< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 7 of 40

Lessons from the Vercel Breach: Shadow AI & OAuth Risk

🔒 The Vercel incident highlights how employee-installed AI apps can create persistent OAuth bridges between core enterprise systems and third parties, turning shadow AI into a critical attack vector. In the Vercel case a trial use of Context.ai granted access to Google Workspace, and when Context.ai was breached attackers leveraged stored tokens to pivot into Vercel. The piece urges admins to adopt default-deny consent, routinely audit integrations, and extend controls beyond primary clouds to manage OAuth sprawl.
read more →

KELA: 2.9 Billion Compromised Credentials Tracked in 2025

🔒 KELA's 2026 report reveals nearly 2.9 billion compromised credentials traced worldwide in 2025, including usernames, passwords, session tokens and cookies sourced from ULP lists, breached email repositories and marketplaces. At least 347 million were obtained by infostealers operating on about 3.9 million infected machines, driven by a surge in macOS infections. The firm warns that AI-driven, autonomous attack workflows and increasing vulnerability weaponization are escalating risk for organizations.
read more →

Vimeo Confirms Customer Data Exposed After Anodot Breach

🔒 Vimeo says an unauthorized actor accessed certain user and customer data following the breach at Anodot. Initial findings indicate the impacted databases primarily contained technical data, video titles and metadata, and, in some cases, customer email addresses. Vimeo confirmed that uploaded video content, account credentials, and payment card information were not exposed, and that platform operations were unaffected. The company has disabled Anodot credentials, removed the integration, and engaged third-party security experts and law enforcement to investigate.
read more →

Medtronic Confirms Corporate IT Breach After Claims

🔒 Medtronic has confirmed a data security incident in which an unauthorized party accessed certain internal corporate IT systems. The company said there was no disruption to products, patient safety or operations and that hospital networks managed by customers were not affected. Cybercrime group ShinyHunters previously claimed to have exfiltrated millions of records, but Medtronic has not verified those figures and is actively investigating with external cybersecurity specialists. If sensitive data access is confirmed, affected individuals will be notified and offered support services.
read more →

French police arrest HexDex for about 100 data breaches

🔒 French authorities have arrested a 21-year-old who used the alias 'HexDex', suspected of carrying out around 100 data breaches since late 2025. Prosecutors say he was preparing another data dump when detained and has been charged with six offences, including aggravators for organised gang activity. Alleged victims include the Ministry of National Education, where the Compas trainee-teacher system exposed roughly 243,000 employee records, as well as registries, unions, cultural institutions, sports federations, food banks and hotel chains. Stolen files were redistributed on criminal marketplaces; his account page now displays a message saying it was seized.
read more →

ADT Breach: ShinyHunters Exposes 5.5M Records, Partial IDs

🔒 ShinyHunters stole personal data for about 5.5 million ADT customers and posted an 11GB archive on a dark web leak site after a failed extortion. ADT says it detected the intrusion on April 20 and that accessed information was largely limited to names, phone numbers, and addresses, with a small number of records including DOBs and last-four SSNs/Tax IDs. The group claims the attack began with a vishing compromise of an employee's Okta SSO account that enabled theft from the company's Salesforce instance; ADT reports no payment data or customer security systems were affected.
read more →

Checkmarx Confirms GitHub Repo Data Posted on Dark Web

🔒 Checkmarx has confirmed that data tied to its GitHub repository was posted on the dark web after a March 23 supply chain attack. The company says the repository is maintained separately from its customer production environment and that no customer data is stored there; a forensic investigation to verify the nature and scope of the posted material is ongoing. Access to the affected repository has been locked down, and Checkmarx says it will notify customers and relevant parties if customer information is implicated.
read more →

Itron Confirms Cybersecurity Breach, Systems Remediated

🔒 Itron, a global provider of utilities technology, disclosed an unauthorized third-party breach of its IT systems in an 8-K filed on April 24. The company immediately activated its cybersecurity response plan, engaged external advisors and notified law enforcement while launching a comprehensive investigation. Itron says it has remediated and removed the unauthorized activity, observed no further access, and found no intrusion in customer-hosted systems. It reports operations were not materially disrupted and expects insurers to cover a significant portion of direct costs while it evaluates required legal and regulatory notifications.
read more →

Medtronic Confirms Network Breach After ShinyHunters Claim

🔒 Medtronic disclosed a network intrusion after the ShinyHunters extortion group claimed to have stolen more than 9 million records and multiple terabytes of internal corporate data. The company said the incident affected "certain corporate IT systems" but has not impacted products, patient safety, manufacturing, or hospital customer networks, which it says are segregated. An investigation is underway to determine whether personal data was accessed, and Medtronic said it will notify affected individuals and provide support if exposure is confirmed.
read more →

Itron Discloses Unauthorized Access to Internal IT

🔒 On April 13, 2026, Itron, Inc. detected unauthorized access to certain internal IT systems and activated its cybersecurity response plan. The company notified law enforcement and engaged external advisors to investigate, mitigate, remediate, and contain the activity. Itron reports the intrusion has been blocked with no observed follow‑up, no customer impact, and no material disruption to business operations. The investigation is ongoing and the company expects a significant portion of incident-related costs to be covered by insurance.
read more →

ADT Confirms Customer Data Breach After ShinyHunters Threat

🔒 ADT confirmed unauthorized access to customer and prospective customer data detected on April 20, saying it terminated the intrusion and opened an investigation. The company reported that stolen information was limited to names, phone numbers, and addresses, with a small subset including dates of birth and the last four digits of SSNs or Tax IDs. ADT emphasized no payment data or customer security systems were affected. ShinyHunters claims over 10 million records were taken after a vishing attack that allegedly compromised an employee’s Okta SSO and accessed Salesforce data.
read more →

UK Biobank Breach: Half a Million Health Records Listed

🔒 The personal health data of more than 500,000 UK Biobank volunteers was briefly listed for sale on Chinese e-commerce platforms, prompting removal of the adverts and joint action by UK and Chinese authorities. UK Biobank says the datasets were de-identified and did not include direct identifiers such as names or NHS numbers, and there is currently no evidence the data were purchased. The organisation has suspended researcher access, restricted downloads on its cloud research platform and launched a forensic investigation into misuse by researchers at three academic institutions.
read more →

26 FakeWallet Apps on Apple App Store Target Seed Phrases

🔒Researchers uncovered 26 malicious iOS apps, dubbed FakeWallet, impersonating popular cryptocurrency wallets on the Apple App Store since at least fall 2025. The apps, available to users whose Apple accounts are set to China, redirect victims to trojanized wallet builds or phishing pages to capture recovery phrases and private keys. Kaspersky found the campaign uses typosquatting, library injection, OCR modules, and enterprise provisioning to install payloads. Apple removed many of the apps after disclosure.
read more →

Tax Season Phishing Targets Individuals and Crypto Users

🛡️Scammers are creating convincing fake tax authority websites worldwide to harvest credentials, steal personal data, and distribute malware embedded in downloaded “documents.” These portals also run fraudulent paid services that collect taxpayer identifiers and financial details for later abuse. Cryptocurrency holders are specifically targeted with fake verification flows that request seed phrases or wallet connections, leading to immediate theft. Kaspersky cautions against using cloud-hosted AI for tax preparation and recommends sticking to verified official channels, encrypting sensitive files, and employing reputable security tools.
read more →

Rituals discloses customer data breach in My Rituals

🔒 Rituals has disclosed a data breach affecting members of its My Rituals loyalty program after attackers downloaded customer records. The company said the compromised data may include full name, email address, phone number, date of birth, gender and home address. Rituals confirmed no passwords or payment information were accessed, and said it has blocked the attackers' access and notified relevant authorities while initiating a forensic investigation. The firm has not disclosed the number of affected members despite a loyalty base of more than 41 million and said it has informed affected customers directly.
read more →

SpiceJet Booking System: Two High-Severity Exposure Flaws

⚠️ CISA reports two high-severity authorization and authentication flaws in SpiceJet Online Booking System (CVE-2026-6375, CVE-2026-6376) that permit unauthenticated disclosure of passenger information. Both issues carry a CVSS 3.1 base score of 7.5 and allow PNR enumeration and full booking retrieval without proper access controls. SpiceJet did not respond to coordination requests; CISA recommends defensive network segmentation and other mitigations.
read more →

Global Higher Education Cyberattacks Surge 63% Yearly

🔒 Quorum Cyber's 2026 Global Cyber Risk Outlook for Higher Education reports a 63% rise in recorded incidents between Nov 2023–Oct 2024 and Nov 2024–Oct 2025, increasing from 260 to 425. Across 67 countries, data breaches rose 73%, hacktivism 75% and ransomware 21%. FunkSec, Cl0p, INC and Nova were the most prolific groups. The report urges intelligence-led vulnerability management, dark web monitoring, robust backups and regular incident response exercises.
read more →

Vercel Identifies Additional Customer Account Breaches

🔒 Vercel said it has identified an additional set of customer accounts compromised as part of an incident after expanding its indicators of compromise and reviewing network requests and environment‑variable read events. The company reported a small number of accounts showing prior compromise that predates this incident and may stem from social engineering, malware, or other methods, and confirmed it notified affected parties. Investigators traced the chain to a compromise of Context.ai that allowed takeover of a Google Workspace account and pivoting into Vercel; further analysis points to Lumma Stealer as a likely initial payload.
read more →

Tip-line Breach and Rockstar Leak Highlight Security Risks

🔐 A tip‑line operator that handled anonymous reports for 35,000 U.S. schools suffered a major breach after an attacker exploited an XSS flaw in a LeverTip chat box and stole a staff session cookie via social engineering. The intruder exfiltrated 91 GB (≈8.3M tip records), some dating back decades, and offered the dataset for sale. Separately, Rockstar Games experienced a third‑party compromise that exposed partial data, including internal financial figures. Both incidents underscore failures in basic web hygiene, third‑party controls, and incident transparency.
read more →

Trojanized NFC Relay App Used to Steal Card Data in Brazil

💳 Cybercriminals have trojanized an Android NFC-relay application to capture contactless payment data and PINs, enabling cloning of cards and remote ATM cash-outs. ESET researchers report a new NGate malware variant was injected into the HandyPay app and distributed via a fake lottery site and a spoofed Google Play page targeting Android users in Brazil since November 2025. Traces in the injected code, including emoji markers in debug logs, led researchers to suspect use of generative AI, and ESET has published indicators and a MITRE ATT&CK mapping to aid detection.
read more →