When the federal agency that directs organizations and agencies to quickly attend to vulnerabilities and breaches has its own breach, people notice. Brian Krebs reports: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA […]
Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third‑party vendor, exposed personal details. Security Affairs reports: Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third‑party analytics […]
The Eastern Herald reports: A critical error in Microsoft’s flagship security platform has sent shockwaves across the global cybersecurity community, after Microsoft Defender wrongly flags DigiCert certs as Trojan, triggering widespread panic among enterprises and system administrators. The issue emerged in early May 2026, when a faulty security intelligence update caused Defender to misidentify trusted DigiCert […]
Security Week reports that Instructure is the latest edtech firm to fall prey to hackers. Based in Salt Lake City, Utah, the edtech firm is best known for Canvas, one of the most widely used learning platforms across educational institutions and other organizations. Disclosed on April 30, the cyberattack was blamed for “disruption to tools […]
DEFCROS News reports: Senators Maggie Hassan and Jim Banks are pressing for answers from Navigate360 following a cyberattack that reportedly compromised sensitive student data from school safety tip lines. The incident has raised significant concerns about the security of information intended to protect students and the integrity of the systems designed to facilitate anonymous reporting. […]
Rhode Island Current reports that the state has settled with Deloitte, the contractor responsible for the RIBridges data breach. A $7 million handshake between the Rhode Island Department of Administration and global consultancy Deloitte over the latter’s role in the 2024 RIBridges data breach has brought the state’s total windfall to $12 million for the […]
DysruptionHub reports: A cybersecurity event has disrupted calibration systems at Des Moines, Iowa-based Intoxalock since March 14, leaving some court-ordered ignition-interlock customers unable to complete required service visits and risking compliance penalties, the company said. Intoxalock said it is investigating and posting rolling updates on its public status page. Ignition interlock devices are typically mandated […]
Aura, a company that sells identity theft protection, has confirmed a data breach that exposed roughly 900,000 customer records containing names and email addresses. The breach was carried out via a phone phishing attack by ShinyHunters, the same group behind high-profile hacks at AT&T and Salesforce. Aura has confirmed a data breach that resulted in customer records […]
ExpressVPN researcher Jeremiah Fowler writes: I recently discovered 3 separate publicly exposed databases that were not password-protected nor encrypted. The databases contained a total of 3.7 million chat log transcripts, audio recordings, and text transcriptions of phone calls ranging from 2024-2026. In a limited sample of the exposed documents I reviewed as part of the […]
Freedom For All Americans recaps what is known so far about a Conduent Business Solutions data breach that could wind up affecting many more Americans than what has already been disclosed: A cyber intrusion inside Conduent stretched for nearly 3 months, from October 21, 2024, to January 13, 2025, and ended up pulling personal and […]
