LATEST POST
Vercel hacked after fatal OAuth error: granting “Allow All” permissions
Cybernews reports: Vercel, a cloud platform and maintainer of Next.js, a major web development framework, has been hacked, and hackers are selling access to credentials that could help pull off “the largest supply chain attack ever if done right.” An OAuth token, granting too many permissions, became a single point of failure. Vercel acknowledged that […]
P3 Advertised 20+ Years and 0 Security Breaches. They had to reset their counter.
Will P3 wind up on a vendors not to be trusted list? DataBreaches.net reports: P3 Global Intel advertises itself as a “fully integrated and state-of-the-art tip acquisition and tip management solution that has quickly become the leading choice of Crime Stoppers Programs, Law Enforcement Agencies, Campus Safety Programs, and Federal Agency Initiatives.” 35,000 U.S. schools use P3 Campus, which […]
Old Laws, New Tricks: Connecticut Laws Apply to Artificial Intelligence
The law firm of Squire Patton Boggs writes: Connecticut Attorney General William Tong recently issued an advisory memorandum (“Advisory”) to all “State Officials, Agencies and Concerned Parties” about how existing Connecticut laws apply to artificial intelligence (“AI”). In the Advisory, Attorney General Tong hints at enforcement priorities and offers businesses a roadmap for compliance in describing how […]
Ukrainian emergency services and hospitals hit by espionage malware campaign
The Record reports: Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. Ukraine’s computer emergency response team (CERT-UA) said the activity was carried out by a group tracked as UAC-0247, which launched multiple attacks over the past two months against municipal authorities, clinical hospitals […]
California businesses have new cybersecurity obligations
Comply or risk class-action litigation? IAPP explains: Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts […]
Breach exposes sensitive LAPD files stored in city attorney system
On April 8, The Record reported: The Los Angeles Police Department on Tuesday announced that hackers gained access to a Los Angeles City Attorney’s Office digital storage system containing sensitive police documents. The LAPD described the documents as materials that had been turned over in discovery from previously resolved or settled LAPD civil litigation cases. […]
Hackers Threaten “Pay or Leak,” Kraken says “NO”
The Crypto Citizens Network reports on a somewhat different breach tactic where threat actors made a video of internal systems and threaten to leak the videos if their payment demands are not met. Kraken is standing firm that it won’t pay: In crypto, breaches usually start with code. This one didn’t. Kraken, one of the […]
Booking.com warns customers of possible data and security breach by ‘unauthorised parties’
ABC (Australia) reports: Some Booking.com customers are being warned their personal information may have been accessed by unauthorised third parties, prompting fresh concerns about the security of travellers’ data. The company operates more than 28 million accommodation listings globally, connecting travellers to hotels, apartments and other properties across hundreds of countries, as well as flights, […]