Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Yale New Haven Health Confirms 5.5 Million Affected in March Cybersecurity Incident
Description: Yale New Haven Health has officially confirmed that a March cybersecurity breach impacted over 5.5 million individuals, making it one of the largest healthcare data incidents reported in 2025. The figure, now listed on the U.S. Department of Health and Human Services’ Office for Civil Rights (HHS OCR) breach portal, significantly expands the scope of … The post Yale New Haven Health Confirms 5.5 Million Affected in March Cybersecurity Incident appeared first on CyberInsider.
Source: CyberInsider
April 24th, 2025 (18 days ago)
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Source: TheRegister
April 24th, 2025 (18 days ago)
Millions impacted by data breaches at Blue Shield of California, mammography service and more
Description: Blue Shield of California said an improper Google Analytics configuration exposed the data of more than 4.5 million people, while state regulators recently received more than a dozen other reports involving healthcare-related organizations.
Source: The Record
April 23rd, 2025 (19 days ago)
Blue Shield of California leaked health data of 4.7 million members to Google
Description: Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. [...]
Source: BleepingComputer
April 23rd, 2025 (19 days ago)
Blue Shield of California Exposed Health Data of 4.7 Million Members
Description: Blue Shield of California has disclosed a data breach that potentially exposed the protected health information (PHI) of approximately 4.7 million individuals. The breach, which stemmed from misconfigured web analytics, went undetected for nearly three years and was officially listed on the U.S. Department of Health and Human Services (HHS) Office for Civil Rights breach … The post Blue Shield of California Exposed Health Data of 4.7 Million Members appeared first on CyberInsider.
Source: CyberInsider
April 23rd, 2025 (19 days ago)
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends
🚨 Marked as known exploited on April 23rd, 2025 (19 days ago).
Description: The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge-related CVEs and remediation trends across industry sectors.BackgroundSince 2008, Verizon’s annual Data Breach Investigations Report (DBIR) has helped organizations understand evolving cyber threats. For the 2025 edition, Tenable Research contributed enriched data on the most exploited vulnerabilities of the past year. We analyzed over 160 million data points and zeroed-in on the 17 edge device CVEs featured in the DBIR to understand their average remediation times. In this blog, we take a closer look at these vulnerabilities, revealing industry-specific trends and highlighting where patching still lags — often by months.In this year’s DBIR, vulnerabilities in Virtual Private Networks (VPNs) and edge devices were particular areas of concern, accounting for 22% of the CVE-related breaches in this year’s report, almost eight times the amount of 3% found in the 2024 report.AnalysisThe 2025 DBIR found that exploitation of vulnerabilities surged to be one of the top initial access vectors for 20% of data breaches. This represents a 34% increase over last year’s report and is driven in part by the zero-day exploitation of VPN and edge device vulnerabilities – asset classes that tradit...

CVSS: MEDIUM (6.0)

Source: Tenable Blog
April 23rd, 2025 (19 days ago)
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack
Description: Thousands of students, teachers and administrators had information stolen from the Baltimore City Public Schools system during a ransomware attack in February.
Source: The Record
April 23rd, 2025 (20 days ago)
Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558
Description: The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.
Source: Dark Reading
April 22nd, 2025 (20 days ago)
DeepSeek Breach Opens Floodgates to Dark Web
Description: The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
Source: Dark Reading
April 22nd, 2025 (20 days ago)
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Description: Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
Source: TheHackerNews
April 22nd, 2025 (20 days ago)