Search

engadget.com › ai

A Meta agentic AI sparked a security incident by acting without permission - Engadget

A Meta agentic AI sparked a security incident by acting without permission Maybe think twice before letting an AI take over all your tech? …

Mar 18, 2026 · Anna Washenko

Top stories

9to5mac.com

A security breach means you must update the ChatGPT Mac app

1d ago

docker.com

Coding Agent Horror Stories: The rm -rf ~/ Incident | Docker

2d ago

docker.com

What is Sandbox Security? | Docker

2d ago

techcrunch.com

A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers' driver's licenses | TechCrunch

6d ago

techcrunch.com › 2026 › 05 › …

US bank discloses security lapse after sharing customer data with AI app | TechCrunch

… Topics community bank , cybersecurity , data exposure , In Brief , Security Related Security OpenAI says hackers stole some data after latest code security issue Security A spyware investigator exposed Russian government hackers trying to hijack Signal accounts Security US lawmakers demand answers …

May 12, 2026 · Lorenzo Franceschi-Bicchierai

theregister.com › security › 2026 › …

Next.js developer Vercel warns customer creds compromised

… The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as “sensitive.” Context.ai has also published a security bulletin that reveals a March incident tha… …

Apr 20, 2026 · Simon Sharwood

bleepingcomputer.com › news › security

California AG sues 23andMe over 2023 breach exposing health data

… In addition to the data protection failures, Bonta also underlines the misleading public statements 23andMe made before and after the incident. Specifically, the firm claimed before the incident that its security met high standards. …

May 29, 2026 · Bill Toulas

Discussions and forums

r/sysadmin · u/xendr0me · 3w ago

What a bunch of idiots... Canvas

https://www.reddit.com/r/canvas/comments/1taj9mk/instructure_just_confirmed_they_paid_the_ransom/ "We received assurances that it will not be further shared on the dark web or elsewhere, and we received proof that any co…

r/sysadmin · u/talent_de_tigan · 1w ago

Genuinely hate cyber security teams

After working as a platform engineer for almost half a decade, one thing I developed is a strong hatred for cyber sec teams. I'm not sure if it's just me, but in every place I work they are seen by the business as the gu…

Hacker News · u/introvertmac · Dec 3, 2025

Tell HN: Compliance is not equal to Security

For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…

1 1

r/netsec · u/unknownhad · 3w ago

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

r/netsec · u/technadu · 1w ago

Threat Intel: ShinyHunters Leaks 9.4GB Database of 7-Eleven Franchisee Systems Post-Extortion Refusal

Overview: On May 24, 2026, the data breach notification service Have I Been Pwned (HIBP) integrated a dataset originating from an April 2026 extortion campaign targeting 7-Eleven. The breach, attributed to the threat act…

techspot.com › news

A cyberattack on Canvas knocked out access for students at Harvard, Columbia, and hundreds of other schools during finals

The company's chief information security officer, Steve Proud, wrote in an incident log that Instructure had "recently experienced a cybersecurity incident perpetrated by a criminal threat actor." A day later, he added that the exposed data included names, email addresses, student ID numbers, and m… …

May 10, 2026

techcrunch.com › 2026 › 05 › …

US cyber agency CISA exposed reams of passwords and cloud keys to the open web | TechCrunch

… While the incident was traced back to an employee working for a CISA contractor, CISA is ultimately responsible for the security of its own network and systems, including contractors who work for the agency. …

May 19, 2026 · Zack Whittaker

bleepingcomputer.com › news › security

Škoda warns of customer data breach after online shop hack

… However, they said the incident only impacted "the online shop operated by the Škoda Auto importer in Germany and does not concern Škoda Auto globally." "The Škoda Connect Portal and all associated services are not affected by the security incident. …

May 12, 2026 · Sergiu Gatlan

techcrunch.com › 2026 › 05 › …

AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys | TechCrunch

… Jaime Blasco, the co-founder of cybersecurity startup Nudge Security who received a breach email alert from Braintrust, told TechCrunch that the incident could have "downstream implications for affected customers," like AI companies that rely on Braintrust. …

May 6, 2026 · Lorenzo Franceschi-Bicchierai

bleepingcomputer.com › news › security

OpenAI confirms security breach in TanStack supply chain attack

… In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, or deployed software. …

May 14, 2026 · Lawrence Abrams

bleepingcomputer.com › news › microsoft

Microsoft blames macOS update for undismissible Teams location prompts

… I checked for a Microsoft Teams update, but there isn't one." Earlier today, Microsoft acknowledged this known issue in a new incident report TM1315837 and blamed it on a recent macOS security update that prevents the operating system from retaining users' location-permission selections. …

May 19, 2026 · Sergiu Gatlan