Security news aggregator

Latest coverage for Compromise

Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.

232 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.

Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 232 Filtered view
Bank Info Security 16 hours, 54 minutes ago

CISA Adds FortiSandbox Bugs to KEV Catalog

Agencies Have Until Sunday to Patch Two Critical Command Injection FlawsCISA added two critical FortiSandbox command injection vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active attacks. Experts warn that unauthenticated remote code execution could let attackers compromise malware analysis systems and pivot deeper into enterprise networks.

Bank Info Security 1 day, 9 hours ago

Trump Revives Debunked Election Hacking Claims

Courts, Audits and Federal Agencies Found No Evidence 2020 Votes Were AlteredU.S. President Donald Trump used a primetime address Thursday night to allege that China carried out a sweeping compromise of American voter data and to revive doubts about the 2020 election, while stopping short of claiming any votes were changed.

Bank Info Security 4 days, 15 hours ago

Jscrambler npm Breach Exposes Developers to Malware

Malware Harvested Cloud Credentials, Source Code and Deployment TokensAttackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.

Microsoft-Owned GitHub, Which Runs npm, Previews Supply-Chain Security FixesThe popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation pipelines, has been poisoned by attackers, and Microsoft-owned GitHub has advised all developers to downgrade Mastra, pending compromised packages being found and eradicated.

Threat Actor Silently Forwarded Sensitive Emails Matching Strategic TopicsGoogle says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection.

Novo Nordisk Breach Involved 'Copying' of Patient, Healthcare Provider InfoA hack on Danish pharmaceutical manufacturer Novo Nordisk has compromised some patients' clinical trial information, the maker of popular weight loss and diabetes treatment drugs including Wegovy and Ozempic said. The company is working to bring affected IT systems back online.

Bank Info Security 1 month, 1 week ago

Femtech Can't Afford to Get AI Trust Wrong

Laure Lydon of Flo Health on Securing AI Without Compromising TrustTrust in femtech isn't a feature. It's the foundation. Laure Lydon, vice president of security at Flo Health, makes the case for embedding privacy and security into AI development from day one, not as an afterthought. Firms must evaluate potential risks before systems are built, she said.

Bank Info Security 1 month, 1 week ago

Identity Scams Evolve Into Multi-Stage Attacks

Victims Increasingly Face Multiple Compromises From a Single IncidentIdentity theft scams are increasingly unfolding as coordinated, AI-assisted attack chains that begin with phishing or impersonation escalate into account takeovers, device compromise and broader fraud, according to the Identity Theft Resource Center.

Bank Info Security 1 month, 1 week ago

Miasma Worm Hits Microsoft's AI Coding Ecosystem

Attackers Compromised More Than 70 Microsoft Repositories in Under 2 MinutesAttackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale.

Bank Info Security 1 month, 2 weeks ago

23andMe Failed to Stop Months-Long Hack, State Alleges

Calif. Lawsuit: Genetics Testing Firm Missed Red Flags Before Massive 2023 BreachHackers in 2023 went undetected for five months in genetics testing firm 23andMe's IT systems, despite multiple unheeded warning signs, alleges California's attorney general in a lawsuit. Hackers in late April 2023 began accessing 23andMe's systems by using compromised credentials.

Bank Info Security 1 month, 2 weeks ago

Connecticut Medicaid Portal Hack Affects Thousands

Attackers Attempted to Reroute Hospital Medicaid ReimbursementsA hack on a Connecticut Medicaid web portal involving compromised credentials of a healthcare provider has affected the payment account and other information for about 22,500 patients. The data theft is the latest breach involving a healthcare related web portal hack. Why does this keep happening?

Bank Info Security 1 month, 3 weeks ago

GitHub Tells Self-Hosted Admins to Rotate Keys

Company Pushes Key Rotation After 3,800 Repositories CompromisedHacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a May 18 incident involving a poisoned VS Code extension used by an employee. GitHub CISO Alexis Wales in a Tuesday update said the repository is rotating all keys.

Bank Info Security 1 month, 3 weeks ago

Oncology Firm Says Vendor Hack Compromised Patient Data

Breach Is Among Several Recent Major Incidents Involving Billing Software ProvidersA publicly traded cancer treatment firm notified investors that a yet-undisclosed number of patients' information was compromised in a 2025 cybersecurity incident involving a third-party billing software vendor. The Oncology Institute provides cancer treatment care to nearly 2 million patients.

Bank Info Security 1 month, 3 weeks ago

Liberty Mutual Sued Over Alleged Everest Group Data Theft

Incident Comes Months After NYS Fined Liberty Mutual $2M in Other HacksInsurance carrier Liberty Mutual is facing proposed class action litigation filed by policyholders who allege their sensitive information was compromised in an April data theft claimed by cybercrime gang Everest Group. The incident is the company's latest data security related troubles.

Bank Info Security 1 month, 4 weeks ago

Public NYC Health System Notifying 1.8M of Hack

Incident Involved an Unnamed Third-Party VendorNew York City's municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints.

Bank Info Security 1 month, 4 weeks ago

Patched OpenClaw Flaw Let Hackers Hijack AI Agents

Chainable Bugs Enable Credential Theft, Persistence, TakeoverFour chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent's own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23.

Bank Info Security 2 months, 2 weeks ago

Germany Caught Up in Likely Russian Signal Phishing

Governments Have Long Warned About Kremlin Social Engineering HacksSignal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

Bank Info Security 2 months, 3 weeks ago

Cloudsmith Raises $72M for Software Supply-Chain Security

Recent Package Compromises Pushed Software Component Trust to the Security AgendaCloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.

Loading more headlines...