and assume the worst while you await forensic details.

consulting GitLab instance: Must-Have Risky Breach Fixes
Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

Red Hat repositories Exclusive Critical Leak
Red Hat is scrambling after a hacking group called the Crimson Collective claims to have leaked roughly 570 GB from about 28,000 private repositories — including source code, internal notes and customer documents — a breach that could upend supply chains and privacy protections. If confirmed, assume exposure: rotate credentials, audit CI/CD and follow Red Hat’s guidance while investigators work to assess the full scope.

2025 cybersecurity assessment: Exclusive Risky Alert
Bitdefender’s 2025 Cybersecurity Assessment warns that a dangerous habit of hiding breaches is spreading as AI empowers attackers and leadership drifts from frontline reality. The report calls for transparency, tighter attack-surface hygiene, and cultural change before secrecy turns incidents into disasters.

critical vulnerability in GeoServer: Stunning Risk Exposed
Last year’s GeoServer exploit that breached an unnamed federal agency turned CISA’s mantra assume breach into a wake-up call — proving how quickly widely used open-source tools can become a systemic risk unless agencies speed up patching, segment networks, and shore up visibility.

ransomware campaign: Risky Breach Exposes 12,000+ Stunning
Insight Partners says a ransomware attack exposed personal data for more than 12,000 people — employees, former staff and limited partners — sparking urgent questions about investor privacy and the safeguards venture firms must have in place. This breach is a wake-up call: clearer disclosure, stronger cyber defenses and tougher due diligence are now essential for investors, founders and funds alike.

unauthorized access incident: Stunning Risk — Act Now
Ugh — Plex warned of another password exposure. If you got notified, reset your password, enable MFA, and review connected devices right away.

Salesloft GitHub repository Massive Risky Breach
A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

CRM platform Risky Breach: Stunning Contact Exposure
Workday says its core systems were untouched, but a third-party CRM was breached — exposing business contacts that could fuel phishing, BEC and credential-stuffing attacks. Treat contact data as compromised: tighten MFA, audit integrations, and warn teams to watch for targeted social engineering.

Workday CRM breach: Stunning Critical Risk Revealed
Workday says attackers accessed vendor-run CRM tools that support its customers, potentially exposing contact and support data — a stark reminder that even trusted platforms can be vulnerable through third-party integrations. If you use Workday, assume elevated risk, tighten vendor controls, and watch for suspicious communications while the investigation continues.

TeleMessage vulnerabilities: Stunning Risky Data Breach
When security researcher Micah Lee exposed at DEF CON how TeleMessage — a supposedly secure app used by White House officials — leaked a massive trove of sensitive communications, it became a stark wake-up call about how fragile our digital privacy really is. Now more than ever we need stronger encryption, transparency, and user awareness to prevent another breach.

Employee Receives $920 for Credentials Linked to $140 Million Bank Heist
Employee awarded $920 for credentials tied to a $140 million bank heist, highlighting the risks of insider threats in the financial sector.