The predictable file structure of the content management system makes it easy to guess where a file is stored, leading to potential leaks, as demonstrated by a journalist accessing a leaked UK budget document.
Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Hasbro detected an intrusion on March 28, prompting the company to take down some of its systems. Parts of Hasbro's website appeared down, with error messages indicating maintenance.
Never feel that you are totally safe. In July 2025, one company learned the hard way after an AI coding assistant it dearly trusted from Replit ended up breaching a "code freeze" and implemented a command that ended up deleting its entire product database. This was a huge blow to the staff. It effectively meant that months of extremely hard work, comprising 1,200 executive records and 1,196 company records, ended up going away.
Research from Pentera Labs reveals evidence of active exploitation in customer-managed business cloud environments, particularly within Fortune 500 companies and cybersecurity vendors. This exploitation is targeting training applications utilized by said organizations. These are applications typically deployed for security demos and training, including OWASP Juice Shop, DVWA and Hackazon. The research discovered thousands of systems exposed, with several hosted on enterprise infrastructure using Azure, AWS and GCP cloud platforms.
Microsoft's BitLocker is a security feature built into Windows that encrypts the entire hard drive. The idea is to protect your personal files from prying eyes in case your PC is ever lost or stolen. Decrypting the data requires a BitLocker recovery key, which is supposed to be safe from access by other people. Aah, but not so fast. Microsoft has confirmed to Forbes that it will provide your BitLocker recovery key if it receives a valid legal order.
Near-identical password reuse occurs when users make small, predictable changes to an existing password rather than creating a completely new one. While these changes satisfy formal password rules, they do little to reduce real-world exposure. Here are some classic examples: Adding or changing a number Summer2023! → Summer2024! Appending a character Swapping symbols or capitalization Welcome! → Welcome? AdminPass → adminpass Another common scenario occurs when organizations issue a standard starter password to new employees, and instead of replacing it entirely, users make incremental changes over time to remain compliant.
Meanwhile, the actual threat landscape evolved in an entirely different direction. Today's attackers aren't sitting at keyboards manually typing password guesses. They're running offline brute force attacks with dedicated GPU rigs that can attempt 100 billion passwords per second against hashing algorithms like MD5 or SHA-1. At that speed, your clever substitution of "@" for "a" buys you microseconds of additional security.
