Topic: security breach
-
eScan Server Breach Delivers Malicious Software Update
eScan antivirus software experienced a supply chain attack where a compromised regional update server distributed a malicious file to a limited number of customers during a specific window in January 2026. The malicious update delivered a tampered component that established persistence, executed ...
Read More » -
SoundCloud Data Breach Exposes User Info, Disrupts VPN Access
SoundCloud confirmed a security breach where unauthorized access to an internal system led to the theft of a user database, exposing email addresses and public profile information for a significant portion of its user base. The breach caused service disruptions, including users being blocked with...
Read More » -
Brightspeed Customers Disconnected in Alleged Hack
A hacking group called Crimson Collective claims to have breached Brightspeed, a major U.S. internet service provider, compromising extensive customer data including personal details, location information, and partial financial records. The group also claims to have intentionally disrupted custom...
Read More » -
Sedgwick Subsidiary Breach Exposes Government Contractor Data
A data breach at Sedgwick Government Solutions exposed sensitive information from over twenty federal agency clients, including CISA, DHS, and CBP, though the parent company's core network was unaffected. The breach was isolated to a file transfer system, with no evidence of access to primary cla...
Read More » -
Salesforce Reveals Gainsight Breach Details and Investigation Steps
Salesforce disclosed a security incident involving Gainsight applications, with unauthorized access likely starting on November 8 and suspicious activity detected from mid-November using IPs from VPNs, Tor, and AWS. Indicators of compromise include specific IP addresses and a suspicious User Agen...
Read More » -
State-Sponsored Hackers Breached SonicWall in September
State-sponsored hackers breached SonicWall's cloud environment in September, accessing firewall configuration backup files via an API call, but no products, firmware, or customer networks were compromised. The exposed backup files contained sensitive credentials, prompting SonicWall to advise aff...
Read More » -
SonicWall Firewall Backups Compromised by Attackers
SonicWall confirmed that attackers used brute-force methods to access its cloud backup API, compromising configuration backup files for all customers who used the service, contradicting earlier statements about a limited impact. The compromised files contain sensitive data like network settings, ...
Read More » -
SonicWall Urges Password Reset Following Security Breach
SonicWall has advised customers to reset passwords after detecting unauthorized access to firewall configuration backup files in some MySonicWall accounts, which contain sensitive data like credentials and tokens. The company confirmed this was not a ransomware attack but a series of targeted bru...
Read More » -
Google: Salesloft AI Agent Data Breach Escalates Significantly
Google has issued a critical alert warning that all security tokens for Salesloft Drift AI should be considered compromised due to unauthorized access via stolen credentials. The breach, initially thought to be limited to Salesforce integration, has expanded to include other services, prompting G...
Read More » -
US Nuclear Plant Hacked Through SharePoint Vulnerabilities
A foreign actor breached the Kansas City National Security Campus by exploiting unpatched Microsoft SharePoint vulnerabilities, revealing critical cybersecurity flaws in sensitive government infrastructure. The compromised facility, managed by Honeywell FM&T for the NNSA, produces essential non-n...
Read More » -
Marquis Blames Ransomware Attack on SonicWall Cloud Hack
A ransomware attack on financial software provider Marquis was traced to stolen configuration data from SonicWall's cloud portal, not a direct firewall vulnerability. The breach initially thought to affect a small percentage of SonicWall customers was later found to impact all users of its cloud ...
Read More » -
Zero Trust: Why It's a Journey, Not a Destination
Zero trust is a continuous process, not a one-time project, requiring ongoing adaptation due to evolving threats, changing technology, and organizational growth. Modern challenges like AI-powered attacks, supply chain vulnerabilities, and distributed infrastructure (cloud, IoT, microservices) com...
Read More »