%term

The JSONFormatter Wake-Up Call: How Developer Tools Are the New Identity Breach Vector

May 7, 2026 By The Apono Team In Apono

Everyone uses developer tools to get through the day. A JSONFormatter to inspect an API response, or a JWT decoder when you need to inspect a token quickly. In most engineering teams, these tools are treated as harmless productivity aids. In November 2025, researchers discovered that JSONFormatter and CodeBeautify had been storing everything users pasted into them via a save feature that generated shareable links with fully predictable URL structures. A simple crawler could retrieve all of them.

Read Post

Apono

Read more about The JSONFormatter Wake-Up Call: How Developer Tools Are the New Identity Breach Vector

The $10 Million Question: Why Are 81% of Organizations Still Getting Breached?

May 7, 2026 By Natalie Tischler In Veracode

We are living in a security paradox. Cybersecurity budgets are increasing, security stacks are growing more complex, and yet, the needle barely seems to move. According to the newly drafted 2026 Cyberthreat Defense Report (CDR), 81% of organizations experienced at least one successful cyberattack this past year. Even more concerning, the number of organizations suffering from six or more successful attacks is actually creeping up.

Read Post

Veracode

Read more about The $10 Million Question: Why Are 81% of Organizations Still Getting Breached?

What You Need to Know about the Amtrak Data Breach

May 6, 2026 By IDStrong In IDStrong

Amtrak was created by Congress in 1970 as the National Railroad Passenger Corporation. It operates a nationwide rail network with over 300 trains serving more than 500 destinations in 46 states, three Canadian provinces, and the District of Columbia on more than 21,400 miles of route. Booking tickets online when taking a trip with Amtrak comes with so much convenience, ranging from saved passenger details to easy payment processing and quick reservations.

Read Post

IDStrong

Read more about What You Need to Know about the Amtrak Data Breach

What You Need to Know about the Illinois and Texas Healthcare Data Breaches

May 6, 2026 By IDStrong In IDStrong

Three prominent healthcare organizations in the United States have officially disclosed major data breaches that have compromised the personal and medical information of about 600,000 people. The affected organizations were Southern Illinois Dermatology and Saint Anthony Hospital in Illinois and the North Texas Behavioral Health Authority (NTBHA) in Texas.

Read Post

IDStrong

Read more about What You Need to Know about the Illinois and Texas Healthcare Data Breaches

Keep an eye out, breaches leave patterns

May 5, 2026 By Afnan Zoheb In ManageEngine

Most major security breaches in the last five years had one thing in common. Not just unpatched vulnerabilities, but a decision someone made to live with it. A VPN credential that never got rotated, an admin account that outlasted the employee who owned it, or a privilege elevation request approved because it was easier than asking questions. The details change, but the pattern doesn't. This isn't a story about sophisticated attackers. It's a story about blind spots, misplaced trust, and what happens when organizations mistake the absence of an incident for the presence of security.

Read Post

ManageEngine

Read more about Keep an eye out, breaches leave patterns

Proving the Breach: Visual Strategies for Security Litigation

May 5, 2026 By SecuritySenses In SecuritySenses

Cybersecurity incidents create massive messes for companies. Judges and juries need to see how a breach happened to make a fair choice. Visual aids help tell this story clearly. They turn complex digital logs into pictures anyone can understand. This clarity is the key to winning a case. It allows the truth to shine through the noise.

Read Post

SecuritySenses

Read more about Proving the Breach: Visual Strategies for Security Litigation

The Beginning of a New Norm

May 1, 2026 By CultureAI Team In CultureAI

The recent breach at Vercel has drawn a lot of attention, not because the initial entry point was unusual, but because of what the incident quietly demonstrates about how modern workflows shape the impact of a compromise. This did not begin with a phishing email or an exposed service. It began with an AI tool.

Read Post

CultureAI

Read more about The Beginning of a New Norm

8 DSPM Use Cases Every CISO Should Know

May 1, 2026 By SecuritySenses In SecuritySenses

Data Security Posture Management has moved from an emerging concept to an operational priority for security leaders. Understanding the most impactful DSPM use cases helps CISOs protect sensitive data across cloud environments, enforce governance policies, and stay ahead of compliance mandates. This guide breaks down eight critical applications every security leader should evaluate.

Read Post

SecuritySenses

Read more about 8 DSPM Use Cases Every CISO Should Know

The Configuration Drift Behind the Teams Helpdesk Breach

Apr 27, 2026 By Garrett Hamilton In Reach Security

On April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. The group breached enterprise networks by impersonating IT helpdesk staff over Microsoft Teams, ultimately exfiltrating Active Directory databases and achieving full domain compromise. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability.

Read Post

Reach Security

Read more about The Configuration Drift Behind the Teams Helpdesk Breach

NSW Treasury Breach, ABAC, and Principles of Least Privilege

Apr 27, 2026 By Wade Barisoff In archTIS

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

Read Post