Experts say it’s a useful post-compromise tool, for those with the brain cells required to put it together
Latest coverage for Compromise
Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.
Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.
Volume over time
Weekly headline count for the current query.
AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data
Third-party contractor compromise exposed health information and insurance billing passwords
Gizmodo readers hit with ClickFix malware prompts after account compromise
Infosec buffs say Windows users could have been infected with a nasty trojan, while Mac users got off lightly
VRChat says somebody faked a breach notice with the Maine AG's office
'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.'
Apple’s iOS 27 goes all agentic on compromised passwords, promises to change them with one tap
iBiz might not win the AI race, but analysts say it's focusing on features people may actually use
France probes compromise of gov messaging platform after account hijack
Authorities say the breach only exposed public chat rooms, but alleged attacker claims to have accessed far more data
Russian spy agency says foreign spies turned officials' smartphones into surveillance devices
FSB claims large-scale snoop op compromised phones of senior officials, but gives no technical evidence to back allegations
GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying
A database containing 64,000 user records was published to GitHub after an attacker claimed to have compromised all Atlas systems
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines
Worm rubs out competitor's malware, then takes control
All your compromised credentials are belong to us now instead of the other gang
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn
All the Typhoons, everywhere, all at once A majority of China-linked threat actors are using compromised routers and IoT devices worldwide, turning this gear into proxy networks to carry out further intrusions, steal sensitive data, and disrupt victim organizations’ operations, according to a joint 10-country advisory.…
Another npm supply chain worm is tearing through dev environments
Plus, the payload references 'TeamPCP/LiteLLM method' Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap with the open source infections attributed to TeamPCP last month.…
Next.js developer Vercel warns of customer credential compromise
Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blamed an outfit called Context.ai for the mess.…
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
Time to start dropping SBOMs FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won't know the full blast radius for months.…
Months-old Adobe Reader zero-day uses PDFs to size up targets
Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.…
NHS Scotland-linked domains caught serving pr0n and dodgy sports streams
Two practice web addresses appear to have been compromised Multiple domains belonging to Scottish healthcare providers have been hijacked and are now pushing links to adult content and illegal sports streams, according to a researcher.…
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
200 orgs and 5,000 devices compromised so far in Vlad's latest intelligence grab, Microsoft reckons The UK's National Cyber Security Centre (NCSC) has issued a fresh warning about Russia's ongoing targeting of routers to steal passwords and other secrets.…
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
First public downstream victim, but won't be the last AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.…
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios Updated One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."…