Public Amazon bucket
A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million pas
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million pas
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: t
34,532,941 records exposed — Age groups, Credit scores, Device information, Email addresses and 9 more
The company, which operates a widely used observability platform, is refusing to pay an extortion demand.
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no custom
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices
The Supreme Court of California has ruled in J.M. v. Illuminate Education, Inc., a case closely watched by those concerned about holding edtech vendors liable in the event of a data breach. As background on the case: In
Google’s Threat Intelligence Group writes: Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a threat actor operating under the “BlackFile” brand
A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers m
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The post In Other News: Big Tech vs Canada Enc
The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation. The post American Lending Center Data Breach Affects 123,000 Individuals appeared first on SecurityWe
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. [...]
On the Spot News reports: An investigation has revealed than nearly 50 staff at a Merseyside hospital group accessed horrific details of the condition of those attacked in Southport. The investigation has only just come
The House Committee on Homeland Security sent a letter about the Canvas cyberattack, the same day that the edtech company said it reached an "agreement" with the ShinyHunters cybercriminals.
Microsoft Exchange Server Cross-Site Scripting Vulnerability — Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditi
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual p
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat
The company confirmed data was stolen and encrypted by the attackers.
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [...]
711,099 records exposed — Email addresses, Employers, Job titles, Names and 2 more
A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass a