Topic: unauthorized access
-
Urgent: Unpatched ScreenConnect Servers Vulnerable to Attack
A critical vulnerability (CVE-2026-3564) in ScreenConnect allows attackers to hijack active sessions by exploiting weak cryptographic key handling in versions before 26.1. A successful attack could let unauthorized users remotely control the management instance, access employee computers, execute...
Read More » -
Starbucks Employee Data Breach Impacts Hundreds
A security breach at Starbucks compromised the personal data of several hundred employees by targeting the internal **Starbucks Partner Central** platform, which manages work schedules and payroll. The exposed data likely includes sensitive information like names and Social Security numbers, prom...
Read More » -
Judge Halts Perplexity AI from Shopping on Amazon
A federal judge issued a preliminary injunction against AI company Perplexity, barring its automated agents from making unauthorized purchases on Amazon after finding compelling evidence of unauthorized account access. Amazon's lawsuit alleged Perplexity's AI, via its Comet browser, intruded on i...
Read More » -
Record Zero-Day Attacks Target Enterprise Software
The number of zero-day vulnerabilities exploited in attacks reached 90 in 2025, an all-time high for enterprise software and appliances. Enterprise technology became the primary target, with 48% of all zero-day exploits aimed at business software and appliances. Nearly half of these enterprise-ta...
Read More » -
The Rise of AI Auditors: Monitoring Model Behavior
AI auditors are emerging as a critical new profession to ensure AI systems operate safely, ethically, and within legal boundaries by monitoring for issues like bias and unpredictable outputs. Their multifaceted role involves comprehensive technical and behavioral oversight, including engineering ...
Read More » -
PayPal Data Breach Exposed User Info for 6 Months
A software flaw in PayPal's Working Capital loan platform exposed customer data, including Social Security numbers and addresses, for nearly six months due to a code change made in July 2025. PayPal fixed the flaw by December 13, 2025, is offering affected users two years of credit monitoring, an...
Read More » -
Adidas Probes Data Breach Impacting 815,000 Customers
Adidas is investigating a potential data breach linked to a third-party service provider, though its own systems appear unaffected, highlighting cybersecurity risks in partner networks. A hacker group claims responsibility for stealing a dataset of 815,000 customer records, including sensitive pe...
Read More » -
Odido Data Breach: 6.2 Million Customers' Info Exposed
Dutch telecom provider Odido suffered a major cyberattack, with unauthorized access to its customer contact system compromising personal data for millions of customers. The breach impacted approximately 6.2 million customers, potentially exposing sensitive details like names, addresses, phone num...
Read More » -
Flickr warns of data breach exposing user emails and names
A security flaw in an external email provider for a major photo-sharing platform potentially exposed user data like names, email addresses, and IP addresses, though financial data and passwords were not compromised. The company acted quickly to contain the breach, terminated access to the affecte...
Read More » -
SMS Sign-In Links Put Millions at Risk
SMS-based authentication links are creating major security vulnerabilities, exposing users to fraud and identity theft across numerous online services due to easily guessable or enumerable tokens in the URLs. Attackers can exploit these weak tokens to access other users' accounts, view sensitive ...
Read More » -
How Supply Chain Sprawl Is Reshaping Security
Businesses face significant cybersecurity risks due to supply chain sprawl, with vendor-related threats being a primary concern, especially for large enterprises and sensitive sectors. A lack of visibility into vendor security practices and outdated risk assessments leave organizations vulnerable...
Read More » -
DoorDash Data Breach: Customer Information Exposed
DoorDash experienced a data breach in October 2025, compromising customer names, phone numbers, email addresses, and delivery locations, but sensitive data like financial details and Social Security numbers were not accessed. The breach resulted from a social engineering attack on an employee, pr...
Read More » -
Conduent Data Breach Exposes Data of 10.5 Million People
The cybersecurity breach at Conduent exposed personal data of over 10.5 million individuals, including sensitive information like Social Security numbers and medical records, with the SafePay ransomware gang claiming responsibility for the attack. Unauthorized access to Conduent's systems began i...
Read More » -
Indian Bank Data Breach Exposes Thousands of Transfer Records
A significant data breach exposed 273,000 sensitive bank transfer documents from an unsecured Amazon S3 server, compromising account numbers, transaction details, and personal information linked to India's NACH payment system. The Indian fintech firm Nupay acknowledged responsibility for the leak...
Read More » -
Senate Probe Finds DOGE Offices Barricaded, Windows Covered
A Senate investigation found that the Digital Office of Government Efficiency (DOGE) uploaded a live copy of the highly sensitive Social Security NUMIDENT database to an unmonitored cloud environment, bypassing oversight protocols. The data transfer was approved by SSA Chief Information Officers ...
Read More » -
Senate Probe Exposes DOGE Takeover: Armed Guards, Muscle Milk
A Senate investigation revealed that the Department of Government Efficiency (DOGE), established under Elon Musk, operated covertly within federal agencies with minimal oversight, raising concerns about a potential catastrophic data breach and unclear chains of command. DOGE systematically infilt...
Read More » -
DHS Data Hub Leaked Sensitive Intel to Thousands
A misconfigured DHS online platform exposed 439 classified intelligence products to thousands of unauthorized users, including government staff, contractors, and foreign nationals, over two months in early 2023. The leaked data included sensitive reports on cybersecurity threats, foreign hacking,...
Read More » -
Kering Confirms Major Data Breach at Gucci and Balenciaga
Kering has confirmed a major data breach affecting customers of its luxury brands, including Gucci and Balenciaga, with unauthorized access to personal information. The compromised data includes names, contact details, and purchase history, but financial information like credit card numbers was n...
Read More » -
Cyber-Attacks Hit Three French Regional Healthcare Agencies
A coordinated cybersecurity breach compromised personal data of patients in multiple French regions, though medical records remained secure. Attackers used stolen credentials to impersonate healthcare professionals and access systems via regional e-health platforms. Authorities are taking action ...
Read More » -
SSA Whistleblower's Resignation Email Vanishes From Inboxes
An email from the Social Security Administration's chief data officer, Chuck Borges, detailing his forced resignation and whistleblower complaint over data mishandling, vanished from employee inboxes shortly after being sent. Borges alleged that the SSA improperly transferred sensitive personal d...
Read More »
