top of page
ALL POSTS
Abrigo - 711,099 Accounts Breached
Key Findings ShinyHunters group conducted "pay or leak" extortion campaigns against at least two major companies in April 2026 Abrigo suffered a breach exposing 711,099 records from its Salesforce instance, containing business contact information Canada Life experienced a separate incident resulting in 237,810 breached records including customer personal data Both breaches involved similar extortion tactics followed by public data release when demands were not met Combined in
May 142 min read
Gemini AI Data Exposure via Public Google API Keys
Key Findings Nearly 3,000 Google API keys (identified by the prefix "AIza") were found embedded in client-side code, providing access to sensitive Gemini endpoints and private data. The problem occurs when users enable the Gemini API on a Google Cloud project, causing the existing API keys in that project to gain access to Gemini endpoints without any warning or notice. Creating a new API key in Google Cloud defaults to "Unrestricted," meaning it's applicable for every enable
Feb 282 min read
Dutch Agencies Targeted by Ivanti Zero-Day Vulnerability, Exposing Employee Data
Key Findings Dutch Data Protection Authority (AP) and Council for the Judiciary (Rvdr) confirmed cyber attacks exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities Attacks exposed employee contact information, including names, work emails, and phone numbers European Commission also detected a cyberattack on its mobile device management platform, exposing some staff names and phone numbers Ivanti acknowledged vulnerabilities (CVE-2026-1281 and CVE-2026-1340) have b
Feb 102 min read
"Hackers Breach Nikkei's Slack, Steal 17K Messages and Personal Data"
Background Nikkei Inc., a major Japanese financial news and media group, including the Financial Times, disclosed a data breach affecting its internal Slack workspace. The breach was first discovered in September 2023 after noticing unusual logins to employee messaging accounts. The incident led to the exposure of sensitive, private information belonging to over 17,000 people, including employees and business partners. Key Findings The Entry Point: A Stolen Slack Account The
Nov 6, 20252 min read
bottom of page
