Stay informed on database security trends, breaches, and best practices in information security with our comprehensive news and updates.
Search across headline titles and summaries.
Background for this topic.
Database is a structured collection of data, often stored and accessed electronically from a computer system. Within the context of information security, securing a database is critical as it may contain sensitive information, personal data, and valuable intellectual property. Security measures for databases include implementing access controls to ensure only authorized individuals can retrieve or manipulate the data, encrypting data both at rest and in transit to prevent unauthorized interception, and regularly patching and updating database management software to protect against vulnerabilities. Additionally, security professionals monitor databases for unusual activities that could indicate a breach, such as unexpected access patterns or changes to the data, ensuring integrity and confidentiality of the data housed within.
Weekly headline count for the current query.
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases
A database containing 64,000 user records was published to GitHub after an attacker claimed to have compromised all Atlas systems
It is the database titan’s sixth acquisition announcement since June 2025
It is the database titan’s sixth acquisition announcement since June 2025
19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage […]
A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories that usually grab headlines. There’s no slick branding, no leak-site countdown, no gang posting memes on Telegram. In most cases, there’s just a […]
A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor is adverertising a purported database containing data of 340 million OnlyFans users, but the available evidence points to something less dramatic than a direct breach. According to HackRead, which reported the […]
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]
Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.
Relax, the data's been recovered. Continue with your vibe coding
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. [...]
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents
Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos.A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say.
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions
NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs
The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation. The post NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities appeared first on CyberScoop.
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases
The Senate Democrat said that the SSA following Trump’s executive order would indicate “willing participation” in the administration’s midterm elections scheme. The post Wyden warns Social Security chief: Trump’s voter database is ‘blatant voter suppression’ appeared first on CyberScoop.