All news with #data breach tag

🔒Trellix disclosed unauthorized access to a portion of its source code repository and says it is working with outside forensic experts to investigate the incident. The company reports it has found no evidence so far that the accessed code was altered, exploited, or that its release and distribution processes were affected, and it has notified law enforcement. Trellix intends to share further details as appropriate once the investigation concludes. Formed from McAfee Enterprise and FireEye, Trellix protects over 200 million endpoints and serves more than 50,000 customers, and this event follows recent breaches at other security vendors.

🔒 Instructure confirmed a cybersecurity incident that exposed personal information after the extortion group ShinyHunters posted claims of a large data theft. Company updates indicate affected data may include names, email addresses, student ID numbers, and private messages, while no evidence so far points to leaked passwords, dates of birth, government identifiers, or financial data. Instructure says it has patched the reported vulnerability, rotated application keys, increased monitoring, and requires customers to re-authorize API access as part of its response while third-party experts and law enforcement investigate.

🔐 Trellix has confirmed an incident that allowed unauthorized access to a portion of its source code repository. The company said it recently identified the compromise, engaged leading forensic experts, and notified law enforcement while pursuing an internal investigation. Trellix did not disclose the specific data accessed or an attribution, but stated there is currently no evidence that its source code was released, distributed, or exploited. Additional information will be shared as the investigation progresses.

🔐 Instructure has disclosed a cybersecurity incident and says it is actively investigating the impact with outside forensics experts. The company, best known for the Canvas learning platform, indicated some services have been under maintenance since May 1 and customers may experience issues with tools that rely on API keys. Instructure said it is working to understand the extent of the incident, minimize impact, and will provide updates as they become available.

🔐 A Vietnamese-linked operation used a Google AppSheet address as a phishing relay to distribute credential-harvesting pages and compromise roughly 30,000 Facebook accounts. Guardio, calling the scheme AccountDumpling, says stolen accounts are resold via an illicit storefront after exfiltration to Telegram channels. Lures hosted on Netlify, Vercel and Google Drive, plus Canva-generated PDFs, were used to harvest passwords, 2FA codes, IDs and business data, leaving many victims locked out.

🔒 French authorities have detained a 15-year-old on suspicion of selling data stolen from France Titres (ANTS) after the agency detected suspicious activity on April 13 and alerted prosecutors on April 16. Investigators say a user going by the alias breach3d offered between 12 and 18 million records on a cybercriminal forum; ANTS later reported 11.7 million impacted accounts. Exposed fields include full names, email addresses, dates of birth, postal addresses, and phone numbers, although ANTS said the stolen data could not be used for unauthorized access. Prosecutors are seeking formal charges and judicial supervision; the alleged offenses carry up to seven years’ imprisonment and a €300,000 fine.

⚠️ A supply chain attack delivered two malicious PyPI releases of PyTorch Lightning (versions 2.6.2 and 2.6.3) published on April 30, 2026; the packages execute automatically on import to harvest credentials. The malicious build hides a _runtime directory with a downloader that fetches the Bun JavaScript runtime and runs an obfuscated 11MB payload that validates GitHub tokens against the api.github[.]com/user endpoint and injects worm-like commits across writable branches. The threat also tampers with local npm packages by adding postinstall hooks, incrementing patch versions, repacking .tgz files, and enabling accidental republishing back to npm. PyPI has quarantined the project; maintainers are investigating, and users should block the affected releases, downgrade to 2.6.1, and rotate any exposed credentials.

📚 The UK public education sector experienced a marked increase in reported cyber breaches in the Cyber Security Breaches Survey 2025/2026, published on 30 April by the Department for Science, Innovation and Technology (DSIT) and the Home Office. The report's Education Annex records rises across primary, secondary, further and higher education — notably higher education breaches climbed from 91% to 98% and secondary schools from 60% to 73%. While national breach levels for businesses and charities remained broadly stable, the education surge, falling small-business cyber hygiene and the low uptake of Cyber Essentials are being flagged as significant resilience concerns.

🔒 A developer at an AI startup downloaded a dubious Roblox script onto a work laptop, a single error that cascaded into a costly breach and caused roughly $2 million in remediation. The episode also highlights the long-standing SS7 telecom weakness that enables pervasive mobile tracking and interception. Host Graham Cluley and guest James Ball interview Rob Edmondson of CoreView about how to lock down Microsoft 365 before misconfigurations are exploited.

🔒 The Vercel incident highlights how employee-installed AI apps can create persistent OAuth bridges between core enterprise systems and third parties, turning shadow AI into a critical attack vector. In the Vercel case a trial use of Context.ai granted access to Google Workspace, and when Context.ai was breached attackers leveraged stored tokens to pivot into Vercel. The piece urges admins to adopt default-deny consent, routinely audit integrations, and extend controls beyond primary clouds to manage OAuth sprawl.

🔒 KELA's 2026 report reveals nearly 2.9 billion compromised credentials traced worldwide in 2025, including usernames, passwords, session tokens and cookies sourced from ULP lists, breached email repositories and marketplaces. At least 347 million were obtained by infostealers operating on about 3.9 million infected machines, driven by a surge in macOS infections. The firm warns that AI-driven, autonomous attack workflows and increasing vulnerability weaponization are escalating risk for organizations.

🔒 Vimeo says an unauthorized actor accessed certain user and customer data following the breach at Anodot. Initial findings indicate the impacted databases primarily contained technical data, video titles and metadata, and, in some cases, customer email addresses. Vimeo confirmed that uploaded video content, account credentials, and payment card information were not exposed, and that platform operations were unaffected. The company has disabled Anodot credentials, removed the integration, and engaged third-party security experts and law enforcement to investigate.

🔒 Medtronic has confirmed a data security incident in which an unauthorized party accessed certain internal corporate IT systems. The company said there was no disruption to products, patient safety or operations and that hospital networks managed by customers were not affected. Cybercrime group ShinyHunters previously claimed to have exfiltrated millions of records, but Medtronic has not verified those figures and is actively investigating with external cybersecurity specialists. If sensitive data access is confirmed, affected individuals will be notified and offered support services.

🔒 French authorities have arrested a 21-year-old who used the alias 'HexDex', suspected of carrying out around 100 data breaches since late 2025. Prosecutors say he was preparing another data dump when detained and has been charged with six offences, including aggravators for organised gang activity. Alleged victims include the Ministry of National Education, where the Compas trainee-teacher system exposed roughly 243,000 employee records, as well as registries, unions, cultural institutions, sports federations, food banks and hotel chains. Stolen files were redistributed on criminal marketplaces; his account page now displays a message saying it was seized.

🔒 ShinyHunters stole personal data for about 5.5 million ADT customers and posted an 11GB archive on a dark web leak site after a failed extortion. ADT says it detected the intrusion on April 20 and that accessed information was largely limited to names, phone numbers, and addresses, with a small number of records including DOBs and last-four SSNs/Tax IDs. The group claims the attack began with a vishing compromise of an employee's Okta SSO account that enabled theft from the company's Salesforce instance; ADT reports no payment data or customer security systems were affected.

🔒 Checkmarx has confirmed that data tied to its GitHub repository was posted on the dark web after a March 23 supply chain attack. The company says the repository is maintained separately from its customer production environment and that no customer data is stored there; a forensic investigation to verify the nature and scope of the posted material is ongoing. Access to the affected repository has been locked down, and Checkmarx says it will notify customers and relevant parties if customer information is implicated.

🔒 Itron, a global provider of utilities technology, disclosed an unauthorized third-party breach of its IT systems in an 8-K filed on April 24. The company immediately activated its cybersecurity response plan, engaged external advisors and notified law enforcement while launching a comprehensive investigation. Itron says it has remediated and removed the unauthorized activity, observed no further access, and found no intrusion in customer-hosted systems. It reports operations were not materially disrupted and expects insurers to cover a significant portion of direct costs while it evaluates required legal and regulatory notifications.

🔒 Medtronic disclosed a network intrusion after the ShinyHunters extortion group claimed to have stolen more than 9 million records and multiple terabytes of internal corporate data. The company said the incident affected "certain corporate IT systems" but has not impacted products, patient safety, manufacturing, or hospital customer networks, which it says are segregated. An investigation is underway to determine whether personal data was accessed, and Medtronic said it will notify affected individuals and provide support if exposure is confirmed.

🔒 On April 13, 2026, Itron, Inc. detected unauthorized access to certain internal IT systems and activated its cybersecurity response plan. The company notified law enforcement and engaged external advisors to investigate, mitigate, remediate, and contain the activity. Itron reports the intrusion has been blocked with no observed follow‑up, no customer impact, and no material disruption to business operations. The investigation is ongoing and the company expects a significant portion of incident-related costs to be covered by insurance.

🔒 ADT confirmed unauthorized access to customer and prospective customer data detected on April 20, saying it terminated the intrusion and opened an investigation. The company reported that stolen information was limited to names, phone numbers, and addresses, with a small subset including dates of birth and the last four digits of SSNs or Tax IDs. ADT emphasized no payment data or customer security systems were affected. ShinyHunters claims over 10 million records were taken after a vishing attack that allegedly compromised an employee’s Okta SSO and accessed Salesforce data.