Fraud Management & Cybercrime, Governance & Risk Management, Patch Management Highlights: npm Packages Breach, FBI Fraud Alert, CISO Dismissal at Campbell’s Pooja Tikekar (@PoojaTikekar) • November 27, 2025 Image Source: Shutterstock/ISMG ISMG compiles weekly cybersecurity incidents and breaches globally. This week highlights a critical vulnerability in Oracle that is being…
Data Breach at Mixpanel Exposes OpenAI User Information A recent data breach at Mixpanel Inc., a prominent data analytics provider, has resulted in the exposure of account information belonging to some users of OpenAI Group PBC. This incident was disclosed by OpenAI on Wednesday, highlighting the potential risks associated with…
Cybersecurity Warning: Malicious Ads Target Chinese Users of Notepad++ and VNote Recent reports indicate a concerning trend wherein Chinese users searching for legitimate software such as Notepad++ and VNote are being targeted by malicious advertisements. These ads lead to fraudulent links that distribute trojanized versions of the software, culminating in…
Recent cyber operations attributed to state-sponsored Iranian threat actors underline a sustained focus on collecting sensitive information on individuals that may jeopardize the stability of the Islamic Republic. The targets include dissidents, opposition forces, supporters of ISIS, and Kurdish natives, as evidenced by two coordinated cyber campaigns. The latest findings…
DoorDash Confirms Major Data Breach Affecting Nearly 5 Million Users DoorDash, the prominent food delivery service based in San Francisco, has reported a significant data breach that affects approximately 4.9 million users, including customers, delivery workers, and merchants. The breach, which occurred on May 4, 2019, was only identified by…
Blockchain & Cryptocurrency, Cybercrime, Cybercrime as-a-Service Public-Private Collaboration Essential for Ransomware Response, Asserts Anne Neuberger Akshaya Asokan (asokan_akshaya) • November 27, 2025 Anne Neuberger, former Deputy NSA for Cyber and Emerging Technologies, White House (Image: ISMG) At a recent event in London, Anne Neuberger, former Deputy National Security Adviser for…
In a significant breach impacting user trust, OpenAI recently alerted its API platform users about a data exposure event linked to third-party analytics provider Mixpanel. On November 27, 2025, OpenAI disclosed that unauthorized access to Mixpanel’s systems on November 9 resulted in the leak of sensitive data, including names, email…
In a significant development for WordPress users, a critical security vulnerability has been identified in miniOrange’s Malware Scanner and Web Application Firewall plugins, prompting an urgent recommendation for website owners to uninstall these tools. The detected flaw, designated as CVE-2024-2172, scores a staggering 9.8 on the CVSS scale, representing a…
In a significant cybersecurity incident, hackers infiltrated the computer system of a water treatment facility in Florida, manipulating sodium hydroxide (NaOH) levels in the water supply. This breach, which starkly highlights vulnerabilities in critical infrastructure, occurred on February 5 and involved remote access to the facility’s operational controls. During a…
