Security news aggregator

Latest coverage for Exposure

Stay informed on the latest exposure risks in information security. Expert analysis, breach updates, and data leak prevention tips. Stay secure!

199 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Exposure is the condition in which a system, service, credential, vulnerability, or sensitive information is accessible or discoverable by people or systems that should not reach it. In threat modeling, it describes an attack surface or loss of control—not proof that an attacker has succeeded. Examples include an internet-facing administration interface, cloud storage with unintended permissions, a secret committed to source code, or personal data sent to an unintended recipient. Its significance depends on what is exposed, who can reach it, and which protections remain.

The primary defense is exposure reduction: maintain an accurate asset inventory, remove unnecessary public access, enforce least-privilege permissions and strong authentication, patch externally reachable software, and revoke leaked credentials or secrets. Encryption can limit the value of exposed data, but does not correct an exposed access path. Continuous scanning and log review help identify changes and support rapid containment when exposure is discovered.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 199 Filtered view
Bank Info Security 19 hours, 56 minutes ago

Lessons Learned: US Cybersecurity Agency Leaked Secrets

CISA Lauded for Fast Response, Transparency and Detailing Security RecommendationsSecure developers' use of public code repositories, monitor them for secrets and if they get exposed, have a well-tested incident response playbook at the ready. The U.S. Cybersecurity and Infrastructure Security Agency has shared these and other lessons learned after suffering a data leak.

Bank Info Security 1 week, 1 day ago

Breach Roundup: Hush, Don't Talk About the Data Breach

Also, 23andMe Breach Settlement, GitHub AI Flaw, Ubiquiti Patches Critical BugsThis week, hidden breaches, researchers exposed a GitHub AI agent flaw, an Ubiquiti critical flaw, a ColdFusion flaw, a growing Chinese ORB, U.K. government FortiBleed exposure, 23andMe victims get $46.75 million, 3.8 million affected by Medtronic breach and Cerner's 2025 victim count went up.

Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.

Investigators Found Months of Unchecked Database Scraping ActivitySouth Korea's privacy regulator fined Coupang a record 624.7 billion won after concluding that weak authentication controls, insider access abuse, evidence destruction and unauthorized data collection contributed to the exposure of personal information belonging to 33.7 million people.

Bank Info Security 1 month ago

Geopolitics Is Now a Cybersecurity Problem

UCL's Melanie Garson on Anti-Fragility, Supply Chain Risk and AI AdoptionGeopolitical exposure has quietly moved to the front of the security agenda, and most organizations are only now realizing how little they understand about where their risks originate, says Melanie Garson, associate professor of international security at UCL.

Also: Zcash Patches Flaw, $32M Humanity Protocol HackThis week, a key player in a $97M laundering scheme got prison time, Humanity Protocol suffered $32M in losses, Zcash patched a flaw, the EU targeted crypto platforms tied to Russia, authorities froze $3.8M in illicit funds and researchers exposed a Trezor chip weakness.

Bank Info Security 1 month, 1 week ago

Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks

IBM False Claims Act Plaintiff Alleges Years of Hidden Security FailuresA former IBM vice president of threat intelligence alleged IBM and AT&T failed to implement basic security controls and obtained major government contracts despite unresolved cybersecurity deficiencies that potentially exposed sensitive federal data.

Bank Info Security 1 month, 3 weeks ago

Socket Raises $60M for Wider Software Supply-Chain Defense

Funding at $1B Valuation Will Expand Controls Across Developer and AI EcosystemsSocket raised $60 million in a Thrive Capital-led Series C at a $1 billion valuation to expand its supply-chain security platform beyond package managers as AI coding tools increase enterprise exposure to malicious dependencies, browser extensions and developer tooling.

Bank Info Security 1 month, 3 weeks ago

ISMG Editors: The Governance Questions Haunting OpenAI

Also: Rethinking SASE and AI's Impact on the Cyber WorkforceIn this week's panel, four ISMG editors discussed what the Musk vs. Altman trial exposed about OpenAI's governance program, how AI is reshaping the way enterprises think about security and why Cisco, Cloudflare, Arctic Wolf and other firms are redesigning their workforces for the AI era.

Bank Info Security 1 month, 4 weeks ago

Only a Handful of CVEs Mattered for Supply Chain in 2025

Is the Vulnerability Exposed and Easily Exploitable?Not all supply chain vulnerabilities are alike. Between the exploding volume of new CVEs and the number of actual mass attacks, there lies a sweet spot of just dozens of vulnerabilities to quickly patch to head off risk. No company is able to address every new vulnerability.

Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI RisksSecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities.

Akamai Says Startup LayerX's Browser Telemetry Will Strengthen Access DecisionsAkamai said its proposed $205 million acquisition of LayerX will add enterprise browser security and AI usage controls to its zero trust portfolio as enterprises grapple with generative AI data exposure, autonomous AI agents and growing demand for browser-level visibility.

Chuck Robbins Warns Customers Face Growing Exposure From Equipment Past SupportCisco is embedding Anthropic's Claude Mythos Preview into internal security operations to test code, accelerate patching and push infrastructure upgrades, even as it lays off 4,000 employees to redirect spending toward AI, silicon, optics and security.

An On Demand video from ID DatawebScattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.

ICO Warns Key Security Gaps Led to Exposed Data of Over 630,000 PeopleA British regulator said a major water sector organization failed to use establish cybersecurity safeguards to secure sensitive data, allowing hackers to use a phishing campaign to gain persistence, steal records and expose more than 630,000 sensitive records.

Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail SentenceThis week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.

Bank Info Security 2 months, 1 week ago

Proof of Concept: Anatomy of a Breach - the Aftermath

Blackbaud's Attorneys Jon Olson and Ron Raether on Legal Risk, Trust and RecoveryIn part three of the Anatomy of a Breach series, attorneys Jon W. Olson and Ron Raether examine what happens in the aftermath of a breach crisis. The experts discuss legal exposure, regulatory scrutiny and how early decisions can shape long-term trust, litigation outcomes and recovery.

Bank Info Security 2 months, 1 week ago

Allianz Hands Commercial Cyber Insurance Unit to Coalition

Allianz Retains Risk Exposure While Outsourcing Cyber Insurance OperationsAllianz will transition operational control of its standalone commercial cyber insurance business to Coalition, combining the insurer's global distribution and balance sheet with Coalition's cyber underwriting, monitoring and incident response capabilities in a long-term strategic partnership.

Loading more headlines...