Aggregator

Conduent Says Hack Now Affects at Least 25 Million Patients

DataBreachToday.com
2 months ago
State Officials Investigating Breach of Back-Office Services Provider Found in 2025
The victim count in the 2024 hack on back-office support services vendor Conduent Business Services has just ballooned again, with the Xerox-spinoff now reporting to Wisconsin regulators that the incident affected "25 million-plus" people nationwide.

Feds Scramble Amid Shutdown to Secure Cisco SD-WAN Systems

DataBreachToday.com
2 months ago
Emergency CISA Directive Lands as DHS Shutdown Strains Cyber Operations
The Cybersecurity and Infrastructure Security Agency issued a directive Wednesday ordering civilian agencies to secure and hunt for compromise in vulnerable Cisco SD-WAN systems after officials observed active exploitation - while warning that shutdown-related disruptions heighten operational risk.

Marquis Sues SonicWall Over 2025 Firewall Data Breach

DataBreachToday.com
2 months ago
Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis
Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.

CVE-2026-2677 | A3factura Web Platform 4.111.2-rev.1 representatives-management Name cross site scripting (EUVD-2026-8849)

Vuldb Updates
2 months ago
A vulnerability identified as problematic has been detected in A3factura Web Platform 4.111.2-rev.1. Impacted is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/representatives-management. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability is cataloged as CVE-2026-2677. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-2678 | A3factura Web Platform 4.111.2-rev.1 on A3factura customers Name cross site scripting (EUVD-2026-8850)

Vuldb Updates
2 months ago
A vulnerability labeled as problematic has been found in A3factura Web Platform 4.111.2-rev.1 on A3factura. The affected element is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/customers. Executing a manipulation of the argument Name can lead to cross site scripting. This vulnerability is registered as CVE-2026-2678. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2026-2679 | A3factura Web Platform 4.111.2-rev.1 salesInvoices customerName cross site scripting (EUVD-2026-8851)

Vuldb Updates
2 months ago
A vulnerability marked as problematic has been reported in A3factura Web Platform 4.111.2-rev.1. The impacted element is an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/salesInvoices. The manipulation of the argument customerName leads to cross site scripting. This vulnerability is documented as CVE-2026-2679. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2026-2680 | A3factura Web Platform 4.111.2-rev.1 salesDeliveryNotes customerVATNumber cross site scripting (EUVD-2026-8852)

Vuldb Updates
2 months ago
A vulnerability described as problematic has been identified in A3factura Web Platform 4.111.2-rev.1. This affects an unknown function of the file a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes. The manipulation of the argument customerVATNumber results in cross site scripting. This vulnerability is reported as CVE-2026-2680. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-2244 | Google Cloud Vertex AI Workbench prior 01/30/2026 information disclosure (EUVD-2026-8853 / WID-SEC-2026-0541)

Vuldb Updates
2 months ago
A vulnerability was found in Google Cloud Vertex AI Workbench and classified as problematic. This vulnerability affects unknown code. The manipulation results in information disclosure. This vulnerability was named CVE-2026-2244. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

Analysis: Root Cause of Most Security Incidents Traced to Unpatched Firewalls

Security Boulevard
2 months ago

An analysis of more than two trillion IT events collected during 2025 by Barracuda Networks finds 90% of ransomware incidents exploited firewalls via unpatched software or a vulnerable account that enables cybercriminals to gain access to an IT environment. Merium Khalid, director of offensive security for the security operations center (SOC) at Barracuda Networks, said..

The post Analysis: Root Cause of Most Security Incidents Traced to Unpatched Firewalls appeared first on Security Boulevard.

Michael Vizard

Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security

Security Boulevard
2 months ago

When Microsoft confirmed that a bug allowed Copilot to surface and summarize emails marked confidential despite existing DLP controls, it reignited urgent questions about Microsoft Copilot security, DLP bypass risk and enterprise AI data protection. The reaction was immediate.

For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it was a recognition of some exposure risks they were very much aware of.

AI assistants like Microsoft Copilot do not invent risk. They illuminate it. In this case, the Copilot DLP bypass highlighted a deeper enterprise AI security issue: data trust across Microsoft 365 and SaaS environments is not where it needs to be.

Copilot is easy to adopt. It integrates seamlessly into the Microsoft ecosystem. It promises productivity gains without heavy infrastructure changes. For organizations under pressure to move quickly into an AI-enabled future, enabling it feels natural and even necessary.

The controls were in place. The Microsoft 365 tenant was secured. DLP policies were configured.

Yet speed has a cost.

In the rush to capture AI value, many teams did not fully evaluate how sensitive data was classified, how permissions had expanded over time or how enforcement behaved under new AI-driven access patterns. What this moment exposed was not a single bug, but a broader condition: structural data fragility.

Over years, sensitive data sprawl, permission creep and incomplete classification quietly compound. The environment remains operational. Compliance boxes are checked. But structural risk accumulates beneath the surface, largely invisible until AI begins operating across it at scale.

How did the Microsoft Copilot DLP bypass reveal a data trust gap?

AI operates at machine speed. It searches, correlates and summarizes across vast volumes of content in seconds. If sensitive information is accessible within the environment, it will surface.

The core issue is not simply that Copilot bypassed DLP controls. The deeper issue is that protection depends on trust in your data foundation. Trust that you know what is sensitive, that it is accurately classified and that policies are enforced consistently across the estate.

Without that trust, controls become fragile.

For years, unstructured data has multiplied across cloud drives, SaaS, collaboration platforms and email systems. Files were shared. Access was granted. Exceptions were made. Policies were written but rarely continuously validated.

AI did not create this complexity. It revealed it.

Are AI copilots exposing hidden DLP gaps and data exposure risks?

This event may not be the last headline of its kind.

As organizations move quickly toward AI copilots, GenAI applications and agentic workflows, new edge cases will emerge. AI interacts with data differently than humans do. It traverses context. It aggregates at scale. It tests the boundaries of policy enforcement.

Unless data trust is embedded across the entire data estate, discovery, classification, detection, remediation, policy orchestration and prevention working in concert, similar exposures are a very real possibility for any company.

This is not a failure of innovation. It is a reminder that innovation amplifies whatever foundation it sits upon.

Is Microsoft ecosystem security enough without a strong data foundation?

Many leaders assumed that operating inside a trusted vendor ecosystem meant they were inherently protected. Platform security is critical, but it cannot compensate for incomplete visibility into your own data landscape. AI exposes the difference between compliance and confidence.

Compliance asks, "Do we have DLP rules?"

Confidence states, "We truly understand what matters across our data estate."

Data trust means:

  • Continuously discovering sensitive data wherever it lives
  • Accurately classifying it with business context
  • Monitoring how it is accessed and used
  • Detecting anomalous behavior in real time
  • Remediating risk automatically and consistently
  • Preventing data leaks and enforcing policies without relying on manual intervention

When these elements operate together, AI becomes an accelerator. When they do not, AI becomes a magnifier of existing gaps.

How can organizations build data trust and achieve DLP at AI speed?

The Copilot story should not drive panic. It should drive reflection and action.

Organizations deserve to securely innovate at the speed of AI.

Data trust is not a feature, it's an architectural commitment. It requires moving beyond static rules and fragmented tools toward a unified approach that continuously understands, prioritizes and protects what matters most.

This is where modern, AI-native data security platforms like MIND play a critical role.

MIND was built to establish data trust at scale and deliver Stress-Free DLP. It continuously discovers sensitive data and enables on-demand classification across SaaS, on-premise file shares, endpoints, emails and emerging AI tools, so protection keeps pace with change. It applies context-aware detection, prioritizes real risk and automates remediation to reduce noise and remove manual toil. The result is DLP on Autopilot, an intelligent system that understands your business and protects what matters without slowing it down.

When data trust is embedded across your environment, AI initiatives are no longer a source of uncertainty and exposure risk. They become sustainable, measurable and defensible.

Security and AI innovation do not have to compete.

But without data trust, they will.

The future of enterprise AI security will belong to organizations that move fast, thoughtfully, with clarity about what matters and confidence in how Microsoft Copilot, DLP controls and data trust are continuously protected.

The post Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security appeared first on Security Boulevard.

Samuel Hill, Product Marketing at MIND

CVE-2026-3287 | youlaitech youlai-mall 2.0.0 App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sortField/sort sql injection

VulDB Recent Entries
2 months ago
A vulnerability has been found in youlaitech youlai-mall 2.0.0 and classified as critical. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. This vulnerability is known as CVE-2026-3287. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad