#danger-assessment
#danger-assessment

5 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

fromLos Angeles Times

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

2 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

EU data protection

5 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

fromLos Angeles Times

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

2 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

19 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

19 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

more#openclaw

#data-breach

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromTNW | Artificial-Intelligence

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

more#data-breach

#fire-safety

fromRedfin | Real Estate Tips for Home Buying, Selling & More

London startup

IREX launches AI fire detection that works on existing camera networks

22 hours ago

Renovation

How to Help Prevent Fires at Home: 9 Tips Every Homeowner Should Know

fromTNW | Artificial-Intelligence

fromRedfin | Real Estate Tips for Home Buying, Selling & More

London startup

IREX launches AI fire detection that works on existing camera networks

22 hours ago

Renovation

How to Help Prevent Fires at Home: 9 Tips Every Homeowner Should Know

more#fire-safety

Business intelligence

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

#ai

Privacy technologies

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Privacy technologies

fromHarvard Business Review

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

more#ai

London politics

fromwww.theguardian.com

Overwhelmed' Prevent at risk of missing threats as referrals rise, UK counter-terror chief says

Prevent scheme faces overwhelming referrals, risking identification of genuine threats due to increased volume and lack of triage system.

Software development

Some 'broken by update' PCs were already doomed

Updates are often blamed for issues that predate them, revealing underlying problems in devices.

SF politics

fromNextgov.com

New contract for background investigations raises concerns about scale and risk

DCSA is modernizing its Case Processing Operations Center to enhance background investigations and incorporate Continuous Vetting for national security.

#data-integrity

fromComputerworld

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

fromComputerworld

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Security contractor blew the whistle on shabby support crew

Brad, a security contractor, faced challenges with antivirus alerts while working in a labor hire company's office without proper IT support.

Austin

fromFast Company

6 days ago

This new tech could help prevent future runway crashes

New runway collision warning technology could significantly enhance aviation safety by providing pilots with immediate alerts.

Women in technology

Security and Architecture: To Betray One Is To Destroy Both

Architecture and security have evolved from separate entities to a deeply connected partnership focused on resilience and protection against threats.

DevOps

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

fromFuturism

Delivery Robot Companies in Trouble as Bot Become Targets for Vandalism

Out of the company's first 80,000 deliveries the bots finished on campus, about 1,600 involved incidents of vandalism. At a cost of $2,500 per Kiwibot, the damage adds up quick.

London startup

Podcast

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.

fromAdvocate.com

Online Community Development

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.

Is Crowdsourcing Your Security Plan a Career Risk?

Crowdsourcing security plans can damage credibility if not approached intentionally.

#ai-security

Artificial intelligence

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.

Information security

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Information security

Securing agentic AI is still about getting the basics right

Artificial intelligence

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

more#ai-security

#cyberattack

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

Artificial intelligence

fromLondon Business News | Londonlovesbusiness.com

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Business

3 weeks ago

Why UK businesses are taking physical security more seriously - London Business News | Londonlovesbusiness.com

UK businesses are shifting physical security from a background facilities concern to a central risk management priority as operational complexity and vulnerabilities increase.

fromTNW | Insights

1 hour ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

21 hours ago

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

fromComputerworld

20 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

21 hours ago

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

more#claude-code

2 months ago

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

fromFortune

Mercor, a $10 billion AI startup, confirms it was caught up in a major security incident | Fortune

Mercor confirmed a security breach linked to a supply chain attack that may have exposed sensitive data of its customers.

#malware

Information security

Sophisticated CrystalX RAT Emerges

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

more#malware

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized

CISA warns of a critical vulnerability in PTC's Windchill software, with potential for exploitation despite no current evidence of attacks.

fromEntrepreneur

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

AI-powered cybercrime is a significant and growing threat to businesses, with many feeling unprotected.

fromZDNET

4 weeks ago

Information security

The biggest AI threats come from within - 12 ways to defend your organization

fromZDNET

1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

AI-powered cybercrime is a significant and growing threat to businesses, with many feeling unprotected.

fromZDNET

4 weeks ago

Information security

The biggest AI threats come from within - 12 ways to defend your organization

more#ai-cybersecurity

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

3 weeks ago

How to 10x Your Vulnerability Management Program in the Agentic Era

Agentic AI cyberattacks are actively occurring, forcing vulnerability management to evolve from static scanning to continuous, contextual, autonomous remediation systems.

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Triage failures occur when decisions are made without execution evidence, causing false positives, missed threats, and higher costs; interactive sandboxes enable evidence-backed verdicts within seconds.

Human-related security risks rose 90% in 2025

Human-related cybersecurity incidents surged 90% in 2025, driven by email-based attacks, employee mistakes, insider threats, and increasing AI and deepfake exploitation.

fromBusiness Matters

Security Convergence and The Human Error

Human error causes the majority of data breaches, driven by skill- and decision-based mistakes, employee negligence, and basic security vulnerabilities like weak passwords.

2 months ago

From vulnerability whack-a-mole to strategic risk operations

Shift security from counting vulnerabilities to strategic risk operations that prioritize exposure, value at risk, and measurable business outcomes.

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.