#exposed-credentials
#exposed-credentials

France news

Warning over cyber-attack on French government's ANTS platform

Careers

Advance Your Cybersecurity Career

Privacy professionals

Crook claims to leak 'video surveillance footage' of firms

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

12 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Stolen credentials remain the primary entry point for attackers, despite advancements in cybersecurity.

France news

fromThe Local France

Warning over cyber-attack on French government's ANTS platform

Hackers accessed personal details of users on the French government's ANTS platform, prompting warnings about potential phishing scams.

Careers

Advance Your Cybersecurity Career

Degrees and certifications in cybersecurity indicate foundational knowledge but hands-on experience and skills are more critical for success.

Crook claims to leak 'video surveillance footage' of firms

Be Prime confirmed a cybersecurity incident involving alleged access to its surveillance footage and client data by a criminal hacker.

AI-pwned: Vercel breach traced to stolen employee creds

Vercel's CEO suspects AI aided attackers in a breach that exploited a compromised employee account and non-sensitive environment variables.

12 hours ago

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA added eight new vulnerabilities to its KEV catalog, including critical flaws in Cisco Catalyst SD-WAN Manager, indicating active exploitation.

more#cybersecurity

9 hours ago

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

fromTechCrunch

3 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Law

Third ransomware pro pleads guilty to cybercrime U-turn

Angelo Martino pleaded guilty to aiding the ALPHV/BlackCat ransomware gang in extorting US businesses.

fromTechCrunch

3 hours ago

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Company has more than 2m stolen from account following cyber attack

Future Energy Capital Limited lost over €2m due to a cyber attack last October.

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

DevOps

fromwww.bankingdive.com

How proactive DEX strengthens IT compliance in financial services

Proactive DEX management helps financial services organizations address compliance challenges by continuously monitoring and improving the digital workplace.

Mental health

fromSmashing Magazine

Session Timeouts: The Overlooked Accessibility Barrier In Authentication Design - Smashing Magazine

Poor session timeouts create significant accessibility barriers for users with disabilities, impacting their online experiences and tasks.

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

fromZDNET

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

EU data protection

fromThedrum

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

fromZDNET

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

Claude Desktop changes software permissions without consent

Claude Desktop installs files affecting other apps without consent, violating privacy laws and raising concerns about its classification as spyware.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

23 hours ago

Claude Desktop changes software permissions without consent

Claude Desktop installs files affecting other apps without consent, violating privacy laws and raising concerns about its classification as spyware.

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.

more#privacy

fromThe New Yorker

When Your Digital Life Vanishes

A broken phone or corrupted drive can mean the loss of work, evidence, art, or the last traces of the dead. But sometimes data-recovery experts can summon lost files from the void.

Digital life

#data-breach

20 hours ago

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak

Amtrak customers face data exposure due to a breach affecting millions of records, including personal and travel-related information.

19 hours ago

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

20 hours ago

Lovable denies data leak, cites 'intentional behavior'

Lovable's platform has a significant security flaw allowing free accounts to access sensitive user information, raising concerns about data protection.

Healthcare

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

Three US healthcare organizations reported data breaches affecting nearly 600,000 individuals, with significant incidents in Texas and Illinois.

Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak

Amtrak customers face data exposure due to a breach affecting millions of records, including personal and travel-related information.

19 hours ago

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

Clothing Retailer Patches Website Flaw Exposing Customer Data

A flaw in Express's website allowed unauthorized access to customer data through sequential order IDs in URLs.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

more#data-breach

#ai

fromMedium

How to mitigate the risk of AI implementation in enterprise environments

Only about 5% of AI projects deliver measurable business value despite high expectations.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

fromMedium

How to mitigate the risk of AI implementation in enterprise environments

Only about 5% of AI projects deliver measurable business value despite high expectations.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

more#ai

DevOps

Storage implications of a modern IT architecture | Computer Weekly

Organizations are increasingly using containers to modernize applications and manage both cloud-native and traditional workloads with Kubernetes.

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

11 hours ago

Adaptavist Group breach: Ransomware crew claims mega-haul

Adaptavist Group is investigating a security breach involving stolen credentials, while a ransomware group claims to have accessed extensive data.

1 hour ago

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

4 weeks ago

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Top 3 Cyber Insurance Incident Claims

Cyber incidents are increasing claims in the insurance industry despite decreasing premiums, indicating a more active risk environment.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

fromTechCrunch

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Next.js developer Vercel warns customer creds compromised

Vercel experienced a data leak due to a compromise of Context.ai, affecting customer credentials and prompting immediate action.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

more#vercel

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

10 hours ago

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

4 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

3 days ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

#identity-management

Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

more#identity-management

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

3 weeks ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

3 weeks ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Every day in every way, passwords are getting worse

Passwords remain ubiquitous, aging and increasingly vulnerable due to implementation flaws, password manager weaknesses, and AI-related risks.

3 months ago

The Hidden Risk of Orphan Accounts

Traditional IAM and IGA systems are designed primarily for human users and depend on manual onboarding and integration for each application - connectors, schema mapping, entitlement catalogs, and role modeling. Many applications never make it that far. Meanwhile, non-human identities (NHIs): service accounts, bots, APIs, and agent-AI processes are natively ungoverned, operating outside standard IAM frameworks and often without ownership, visibility, or lifecycle controls.

Information security

#password-managers

Information security

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Information security

Password managers don't protect secrets if pwned

Information security

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Information security

Password managers don't protect secrets if pwned

more#password-managers

fromEntrepreneur

How to Keep Your Company's Data Out of the Wrong Hands

Data security requires keeping sensitive data local, restricting access strictly, and holding vendors to higher standards to prevent breaches, leaks, and legal exposure.

Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms

Vulnerabilities discovered by researchers in Dormakaba physical access control systems could have allowed hackers to remotely open doors at major organizations. The security holes were discovered by experts at SEC Consult, a cybersecurity consulting firm under Atos-owned Eviden, in Dormakaba's Exos central management software, a hardware access manager, and registration units that enable entry via a keypad, fingerprint reader, or chip card.

Information security

Password Reuse in Disguise: An Often-Missed Risky Workaround

Near-identical password reuse occurs when users make small, predictable changes to an existing password rather than creating a completely new one. While these changes satisfy formal password rules, they do little to reduce real-world exposure. Here are some classic examples: Adding or changing a number Summer2023! → Summer2024! Appending a character Swapping symbols or capitalization Welcome! → Welcome? AdminPass → adminpass Another common scenario occurs when organizations issue a standard starter password to new employees, and instead of replacing it entirely, users make incremental changes over time to remain compliant.

Information security

fromWIRED

Password Managers Share a Hidden Weakness

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

Information security