Vercel Employee's AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.
Also: Fortinet Flaws, Aisuru Botnet and Dutch Police Seize Bulletproof Host ServersThis week, the root cause of the Cloudflare outage, active exploitation of Fortinet flaws, Logitech disclosed a data breach, Microsoft headed off a record-breaking botnet attack, Dutch police seized bulletproof hosting servers and Princeton University disclosed a data breach after a phishing attack.
Not Just Ransomware But Verbal Disclosure of Personal Data Common, Watchdog FindsTwo decades after California Senate Bill 1386 introduced the world to data breach notifications, organizations have collectively battened down their cybersecurity hatches and fixed the problem once and for all. Of course, I'm joking, with the results of recent data breach root cause report in hand.
A Thales report found that 44% of organizations have experienced a cloud data breach, with human error and misconfigurations the leading root causes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. [...]