Sophos Firewall zero-day bug exploited weeks before fix
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...]
Stay informed on the latest data breach incidents and security breaches. Protect your information with our up-to-date breach news and analysis.
Search across headline titles and summaries.
Background for this topic.
Breach means unauthorized access to a computer system or network that exposes or steals sensitive data like personal details, passwords, or proprietary information. Attackers often exploit software flaws, weak passwords, or social engineering to gain entry. Breaches can also result from insiders misusing access or accidental data exposure.
Understanding breaches is crucial because they reveal weaknesses in security controls and can lead to data theft or operational disruption. Effective defenses include promptly patching vulnerabilities, enforcing strong authentication, and segmenting networks to limit attacker movement. Detecting breaches quickly through monitoring and logging helps contain damage and guide targeted remediation efforts to secure affected systems and data.
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...]
Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don't have the financial resources to recover if they
Attackers gained access to private account details through an email compromise incident that occurred in April.
An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks
Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. [...]
Employee email compromise potentially exposed patients' medical information, including lab test results and dates of services.