%term

NSW Treasury Breach, ABAC, and Principles of Least Privilege

Apr 27, 2026 By Wade Barisoff In archTIS

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

Read Post

archTIS

Read more about NSW Treasury Breach, ABAC, and Principles of Least Privilege

The Configuration Drift Behind the Teams Helpdesk Breach

Apr 27, 2026 By Garrett Hamilton In Reach Security

On April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. The group breached enterprise networks by impersonating IT helpdesk staff over Microsoft Teams, ultimately exfiltrating Active Directory databases and achieving full domain compromise. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability.

Read Post

Reach Security

Read more about The Configuration Drift Behind the Teams Helpdesk Breach

How to protect against OAuth-based supply chain breaches and credential sprawl

Apr 23, 2026 By Sanjay Ramnath In 1Password

For security teams, credential sprawl is like dust; you don't notice it until it has accumulated.

Read Post

1Password

Read more about How to protect against OAuth-based supply chain breaches and credential sprawl

One Checkbox Away: The Vercel Breach and the Case for Zero Standing Privileges

Apr 21, 2026 By Thierno Diallo In Apono

There’s never a good time to disclose a breach, but days before your IPO has to rank near the bottom of the list. That was the backdrop to the Vercel breach. On Sunday the 19th, the company confirmed that attackers had walked into parts of its internal environment and walked back out with customer API keys. Early reporting focused on the flashy parts: an attacker claiming ties to ShinyHunters, a $2 million BreachForums demand, crypto teams rotating credentials with the IPO roadshow in full swing.

Read Post

Apono

Read more about One Checkbox Away: The Vercel Breach and the Case for Zero Standing Privileges

The Hims Data Breach: What Standing Access Costs in Healthcare

Apr 20, 2026 By Gabriel Avner In Apono

Hims & Hers, one of the biggest telehealth platforms in the U.S., just disclosed that millions of customer records were exposed. Not because of some sophisticated exploit, but because a single compromised login had standing access to a connected platform. One identity was all it took. This breach is worth paying attention to not because it’s unusual, but because it’s so ordinary.

Read Post

Apono

Read more about The Hims Data Breach: What Standing Access Costs in Healthcare

Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too

Apr 20, 2026 By Guillaume Valadon In GitGuardian

Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.

Read Post

GitGuardian

Read more about Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too

Vercel security incident: What the breach reveals about OAuth trust, supply chain risk, and response speed

Apr 20, 2026 By Tanium In Tanium

Public reporting suggests the incident involved abuse of a third-party application that had been granted OAuth access to a Vercel employee account, enabling unauthorized access to some internal resources. Certain customer‑related tokens, environment variables, or other access artifacts may have been exposed, though Vercel has not stated that password theft was part of the initial access path.

Read Post

Tanium

Read more about Vercel security incident: What the breach reveals about OAuth trust, supply chain risk, and response speed

Cybersecurity Strengthens Trust in Digital Systems

Apr 7, 2026 By SecuritySenses In SecuritySenses

Every time a customer enters payment details, shares personal data, or logs into an online service, they place enormous faith in the organization behind that platform, trusting that the entity responsible for managing their sensitive information will safeguard it against breaches, unauthorized access, and any form of misuse. This kind of faith is not something that customers grant freely or without careful consideration of the security measures in place. It is built through clear, measurable security practices that shield sensitive data from unauthorized access and misuse.

Read Post

SecuritySenses

Read more about Cybersecurity Strengthens Trust in Digital Systems

What You Need to Know about the QualDerm Partners Data Breach

Mar 26, 2026 By IDStrong In IDStrong

QualDerm Partners, LLC is a healthcare management services provider headquartered in Brentwood, Tennessee. The company offers comprehensive administrative, clinical, and operational support to dermatology practices nationwide. QualDerm provides management resources, funding, and operational services, including patient records management, billing, insurance processing, and other essential services to improve efficiency and care quality across its network of clinics.

Read Post

IDStrong

Read more about What You Need to Know about the QualDerm Partners Data Breach

What You Need to Know about the Navia Benefit Solutions Data Breach

Mar 26, 2026 By IDStrong In IDStrong

Navia Benefit Solutions, Inc. is a consumer-focused benefits administrator headquartered in Renton, Washington. Founded in 1989, the company provides comprehensive employee benefits administration services to more than 10,000 employers across the United States. Navia manages tax-advantaged healthcare and dependent care accounts, serving more than 1 million participants nationwide.

Read Post