The Breach News

Live Webinar: Streamline Your DevOps with Efficient Application Security Testing

Thank you for registering with ISMG Enhance your profile and stay informed. Select Title LevelAnalytics/Architecture/EngineeringAttorney/General Counsel/CounselAssociate Vice President (AVP)Board MemberC-Level ExecutiveC-Level – OtherChief Communications Officer (CCO)Chief Executive Officer (CEO)/PresidentChief Financial Officer (CFO)ChairpersonChief Information Officer (CIO)Chief Information Security Officer (CISO)/Chief Security Officer (CSO)CISO/CSO/CIOChief Operating Officer (COO)Chief Risk Officer (CRO)Chief Technology Officer…

Read More

Live Webinar: Streamline Your DevOps with Efficient Application Security Testing

Envoy Air Partners with Qantas, Aeroflot, and Vietnam Airlines in Major Cybersecurity Breach: A Significant Threat to the Aviation Sector This Year

Massive Cybersecurity Breach Hits Envoy Air, A Wake-Up Call for Aviation Industry In a significant cybersecurity incident, Envoy Air, a regional airline operating under the American Eagle brand, has been targeted as part of a broader breach affecting several major players in the aviation sector, including Qantas, Aeroflot, and Vietnam…

Read MoreEnvoy Air Partners with Qantas, Aeroflot, and Vietnam Airlines in Major Cybersecurity Breach: A Significant Threat to the Aviation Sector This Year

Ivanti Releases Urgent Security Updates for CSA and Connect Secure Vulnerabilities

Security Updates Released for Ivanti Products Addressing Critical Vulnerabilities Ivanti has issued security updates aimed at rectifying several severe vulnerabilities in its Cloud Services Application (CSA) and Connect Secure offerings, vulnerabilities that could potentially facilitate privilege escalation and remote code execution. The concern arises from multiple critical flaws present in…

Read MoreIvanti Releases Urgent Security Updates for CSA and Connect Secure Vulnerabilities

Apache Releases Third Patch to Address Newly Identified High-Severity Log4j Vulnerability

On Friday, the Apache Software Foundation (ASF) released version 2.17.0 of its widely adopted logging library, Log4j, addressing a new vulnerability that malicious actors can exploit for denial-of-service (DoS) attacks. This vulnerability is identified as CVE-2021-45105, rated with a CVSS score of 7.5, and affects all iterations of the tool…

Read MoreApache Releases Third Patch to Address Newly Identified High-Severity Log4j Vulnerability

Adopt a Proactive Strategy for Password Security: Continuously Monitor for Compromised Credentials

Passwords are integral to safeguarding organizational data, yet their inherent vulnerabilities often lead to significant security risks. As users juggle a multitude of credentials, many resort to unsafe practices, such as creating weak passwords or reusing the same password across multiple accounts, which undermines security protocols. The prevalence of password…

Read MoreAdopt a Proactive Strategy for Password Security: Continuously Monitor for Compromised Credentials

Prosper Market Data Breach Impacts 17.6 Million Individuals

Data Security, Finance & Banking, Industry Specific Details on Breach Notification Service: Victim Count in Peer-to-Peer Lending Marketplace Mathew J. Schwartz (euroinfosec) • October 17, 2025 Image: Shutterstock/Prosper In a significant breach, hackers reportedly accessed personal information of over 17 million users from Prosper, a peer-to-peer lending platform. The incident…

Read MoreProsper Market Data Breach Impacts 17.6 Million Individuals

Envoy, an American Airlines Subsidiary, Targeted in Oracle Cyberattack

Envoy Air, a fully owned subsidiary of American Airlines, has confirmed it has been targeted in a cyber attack that compromised vulnerabilities within Oracle’s E-Business Suite (EBS). This incident highlights a pressing concern regarding the cybersecurity posture of enterprise software within the aviation industry. The breach came to light through…

Read MoreEnvoy, an American Airlines Subsidiary, Targeted in Oracle Cyberattack

Microsoft Addresses 72 Vulnerabilities, Including a Patch for Actively Exploited CLFS Issue

Microsoft Wraps Up 2024 Patch Tuesday with Critical Security Fixes Microsoft concluded its Patch Tuesday updates for December 2024, addressing a total of 72 security vulnerabilities across its software ecosystem, including a specific flaw reported as actively exploited in the wild. Of these vulnerabilities, 17 have been classified as Critical,…

Read MoreMicrosoft Addresses 72 Vulnerabilities, Including a Patch for Actively Exploited CLFS Issue

Experts Uncover Backdoor Installed in U.S. Federal Agency Network

Backdoor Compromise Targets U.S. Federal Government Entity in APT-Style Attack A federal U.S. commission linked to international rights has suffered a significant security breach, as revealed by researchers who characterized the incident as a “classic APT-type operation.” The attack reportedly infiltrated the commission’s internal network through a backdoor, potentially compromising…

Read MoreExperts Uncover Backdoor Installed in U.S. Federal Agency Network