Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The 5 Questions Every Leak Investigation Needs to Answer

Jun 25, 2026 By Cyberhaven In Cyberhaven
In this video, you will learn the five questions every data leak investigation must answer to be defensible — what the data is, where it originated, who accessed it, where it spread, and the fastest containment step — and why the visibility gap in most security stacks makes those questions impossible to answer instantly. You will also learn how combining DSPM baseline inventory with real-time data lineage replaces the high-stress scramble with surgical containment and audit-ready proof, so you move from "I think we're safe" to "here is the proof.".
View Video
bitsight

Major Security Event: Fortinet VPN Credentials and Configuration Data Exposed for 73,000 Devices

Jun 18, 2026 By Ebin Sandler In BitSight
A large-scale credential compromise campaign known as FortiBleed has exposed verified administrator credentials for more than 73,000 internet-facing Fortinet FortiGate firewalls. As of mid-June 2026, the dataset is reportedly circulating within criminal underground communities. Researchers estimate that approximately 50% of all internet-reachable FortiGate devices may be affected across 194 countries, making this one of the most significant Fortinet security incidents to date.
Read Post
appsentinels

When an Endpoint Forgets to Ask, "Who Are You?": Inside the ServiceNow June 2026 Data Exposure

Jun 12, 2026 By AppSentinels In AppSentinels
On June 5, 2026, ServiceNow quietly pushed a security update to hosted customer instances. The fix, described in an internal knowledge base article, addressed a flaw that let unauthenticated users gain more access to ServiceNow-hosted data than they were ever supposed to have. No password. No credentials. The remediation itself tells the whole story: ServiceNow changed an endpoint configuration to restrict access to authenticated users only. Read that again.
Read Post
nightfall

CISA's GitHub Leak Is a Preview of the MCP Security Problem Every CISO Is About to Inherit

May 21, 2026 By Chris Martinez In Nightfall
America's cybersecurity agency left its production credentials sitting in a public GitHub repo for six months. The same failure pattern is now being automated by AI agents in every enterprise running Cursor, Claude Desktop, or Copilot.
Read Post
gitguardian

How We Got a CISA GitHub Leak Taken Down in Under a Day

May 19, 2026 By Guillaume Valadon In GitGuardian
On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
Read Post
Data Leak iPhone: Causes, Risks, and How to Protect Your Data

Data Leak iPhone: Causes, Risks, and How to Protect Your Data

May 1, 2026 By SecuritySenses In SecuritySenses
In 2023, the FBI's Internet Crime Complaint Center recorded over 880,000 complaints, with billions lost. Many began with small actions on a phone. A data leak on iPhone often stems from user behavior like missed updates, weak passwords, or phishing links, rather than the device itself.
Read Post
miniorange

How to Stop Data Leaks Using DLP and OCR?

Apr 16, 2026 By Anurag Khadkikar In miniOrange
Data leaks are no longer rare incidents. They have become a constant concern for organizations of all sizes. A single exposed file can lead to compliance violations, financial penalties, and long-term damage to brand reputation. In many cases, the impact builds over time as sensitive data spreads beyond control. At the same time, the nature of data has changed. Important information is no longer limited to structured formats like databases or spreadsheets.
Read Post
safeaeon

What is Data Leakage Protection and Why Is It Essential for Businesses

Mar 20, 2026 By SafeAeon Inc. In SafeAeon
Data is a critical asset for modern businesses, so keeping it safe becomes extremely important. Cybercriminals use sophisticated methods to steal data, but these threats can be mitigated through Data Loss Prevention (DLP). It is a security framework that includes policies and tools to protect data from attackers and unauthorized access. Many organizations use DLP to protect confidential data from external threats and accidental exposure. Organizations that lack a strong DLP plan risk exposing their data.
Read Post
CrowdStrike

Data Leakage: AI's Plumbing Problem

Dec 11, 2025 By Jim Hoagland - Vanessa Villa In CrowdStrike
Sensitive information disclosure ranks on the OWASP Top 10 for LLM Applications, and for good reason. When AI-powered applications inadvertently expose private data like personally identifiable information (PII), financial records, health information, API keys, or proprietary business intelligence, the consequences cascade quickly: regulatory violations, competitive disadvantage, and shattered user trust.
Read Post
apono

How Contractor Privileged Access Failures Exposed Data Across 45 Federal Agencies

Dec 8, 2025 By Gabriel Avner In Apono
Earlier this year, twin brothers Muneeb and Sohaib Akhter, both government contractors, were fired from their employer. Minutes later, they began a weeklong insider attack that compromised or destroyed data belonging to more than 45 federal agencies.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.