Governance & Risk Management, Healthcare, Industry Specific Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data Marianne Kolbasuk McGee (HealthInfoSec) • October 29, 2025 CISA has issued warnings regarding vulnerabilities in Vertikal Systems’ hospital management software that may expose sensitive data to hackers. (Image: Vertikal) U.S. federal authorities have…
Businesses concerned about cybersecurity may already be familiar with Have I Been Pwned, a site dedicated to notifying users about data breaches. Recently, Proton, the company behind ProtonMail, launched its own data breach alert service named the Data Breach Observatory. This platform aims to provide near real-time notifications to individuals…
Recent cybersecurity research has identified a significant campaign, known as EMERALDWHALE, which exploits exposed Git configurations to extract credentials, clone private repositories, and even obtain cloud service credentials embedded in source code. This operation has reportedly compromised over 10,000 private repositories, with the stolen data stored in an Amazon S3…
Microsoft has recently issued a warning regarding an actively exploited zero-day vulnerability affecting Internet Explorer. This flaw is being utilized to compromise Windows systems by means of malicious Microsoft Office documents. Identified as CVE-2021-40444 with a CVSS score of 8.8, the vulnerability resides in MSHTML, a proprietary browser engine that…
Former Executive Pleads Guilty to Selling Trade Secrets to Russian Buyer In a significant case involving cybersecurity breaches, a former executive from a firm specializing in zero-day vulnerabilities and exploits was sentenced in federal court in Washington, DC, for trafficking in trade secrets valued at a minimum of $1.3 million.…
Twilio Faces Another Security Incident with Customer Data Compromised This week, communication services provider Twilio reported a security breach that occurred on June 29, 2022, attributed to the same group responsible for a significant breach in August 2022. The company revealed that unauthorized access to customer information was achieved through…
Data Security Second Round of Layoffs Since 2022 Follows $150 Million Email Security Acquisition Michael Novinson (MichaelNovinson) • October 29, 2025 Varonis has announced a reduction of its workforce by 5%, translating to approximately 120 employees, amid concerns over declining renewal rates in its on-premise subscription model. This decision comes…
Data Breach Exposes Students of Iran’s MOIS Training Academy A significant data leak has recently surfaced, revealing sensitive information belonging to students enrolled in Iran’s Ministry of Intelligence and Security (MOIS) Training Academy. This incident highlights ongoing vulnerabilities in cybersecurity practices within state institutions and raises questions about the security…
Google has reported the identification of a zero-day vulnerability within the SQLite open-source database engine, utilizing its large language model (LLM)-assisted framework known as Big Sleep (formerly Project Naptime). This discovery marks a significant milestone as the first real-world vulnerability unveiled through the application of an artificial intelligence (AI) agent.…
