Cal Water Finds No Evidence
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Su
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Su
Kyiv Post reports: Ukrposhta, Ukraine’s national postal service, announced system malfunctions following a cyberattack overnight going into Thursday. In a brief update, the state-run postal service said it is working to
The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ top priority for their IT executives is to capitalize on AI. From researching
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability — Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SM
We are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or fram
In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its’ dark web leak site with a claim that they had acquire
PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by
PTC Windchill and FlexPLM Improper Input Validation Vulnerability — PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by
Brazil’s alert system was taken offline after a fake emergency alert reached phones, with officials investigating a suspected cyberattack and security failure.
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability — Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SM
A dairy products manufacturer in Russia's republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack.
A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]
Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password man
A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...]
Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media
Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations cont
Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations cont
Joseph Cox reports: The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG’s systems, according to the hackers and 404 Media
Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password man
Cybercriminals used Amadey and StealC to infect thousands of computers worldwide, leading to ransomware and other digital crimes.
9,796,738 records exposed — Customer service records, Email addresses, Names, Phone numbers and 1 more
A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts
Two members of the Scattered Spider cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers
An extensive program at Meta to gather a wide range of data from employees to train its AI model has been frozen after employees reportedly broke through its guardrails and accessed restricted data, and then did so again