SC Staff

U.S. state health insurance marketplaces reportedly shared user data with tech giants

• data-security
• Privacy
• security-operations

U.S. state health insurance marketplaces reportedly shared user data with tech giants

SC Staff May 5, 2026

The investigation by Bloomberg revealed that these trackers, commonly used for website analytics and bug identification, were...

Read More Read more about U.S. state health insurance marketplaces reportedly shared user data with tech giants

Internal threats now pose the biggest risk to companies

• application-security
• data-security
• risk-assessmentsmanagement

Internal threats now pose the biggest risk to companies

SC Staff May 5, 2026

New data from Orange Cyberdefense reveals that internal threats have escalated to 57%, surpassing external threats for...

Read More Read more about Internal threats now pose the biggest risk to companies

Instructure confirms data breach, ShinyHunters claims responsibility

• data-security

Instructure confirms data breach, ShinyHunters claims responsibility

SC Staff May 4, 2026

Instructure, known for its Canvas learning management system, disclosed the breach on Friday and stated that personal...

Read More Read more about Instructure confirms data breach, ShinyHunters claims responsibility

Chinese-linked Salt Typhoon suspected in Italy’s Sistemi Informativi breach

• data-security
• threat-intelligence

Chinese-linked Salt Typhoon suspected in Italy’s Sistemi Informativi breach

SC Staff May 4, 2026

The breach, which occurred in late April 2026, impacted Sistemi Informativi, a critical IT infrastructure provider for...

Read More Read more about Chinese-linked Salt Typhoon suspected in Italy’s Sistemi Informativi breach

Microsoft Defender false positives trigger DigiCert certificate alerts

Microsoft Defender false positives trigger DigiCert certificate alerts

SC Staff May 4, 2026

The false positives involved specific DigiCert root certificates, identified by their SHA-1 hashes, which were flagged as...

Read More Read more about Microsoft Defender false positives trigger DigiCert certificate alerts

Telegram mini apps used in large-scale crypto scams and malware distribution

• application-security
• malware
• phishing

Telegram mini apps used in large-scale crypto scams and malware distribution

SC Staff May 4, 2026

The FEMITBOT platform facilitates various scams, including fake cryptocurrency, financial services, AI tools, and streaming sites.

Read More Read more about Telegram mini apps used in large-scale crypto scams and malware distribution

New ConsentFix v3 attack automates Microsoft Azure account hijacking

• identity
• phishing

New ConsentFix v3 attack automates Microsoft Azure account hijacking

SC Staff May 4, 2026

ConsentFix v3 targets Microsoft Azure environments by first identifying valid tenant IDs and gathering employee details for...

Read More Read more about New ConsentFix v3 attack automates Microsoft Azure account hijacking

Instructure investigates cybersecurity incident impacting Canvas platform

• data-security

Instructure investigates cybersecurity incident impacting Canvas platform

SC Staff May 4, 2026

Instructure confirmed that a criminal threat actor perpetrated the incident and that the company is working with...

Read More Read more about Instructure investigates cybersecurity incident impacting Canvas platform

New botnet targets gaming servers via misconfigured Jenkins

• malware
• patchconfiguration-management
• security-operations

New botnet targets gaming servers via misconfigured Jenkins

SC Staff May 4, 2026

The attackers gained initial access by abusing the scriptText endpoint of the Jenkins server, achieving remote code...

Read More Read more about New botnet targets gaming servers via misconfigured Jenkins

New software supply chain attack uses sleeper packages for credential theft and CI tampering

• malware
• supply-chain

New software supply chain attack uses sleeper packages for credential theft and CI tampering

SC Staff May 1, 2026

The campaign, attributed to the GitHub account "BufferZoneCorp," involved malicious Ruby gems and Go modules disguised as...

Read More Read more about New software supply chain attack uses sleeper packages for credential theft and CI tampering