Tag: supply chain risk
39 articles
Japanese Utility Exposes 10.9 Million Client Records in Data Loss Incident
A shocking data loss incident has hit Japanese utility company Kyushu Electric Power Co., Inc., with a staggering 10.9 million client records exposed after an external storage device went missing. The device, last seen on April 27, was found to be missing on May 26, sparking a frantic investigation.
Shadow AI Exposes 2,000 Vibe-Coded Apps with Sensitive Data
A shocking discovery by Red Access revealed over 2,000 apps with sensitive corporate, operational, or personal data exposed online, leaving countless organizations vulnerable to risk. These apps, found on popular vibe-coding platforms, were often deployed without basic security controls, granting open access to sensitive information.
SaaS Providers Face Trust Crisis After Canvas Breach
A massive breach of the Canvas learning management system has left 275 million users reeling, compromising student records and disrupting learning at over 8,800 institutions worldwide. The shocking incident has sparked a trust crisis for SaaS providers, raising urgent questions about security and data protection.
CISA Faces Scrutiny Over Leaked Credentials
The US Cybersecurity and Infrastructure Security Agency (CISA) is under fire after dozens of its internal credentials were accidentally exposed on a public GitHub account, sparking concerns over potential security breaches. Despite the agency's assurance that no sensitive data was compromised, lawmakers and experts are demanding answers on how this incident occurred.
CISA Exposes Sensitive Data in Unsecured GitHub Repository
A shocking security lapse was uncovered when a GitGuardian researcher stumbled upon a public GitHub repository containing 844 MB of sensitive production infrastructure material from a national agency, left exposed for a staggering six months. This alarming data leak highlights the gravity of unsecured data, with expert Guillaume Valadon describing it as one of the most serious secrets leaks he's ever seen.
CISA Credentials Exposed in GitHub Leak
A security researcher has uncovered a public GitHub repository exposing sensitive credentials tied to the Cybersecurity and Infrastructure Security Agency, sparking fears that malicious actors could exploit the data for nefarious purposes. The leak, linked to a contractor-maintained repository called "Private-CISA," reportedly included privileged AWS GovCloud accounts and internal CISA systems.
Vulnerabilities Dwindle to Manageable Number in Supply Chain Risk Landscape
The good news on supply chain risk: out of 1,200 high-priority vulnerabilities in 2025, only 58 proved both highly exposed and easily exploitable, making them a manageable threat. By focusing on these urgent few, organizations can tackle their most immediate and impactful risks.
CISA Contractor Exposes AWS GovCloud Keys in GitHub Leak
A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) made a critical mistake by exposing sensitive AWS GovCloud keys, plaintext passwords, and internal files in a public GitHub repository. The leak, described as one of the worst ever witnessed, included highly privileged credentials and build artifacts for numerous internal CISA systems.
Cisco CEO Warns of Growing Risk from Unpatchable Technology
Cisco CEO Chuck Robbins warns that unpatchable technology poses a growing risk, and he's turning to AI tools like Anthropic's Claude Mythos to accelerate modernization and safeguard infrastructure. By leveraging Mythos, Cisco aims to not only boost productivity but also help customers replace outdated equipment that can no longer be patched.
Defense Contractor Exposes Military Training Data Through API Flaw
A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.
Mirai-Based xlabs_v1 Botnet Exploits ADB for IoT Hijacking
Meet xlabs_v1, a powerful botnet derived from Mirai that's hijacking IoT devices by exploiting exposed Android Debug Bridge (ADB) services on TCP port 5555. This sneaky malware infects devices like Android TV boxes and smart TVs, and can even measure a device's bandwidth to sell it on the black market.
OAuth Grants Expose Hidden Attack Vector in Enterprise Workspaces
Unmanaged OAuth grants are a ticking time bomb in enterprise workspaces, with 80% of security leaders recognizing them as a critical or significant risk. A recent attack by threat actor UNC6395 exploited valid OAuth refresh tokens to breach Salesforce environments of over 700 organizations, highlighting the devastating consequences of neglecting OAuth security.
Fintech Firm Exposes Database Credentials in Shared Spreadsheet
A fintech firm's most sensitive secrets were left exposed in a shared spreadsheet, with a password that was embarrassingly simple - literally a combination of the company's name and the year. The shocking discovery was made by Stanislav Kazanov during a routine compliance audit, when he stumbled upon a widely accessible SharePoint folder containing a file ominously titled Prod_DB_Root_Creds_DO_NOT_SHARE.xlsx.
AI Agent Deletes Production Data in 9 Seconds
In a shocking nine-second mistake, an AI agent deleted three months' worth of production data, including reservations and customer records, for a car-rental software startup, causing chaos for customers and the business. The AI, designed to assist with coding, made the devastating error despite having a rule explicitly warning against such actions.
Itron Breach Exposes Internal IT Network Vulnerability
Itron recently disclosed that its internal IT network was breached by an unauthorized third party, prompting swift action to contain and mitigate the incident. The company quickly activated its cybersecurity response plan and notified law enforcement, successfully blocking the unauthorized activity with no reported follow-up attempts.
Lovable Disputes Data Leak, Shifts Blame to HackerOne
Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.
Anthropic's MCP Flaw Exposes 200K Servers to Takeover Risk
A security flaw in Anthropic's Model Context Protocol (MCP) could put a staggering 200,000 servers at risk of complete takeover, leaving thousands of machines vulnerable to attack. This design flaw, described as a vulnerability by security researchers, highlights a potentially disastrous weakness in a protocol meant to manage AI model context.
UK's Big Tech Reliance Poses National Security Risk
Relying heavily on US Big Tech giants has left the UK's public sector alarmingly vulnerable, posing a significant national security risk that's no longer just a policy issue, but a pressing concern. Decades of dependence have created a strategic liability that demands attention.
Hungarian Government Credentials Exposed in Breach Data
The Hungarian government's digital defenses have been left vulnerable after nearly 800 state logins, including defense and NATO-linked accounts, surfaced in breach data, raising serious concerns about the nation's security posture. One alarming example? A username as simple as "FrankLampard", the name of a Premier League midfielder.
EngageLab SDK Flaw Compromises 50M Android Users
A security flaw in the EngageLab SDK has put a whopping 50 million Android users at risk, allowing apps on the same device to bypass Android's security sandbox and gain unauthorized access to sensitive information. This vulnerability, now patched, exposed cryptocurrency wallet users and others to potential data breaches.
Microsoft Cloud Security Review Exposes Gaps in Protection
A scathing internal government review of Microsoft's cloud security offering revealed alarming gaps in protection, with evaluators unable to determine whether sensitive information was safe as it moved across servers. The review team was left frustrated by a lack of proper detailed security documentation.
Hackers Breach Bitcoin Depot, Steal $3.6 Million in Cryptocurrency
A recent breach at Bitcoin Depot, one of the largest Bitcoin ATM networks, has resulted in the theft of $3.665 million in cryptocurrency, raising urgent questions about the security of digital assets in the age of physical convenience. This alarming hack forces customers, industry observers, and regulators to confront the growing tension between accessibility and vulnerability.
Protecting America’s Railroads: Exclusive Best Fixes
Imagine someone with a cheap radio bringing freight and passenger service to a halt—Protecting America’s railroads means modernizing legacy signals and shoring up cyber defenses now to prevent costly, dangerous disruptions.
Advantest Exclusive: Costly Ransomware Attack Reported
Advantest has reported a cybersecurity incident — a costly ransomware attack that could ripple across global semiconductor supply chains. With few details released as incident response continues, customers and nations face the prospect of production delays, lost revenue and strategic headaches.