The Breach News

SaaS Security Breaches: The Role of Tokens

Token theft continues to be a significant driver behind Software-as-a-Service (SaaS) breaches, raising critical concerns for security teams. It’s important to recognize why OAuth and API tokens are frequently overlooked and explore effective strategies that organizations can implement to enhance their token management practices and fortify their defenses. As SaaS…

Read MoreSaaS Security Breaches: The Role of Tokens

Microsoft Discovers macOS Vulnerability CVE-2024-44243 That Enables Rootkit Installation

Microsoft has disclosed a recently patched security vulnerability within Apple’s macOS. This flaw, which was successfully addressed in a recent update, potentially allowed attackers to exploit a weakness in the operating system’s System Integrity Protection (SIP). If leveraged effectively, an attacker operating with “root” privileges could bypass SIP and inject…

Read MoreMicrosoft Discovers macOS Vulnerability CVE-2024-44243 That Enables Rootkit Installation

Putin Alerts Russian Critical Infrastructure to Prepare for Possible Cyber Attacks

On Thursday, the Russian government issued an alert regarding ongoing cyber attacks aimed at critical infrastructure within the country, coinciding with the intensification of its military actions in Ukraine. This development marks a notable increase in cybersecurity threats that could affect a variety of sectors, prompting deeper concerns among business…

Read MorePutin Alerts Russian Critical Infrastructure to Prepare for Possible Cyber Attacks

Free Healthcare Toolkit: Mapping and Ranking Third-Party Risks

Third-Party Risk Management, Governance & Risk Management, Healthcare New Guide Aims to Help Organizations Focus on Vendor Risks Strategically Marianne Kolbasuk McGee ( HealthInfoSec) • October 8, 2025 The SMART Toolkit from the Health Sector Coordinating Council aims to assist healthcare entities in managing third-party risk effectively. (Image: HSCC) The…

Read MoreFree Healthcare Toolkit: Mapping and Ranking Third-Party Risks

Critical Vulnerabilities in SimpleHelp Enable File Theft, Privilege Escalation, and Remote Code Execution Attacks

Critical Flaws Discovered in SimpleHelp Remote Access Software: Urgent Action Required Recent cybersecurity research has unveiled several significant vulnerabilities in the SimpleHelp remote access software, raising concerns for businesses relying on this platform. These flaws, identified by Horizon3.ai researcher Naveen Sunkavally, posed risks including potential information disclosure, privilege escalation, and…

Read MoreCritical Vulnerabilities in SimpleHelp Enable File Theft, Privilege Escalation, and Remote Code Execution Attacks

Iran’s MuddyWater Hacking Group Deploys New Malware in Global Cyber Attacks

New Malware Exposed as Iranian APT Group Targets Global Networks Cybersecurity agencies from the United States and the United Kingdom have revealed new malware attributed to the Iranian government-sponsored advanced persistent threat (APT) group known as MuddyWater. This malware is reported to facilitate attacks against both government and commercial networks…

Read MoreIran’s MuddyWater Hacking Group Deploys New Malware in Global Cyber Attacks

EU Reveals Plans for AI Technology Sovereignty

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development AI Strategies Aim to Strengthen Global AI Position Akshaya Asokan (asokan_akshaya) • October 8, 2025 Henna Virkkunen, European Commissioner for Technological Sovereignty, Security, and Democracy, during an Aug. 10, 2025 European Parliament session. (Image: Philippe Stirnweiss/European Union) The European Union…

Read MoreEU Reveals Plans for AI Technology Sovereignty