Security Domain
Asset Security
Data classification, ownership, privacy protection, retention policies, and data security standards.
5 Articles
← All domainsWorld Leaks Exposes 7.7TB of LAPD Records After City Attorney's Discovery Tool Breach
Extortion group World Leaks has published more than 337,000 sensitive LAPD files — including officer personnel records, Internal Affairs investigations, and witness medical information — after breaching a third-party legal discovery transfer tool used by the Los Angeles City Attorney's Office. The incident illustrates how legal and compliance workflows that touch sensitive data are increasingly targeted as a softer entry point than agency systems themselves.
ShinyHunters Breach Anodot SaaS Integrator, Steal Snowflake Customer Data via Harvested Tokens
The ShinyHunters threat group breached Anodot, an AI analytics platform used to integrate with Snowflake cloud data warehouses, and stole authentication tokens that enabled downstream data theft from over a dozen Snowflake customer environments. The attack is a textbook fourth-party risk incident: the direct target was not the victim organisations' systems but a trusted third-party integration layer.
ChipSoft Ransomware Attack Takes Down Patient Records Across 80% of Dutch Hospitals
Dutch healthcare IT vendor ChipSoft, whose HiX electronic patient record system is used by approximately 80% of hospitals in the Netherlands, was struck by a ransomware attack on 7 April. Eleven hospitals have disconnected from ChipSoft systems and reverted to emergency paper procedures. ChipSoft has confirmed a 'data incident' with possible unauthorised access to patient records, and Z-CERT has advised all connected healthcare institutions to disconnect VPN links to the vendor.
Dell iDRAC Service Module CVE-2026-23856 Allows Local Privilege Escalation on PowerEdge Servers
Dell has patched CVE-2026-23856, a privilege escalation vulnerability in the iDRAC Service Module (iSM) shipped with PowerEdge servers. A local attacker with standard user privileges can exploit improper access controls in the iSM — which runs with elevated system privileges to communicate with the hardware management interface — to elevate to SYSTEM or root. Updated iSM packages are available for both Windows and Linux.
ShinyHunters Claims Infinite Campus Breach — 11 Million Student Records at Risk
Infinite Campus, the K-12 student information system used by over 3,200 school districts across 46 US states, has warned customers of a security incident after ShinyHunters claimed to have stolen data via a Salesforce ticketing system compromise on 18 March. The company confirmed the attack lasted 38 minutes and primarily exposed school staff contact details, asserting no student database access occurred — but the threat actor's extortion deadline has passed without resolution.