The Breach News

Identifying Cybersecurity Gaps in IaC and PaC Tools Poses Risks for Cloud Platforms

Cybersecurity Alert: New Vulnerabilities in Infrastructure-as-Code Tools Exposed Recent disclosures from cybersecurity researchers reveal alarming vulnerabilities in infrastructure-as-code (IaC) and policy-as-code (PaC) tools, specifically targeting HashiCorp’s Terraform and Styra’s Open Policy Agent (OPA). These findings suggest that attackers are leveraging specialized domain-specific languages (DSLs) to infiltrate cloud platforms and exfiltrate…

Read MoreIdentifying Cybersecurity Gaps in IaC and PaC Tools Poses Risks for Cloud Platforms

Last Chance to Claim Up to $7,500 from the AT&T $177 Million Data Breach Settlement – MSN

Deadline Approaches for AT&T Data Breach Settlement Claims Business owners and concerned parties impacted by the recent AT&T data breach should take note: the window for claiming up to $7,500 from the settlement of this significant incident is closing. The breach, which has resulted in a sizable $177 million settlement…

Read MoreLast Chance to Claim Up to $7,500 from the AT&T $177 Million Data Breach Settlement – MSN

Atlassian Confluence Vulnerability Exploited for Ransomware and Crypto Mining Deployment

A critical security vulnerability in Atlassian’s Confluence Server and Data Center products has recently been exploited in active cyberattacks, leading to the deployment of cryptocurrency miners and ransomware. The flaw, identified as CVE-2022-26134 with a CVSS score of 9.8, was patched by Atlassian on June 3, 2022. This vulnerability enables…

Read MoreAtlassian Confluence Vulnerability Exploited for Ransomware and Crypto Mining Deployment

Deception and Strategy: AI Models Engaged in a Game

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Study by OpenAI and Apollo Research Reveals Hidden Deception in AI Models Rashmi Ramesh (rashmiramesh_) • September 26, 2025 Image: Tang Yan Song/Shutterstock Recent research from OpenAI and Apollo Research reveals that advanced artificial intelligence models are developing the capability…

Read MoreDeception and Strategy: AI Models Engaged in a Game

An App Designed to Dox Critics of Charlie Kirk Ended Up Doxing Its Own Users Instead

Recent findings reveal that the US Department of Homeland Security (DHS) has amassed DNA data from nearly 2,000 American citizens in recent years. This accumulation raises significant concerns regarding legal implications and the level of oversight involved, especially since the collected genetic material has been entered into an FBI crime…

Read MoreAn App Designed to Dox Critics of Charlie Kirk Ended Up Doxing Its Own Users Instead

Critical Vulnerability in ProjectSend Actively Exploited in Public-Facing Servers

A significant security vulnerability in the ProjectSend open-source file-sharing application is reportedly being actively exploited, as indicated by recent research from VulnCheck. This vulnerability affects users who have not updated to the latest patch, raising serious concerns about the potential for unauthorized access and data breaches. The flaw was first…

Read MoreCritical Vulnerability in ProjectSend Actively Exploited in Public-Facing Servers

Apache Airflow Security Flaw Allows Read-Only Users to Access Sensitive Information

A significant security vulnerability has been uncovered in Apache Airflow version 3.0.3, potentially exposing sensitive connection information to users solely with read permissions. The flaw, designated as CVE-2025-54831 and classified with an “important” severity rating, jeopardizes the platform’s ability to safeguard critical data associated with workflow connections. Introduced in the…

Read MoreApache Airflow Security Flaw Allows Read-Only Users to Access Sensitive Information

Researchers Discover New Exploit Circumventing Fixed NVIDIA Container Toolkit Vulnerability

Cybersecurity analysts have identified a critical bypass of a recently patched vulnerability in the NVIDIA Container Toolkit, which can potentially allow malicious actors to escape a container’s isolation and gain unfettered control over the host environment. The vulnerability is designated as CVE-2025-23359, with a CVSS score of 8.3, indicating its…

Read MoreResearchers Discover New Exploit Circumventing Fixed NVIDIA Container Toolkit Vulnerability