Massive Data Exposure Affects Over 200 Million US Citizens In a significant breach of security, more than 200 million records containing sensitive information about US residents were left unprotected in an unsecured online database. The database, hosted on Google Cloud, required no password or authentication for access, making it vulnerable…
Government, Industry Specific European Cybersecurity Agency Takes on Role in CVE Program Akshaya Asokan (asokan_akshaya) • November 20, 2025 Image: ENISA/Shutterstock/ISMG The European Union Agency for Cybersecurity (ENISA) is set to enhance its role in overseeing vulnerability announcements throughout the EU. This development follows ENISA’s recognition as a…
The incident involved applications published by Gainsight that connect to Salesforce. Incident Overview Salesforce is currently investigating a data breach that has potentially compromised customer information through applications developed by Gainsight, a notable provider of customer relationship management tools. In a statement, Salesforce indicated that the breach involved “Gainsight-published applications…
On Friday, Google took significant steps to address another actively exploited zero-day vulnerability in its Chrome browser. This marks the second such fix in just a month, underscoring the ongoing risks present in web browsing environments. The release of Chrome version 89.0.4389.90 for Windows, Mac, and Linux is expected to…
Recent Cybersecurity Developments: Allegations of Export Control Violations In a notable legal proceeding, recent allegations have emerged regarding an individual identified as Li, who is accused of engaging in illegal activities tied to the export of restricted technology. Authorities revealed that text messages retrieved from Li suggest he was boasting…
In a significant incident reported recently, Virgin Media, a UK-based telecommunications provider, announced a data leak that has compromised the personal information of approximately 900,000 customers. This revelation coincided with similar news from US-based telecom giant T-Mobile, which also disclosed a security breach involving its own data. Contrary to the…
3rd Party Risk Management, Cybercrime, Fraud Management & Cybercrime Salesforce Revokes Gainsight Authentication Tokens Akshaya Asokan (asokan_akshaya) • November 20, 2025 Image: The Bold Bureau/Shutterstock Salesforce, a leading customer relationship management platform based in the United States, has informed customers of potential data theft by hackers exploiting vulnerabilities in a…
On Thursday, the Securities and Exchange Commission (SEC) announced the dismissal of its case against SolarWinds and its Chief Information Security Officer, Tim Brown, in relation to the company’s response to a significant Russian cyberespionage campaign that was revealed in 2020. This incident affected at least nine federal agencies and…
A significant vulnerability has been identified in Magento, with threat actors exploiting this flaw to implant a persistent backdoor in e-commerce platforms. This attack leverages the CVE-2024-20720 vulnerability (CVSS score: 9.1), categorized by Adobe as indicative of “improper neutralization of special elements,” which can lead to arbitrary code execution. The…
