LATEST POST
Meta admits to Instagram password reset mess, denies data leak
The Register reports: Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem led to theft of users’ personal information. Last Friday, security software vendor Malwarebytes claimed “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, […]
Patients notified months after Canopy Healthcare cyber incident
DigWatch reports: Canopy Healthcare, one of New Zealand’s largest private medical oncology providers, has disclosed a data breach affecting patient and staff information, six months after the incident occurred. The company said an unauthorised party accessed part of its administration systems on 18 July 2025, copying a ‘small’ amount of data. Affected information may include patient records, […]
Hackers abuse Google Cloud to send trusted phishing emails
Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud. The result was thousands of phishing messages that looked and felt like […]
Cloud file-sharing sites targeted for corporate data theft attacks
BleepingComputer reports: A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices. […]
HIPAA Compliance and Breach Communications: Helpful Tips for SMBs
An article by DataBreaches.net in collaboration with North Country Communications, LLC On December 15, North Country Communications launched as a consultancy dedicated to helping small and mid-sized HIPAA-regulated entities comply with HIPAA’s privacy, security, and breach notification requirements. DataBreaches took the opportunity to interview its founder, Rachel Klugman Seeger, about the services she provides to clients through on-site or […]
Third-Party Data Breaches: What You Need to Know
Sarah Hemmersbach or Mitratech Holdings writes: A third-party data breach occurs when malicious actors compromise a vendor, supplier, contractor, or other organization to gain access to sensitive information or systems of the victim’s customers, clients, or business partners. Third-party data breaches are becoming increasingly common as technology makes it easier for businesses to connect and […]
The biggest cybersecurity and cyberattack stories of 2025
BleepingComputer recaps what they view as the 15 biggest cybersecurity and cyberattack stories of 2025. Four of the 15 involve ShinyHunters or the ScatteredLapsus$Hunters collective. Among other stories: In 2025, ClickFix attacks became widely adopted by numerous threat actors, including state-sponsored hacking groups and ransomware gangs. What started as a Windows malware campaign, quickly expanded to macOS and […]
Responding to a Data Breach
From an article in The Financial Poise: When a business gets the call that something has gone wrong with its data, the first instinct is usually panic. Systems are slow, employees are confused, and leadership wants answers immediately. But as cybersecurity incidents become a routine part of modern business life, the difference between companies that […]