#fema-breach
#fema-breach

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

fromLos Angeles Times

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromBusiness Matters

Information security

5 IT Mistakes That Still Catch Small Businesses Off Guard

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.

fromTNW | Eu

21 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

fromLos Angeles Times

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

Healthcare IT Platform CareCloud Probing Potential Data Breach

CareCloud experienced a cybersecurity incident that may have compromised patient information, but the impact is believed to be limited and manageable.

fromTNW | Eu

21 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

more#cybersecurity

#fbi

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

fromAdvocate.com

Privacy professionals

How the Kash Patel hack turned a college-linked username into a security warning

Privacy professionals

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

fromAdvocate.com

How the Kash Patel hack turned a college-linked username into a security warning

FBI Director Kash Patel's personal email was hacked, exposing over 300 emails and photos, raising concerns about digital security and identity management.

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

Threat actors accessed FBI Director Kash Patel's personal email, but no government information was compromised.

As DOJ prepares to share state voter data with DHS, a key privacy officer resigns

The DOJ is acquiring sensitive voter registration data, raising privacy concerns, as a key privacy officer resigns amid ongoing legal challenges.

Cryptocurrency

fromnews.bitcoin.com

23 hours ago

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

#privacy

Privacy technologies

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Privacy technologies

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

Intellectual property law

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

more#openclaw

Tech bills of the week: Limiting adversaries' access to US tech; and boosting cyber apprenticeships

New legislation aims to strengthen U.S. export controls on sensitive technologies to prevent adversaries from exploiting them for economic gain.

fromFast Company

FEMA official says he was "teleported" to a Waffle House-and won't back down

Gregg Phillips described feeling his car being 'lifted up' and relocated into a ditch, and later found himself at a Waffle House miles away from his previous location.

Washington DC

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

Nacogdoches Memorial Hospital notified 250,000 individuals of a data breach compromising personal and health information.

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

Nacogdoches Memorial Hospital notified 250,000 individuals of a data breach compromising personal and health information.

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

fromHarvard Business Review

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.

New contract for background investigations raises concerns about scale and risk

DCSA is modernizing its Case Processing Operations Center to enhance background investigations and incorporate Continuous Vetting for national security.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Business intelligence

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

Remote teams

Security contractor blew the whistle on shabby support crew

Brad, a security contractor, faced challenges with antivirus alerts while working in a labor hire company's office without proper IT support.

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.

Python

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

5 hours ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Trump wants to slash $707M from CISA's budget

CISA faces a proposed $707 million budget cut, risking national cybersecurity and critical infrastructure management.

DevOps

fromComputerWeekly.com

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

World politics

fromThe Cipher Brief

National Security Starts at Home - Not on the Battlefield

National security relies on enduring internal capacity rather than just accumulated hard power or visible instruments of power.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

President's budget proposes folding beleaguered DHS intelligence office into headquarters

The Department of Homeland Security's intelligence office faces consolidation and potential workforce reductions under Trump's proposed budget for 2027.

Online Community Development

HHS reverses Biden-era restructuring of its IT and tech operations

HHS Chief Information Officer Clark Minor stated that consolidating the CTO, CDO, and CAIO roles within his office allows the department to move faster on shared platforms and protect systems more effectively.

Healthcare

2 weeks ago

When disaster strikes, census data can help show who is in harm's way

The U.S. Census Bureau's OnTheMap for Emergency Management tool helps officials quickly estimate population and workforce data in disaster-affected areas to guide emergency response and recovery efforts.

Artificial intelligence

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromWIRED

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The public Quizlet set contained information about alleged codes for specific facility entrances. 'Checkpoint doors code?' asked one card, with a specific four-digit combination listed in response.

Privacy professionals

#government-shutdown

fromThe New Yorker

US politics

What Did the Partial D.H.S. Shutdown Accomplish?

fromwww.aljazeera.com

US Homeland Security shutdown to stretch on, despite Senate passing funding

The House has not voted on the Senate bill, prolonging the partial government shutdown affecting DHS funding and federal workers.

fromThe New Yorker

What Did the Partial D.H.S. Shutdown Accomplish?

Democrats faced challenges in funding negotiations, leading to multiple government shutdowns and unresolved immigration enforcement issues.

fromwww.aljazeera.com

US Homeland Security shutdown to stretch on, despite Senate passing funding

The House has not voted on the Senate bill, prolonging the partial government shutdown affecting DHS funding and federal workers.

more#government-shutdown

fromenglish.elpais.com

The partial shutdown of the Department of Homeland Security: What's next, and Trump's deadline

Congress is deadlocked over immigration funding, leading to the longest partial shutdown of the Department of Homeland Security in U.S. history.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

#cyberattack

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

fromTechRepublic

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.

fromTechRepublic

Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks

Hasbro experienced a cyberattack that forced parts of its systems offline, potentially leading to weeks of operational impact.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

more#cyberattack

fromComputerWeekly.com

Irish government launches CNI resilience plan | Computer Weekly

The Irish government has launched a National Strategy to enhance the resilience of critical entities against cyber attacks and disruptions.

fromSilicon Canals

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

#ai-security

fromTNW | Corporates-Innovation

16 hours ago

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

fromTNW | Corporates-Innovation

16 hours ago

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

more#ai-security

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

fromFEDweek

Agencies Need More Complete Guidance on Privacy Considerations of AI Use, Says GAO

GAO identifies gaps in AI guidance, highlighting risks and the need for comprehensive privacy protections in agency implementations.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromMedCity News

2 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

US news

2 months ago

This Website Exposed ICE Data - Now, It's Faced a Cyberattack

A publicly accessible ICE List database exposes PII for roughly 4,500 federal ICE agents and supervisors and recently suffered a DDoS attack reportedly originating from Russia.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

fromComputerworld

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

fromInfoQ

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

fromComputerWeekly.com

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Ministry of Finance portal still offline following cyber incident

The Mijn Schatkist portal is offline due to a cyber incident, affecting 1,600 institutions' access to balances and reports.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromEntrepreneur

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

Security Leaders Share Thoughts on Foster City Cyberattack

Foster City declared a state of emergency due to a ransomware attack, highlighting vulnerabilities in municipal IT infrastructure and the need for better funding and security.

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

1 month ago

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA added four actively exploited high-severity vulnerabilities to its KEV catalog, including Chrome use-after-free, TeamT5 arbitrary upload, Zimbra SSRF, and Windows ActiveX RCE.

1 month ago

Understanding Breaches Before and After They Happen: What Every Organization Should Know

Most security breaches result from neglected fundamentals—human error, unpatched systems, weak authentication, and poor network segmentation—rather than advanced, novel exploits.