Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s be honest: few phrases can make your stomach drop faster than “your data has been compromised.” Whether you’re an individual trying to protect your passwords or a business managing millions of customer accounts, the fear of a data breach is real and growing. We live in a time where almost everything is online: our finances, our health records, our identities.

In a stark reminder of the increasing risk to software supply chains, freelance talent platform Toptal is the latest high-profile organization impacted by a compromise of a GitHub account that led to the deployment of malicious npm packages with the capability to wipe developer machines and steal passwords. The breach, first disclosed last week, has shocked the developer community and exposed serious flaws in repository security, disclosure practices, and package ecosystem hygiene.

Founded by Dr. Daniel Talley in 1905, the Radiology Associates of Richmond is one of America's oldest private radiology practices. RAR has since been at the forefront of advanced diagnostic, interventional services, and medical imaging. The institution spans seven hospitals and four outpatient centers in central Virginia. RAR has 62 board-certified radiologists, and the practice specializes in breast imaging, neuroradiology, and vascular interventions.

In 2023, a critical vulnerability in MOVEit Transfer software (CVE-2023-34362) was weaponized by the Cl0p ransomware group, leading to a substantial leak of sensitive employee data from major global corporations. The flaw in MOVEit allowed attackers to bypass authentication and access secure files, resulting in a far-reaching data breach that impacted various sectors including finance, healthcare, government, and retail.

What does it take to stay calm in the face of constant cyber pressure—and why does that mindset matter more than ever? In this episode of Security Matters, host David Puner speaks with Den Jones, founder and CEO of 909Cyber, about his transition from enterprise chief security officer (CSO) to cybersecurity consultant.

‍ ‍ ‍Both the Marks & Spencer ransomware attack and the Qantas breach dominated headlines for weeks, each exposing serious lapses in how data and risk were managed at the organizational level. But within the cybersecurity community, the response took a different turn. Unlike with other commentary post-cyber incidents, the focus quickly moved away from compromised systems and toward something more structural. These weren’t framed as technical breakdowns.

In June 2025, a disturbing security failure surfaced involving McDonald’s AI-powered hiring assistant, Olivia, operated by Paradox.ai. The platform, designed to screen job applicants via chatbot, exposed the personal information of over 64 million people. That included names, contact info, shift preferences, and even chat transcripts. The root cause? A combination of missteps that highlight the growing risk of insecure APIs in modern, AI-driven systems.