GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
CRM Data Theft Tied to OAuth Tokens Stolen From Third-Party Market Intelligence AppSalesforce disabled connections to its customer relationship management environment from third-party app Klue Battlecards as a response to a "security incident." Attackers breached Klue's platform, generated OAuth tokens for Salesforce and stole data, now being held to ransom.
Diagnostics Lab Reported 10.3M Patients Affected by Collection Agency's HackMedical laboratory testing giant Labcorp has agreed to pay $35 million to settle class action litigation stemming from a 2018 hacking incident on now-defunct American Medical Collections Agency. Labcorp reported the vendor breach in 2019 as affecting nearly 10.3 million patients.
Back-Office Servicer's Breach Estimate Has More Than Doubled Since FebruaryThe victim tally in back-office services firm Conduent Business Services' 2024 hack has more than doubled to over 62.2 million individuals, from an earlier estimate of "25 million plus." The incident is now on track to be at least the third-largest health data breach ever reported to regulators.
Breach Is Among Several Recent Major Incidents Involving Billing Software ProvidersA publicly traded cancer treatment firm notified investors that a yet-undisclosed number of patients' information was compromised in a 2025 cybersecurity incident involving a third-party billing software vendor. The Oncology Institute provides cancer treatment care to nearly 2 million patients.
The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was […]
Separate Breach Details Can Bleed Into Each Other, Incident Responders FindCybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security incident can contaminate a report into a separate incident, if both get drafted using the same AI tool in the same session, researchers warn.
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised
Incident Involved an Unnamed Third-Party VendorNew York City's municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints.
Patch Rollout Slows and Ransomware Incident Volume Rises, Finds Latest Verizon DBIRThe frequency of hackers exploiting vulnerabilities in hardware and software to gain initial access to a victim's environment continues to surge, and half of all successful breaches also now involve some type of "ransomware action," according Verizon's 2026 Data Breach Investigations Report.
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised identity into a cloud-wide breach appeared first on Microsoft Security Blog.
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase
State Insurance Officials Seeking Details About Service Firm's Mega Data BreachMissouri regulators are widening their investigation into the 204 hacking incident at Conduent Business Services, alleging that the company has stonewalled the state's attempts to obtain information about the data breach, which is estimated to affect more than 25 million people nationwide.
Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats Real estate giant Cushman & Wakefield has confirmed a data breach after two cybercrime groups, ShinyHunters and Qilin, separately claimed responsibility for attacks on the company.…
BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incident. The article has been retracted, and we regret the error. [...]
Instructure, the company behind the widely used Canvas learning platform, has disclosed a security incident after a social engineering attack allowed hackers to access data in its Salesforce instance. [...]
Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. [...]
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems
Gov admits 'incident' as forum sellers boast of fresh haul covering up to a third of the population France's National Agency for "Secure" Documents is explaining a potential data spill just as crooks online claim they've nicked a third of the country's ID information.…
Cloud app developer Vercel appears to have suffered a security breach