
#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).
Timeline
Breaches
In March 2025, The mobile world is buzzing after recent research uncovered a shocking truth about iOS apps: many are...
On March 11, 2025, The reviewdog/action-setup GitHub Action became the focus of a significant supply chain attack. Malicious activity was...
In February 2025, a significant data breach involving OmniGPT, a widely-used AI-powered chatbot platform, was reported. A threat actor known...
In February 2025, Cisco Talos reported that the advanced persistent threat (APT) group known as Salt Typhoon, believed to be...
On 10th February 2025, the Kraken ransomware group claimed responsibility for a data breach involving Cisco Systems. They alleged that...
In February 2025, the cybersecurity world faced yet another wake-up call, this time, the target was Zacks Investment Research, a...
On February 6, 2025, Microsoft revealed a major security issue involving over 3,000 publicly exposed ASP.NET machine keys. These keys,...
On January 29, 2025, a major security breach involving DeepSeek, a prominent Chinese artificial intelligence (AI) startup, was reported. The...
In January 2025, the ransomware group "Codefinger" has exploited Amazon Web Services (AWS) to launch a sophisticated campaign targeting Simple...
In December 2024, Researchers identified a potential privilege escalation vector in Azure Key Vault. The issue arises from the misconfiguration...
In December 2024, Microsoft took decisive legal action against a Hacking-as-a-Service (HaaS) platform that exploited vulnerabilities in its Azure OpenAI...
On December 2, 2024, BeyondTrust, a leading cybersecurity solutions provider specializing in Privileged Access Management (PAM) and Secure Remote Access,...
In October 2024, Permiso Security reported a sophisticated cyberattack revealed critical vulnerabilities in the infrastructure of cloud-hosted large language models...
In October 2024, a significant cybersecurity incident known as Emerald Whale shocked the DevOps community. This incident revolved around exposed...
The Internet Archive, famous for its Wayback machine and massive digital archives, fell victim to a major data breach affecting...
In October 2024, Cisco experienced a significant cybersecurity breach related to Non-Human Identities (NHIs). The threat actor ‘IntelBroker’ exploited exposed...
In early June 2024, Hugging Face, which is considered as a leading company and AI platform, announced a security breach...
In June 2024, the New York Times (NYT), a media powerhouse known for its reporting excellence, became the subject of...
In June 2024, GitHub users fell victim to an extortion campaign targeting their repositories. The threat actor gained unauthorized access...
One of the leading cloud data platforms, Snowflake, fell victim to a major cybersecurity breach in May 2024. The breach...
Even the users without Dropbox Sign accounts but involved in signed transactions had their In April 2024, Dropbox Sign, a...
In May 2024, a critical vulnerability (CVE-2024-37051) with a CVSS score of 9.3, was reported in JetBrains’ GitHub plugin for...
In a digital world driven by cloud infrastructure, no one is immune to mistakes even the most established organizations. In...
In November 2023, a significant security incident was uncovered involving the exposure of thousands of hardcoded secrets in packages hosted...
In the digital era, even security-focused organizations like Sumo Logic aren’t immune to evolving cyber threats. On November 3, 2023,...
On Thanksgiving Day, November 23, 2023, Cloudflare disclosed a significant breach involving their internal Atlassian systems. The intrusion occurred after...
In July 2023, JumpCloud, a well-known directory-as-a-service provider, made headlines by invalidating all administrator API keys in response to a...
In July 2023, a sophisticated cyberattack shook the developer community, targeting GitHub repositories at an unprecedented scale. Threat actors exploited...
In June 2023, Microsoft experienced a major security breach that left many businesses and government agencies vulnerable. The breach, dubbed...
In October 2021, Twitch, the popular live streaming platform, suffered a significant data breach, that exposed a significant portion of...
In another cybersecurity incident, T-Mobile reported a data breach affecting 37 million accounts. The breach, caused by a vulnerable Application...
CircleCI, which is considered as a leading continuous integration and delivery (CI/CD) platform, fell victim to a major security breach...
In January 2023, Slack, a leading collaboration platform, experienced a security breach involving the unauthorized access of private code repositories...
In a recent security incident, Microsoft disabled compromised verified partner accounts exploited by attackers to conduct OAuth phishing campaigns. These...
In September 2022, Uber Technologies Inc. faced a significant cybersecurity breach that exposed vulnerabilities within its internal systems. This incident...