Security news aggregator

Latest coverage for Compromise

Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.

Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.

Showing 20 most recent headlines of 24 Filtered view

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how Microsoft Defender detected, blocked, and unraveled the attack. The post From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence appeared first on Microsoft Security Blog.

Bank Info Security 1 month, 3 weeks ago

Liberty Mutual Sued Over Alleged Everest Group Data Theft

Incident Comes Months After NYS Fined Liberty Mutual $2M in Other HacksInsurance carrier Liberty Mutual is facing proposed class action litigation filed by policyholders who allege their sensitive information was compromised in an April data theft claimed by cybercrime gang Everest Group. The incident is the company's latest data security related troubles.

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers' systems was hacked in the

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft appeared first on Microsoft Security Blog.

GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the […] The post GitHub says internal repositories were impacted in poisoned VS Code extension attack appeared first on CyberScoop.

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world

Bank Info Security 1 month, 4 weeks ago

Public NYC Health System Notifying 1.8M of Hack

Incident Involved an Unnamed Third-Party VendorNew York City's municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints.

Bank Info Security 1 month, 4 weeks ago

Patched OpenClaw Flaw Let Hackers Hijack AI Agents

Chainable Bugs Enable Credential Theft, Persistence, TakeoverFour chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent's own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23.

The Hacker News 1 month, 4 weeks ago

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Loading more headlines...