breach

The Infrastructure House of Cards: Vercel, cPanel, and Outsourced Risk

John Z Black May 1, 2026

Incidents & Breaches #cPanel #Vercel #managed-hosting #breach #supply-chain

Managed hosting is great until it isn't. This week cPanel got bypassed, Vercel leaked 100,000 .env secret files, and Virtualizor handed over the keys to your VPS.

The End of Optional Security: Snowflake and the Global ID Fallout

John Z Black Apr 22, 2026

Privacy & Digital Rights #mfa #snowflake #identity #breach #france #canada-life #saas-security

Snowflake is making MFA mandatory for all new users this May. It is a massive policy shift that marks the end of the choice to be insecure in a high-risk world.

Europe's Week: Fining Musk's AI, Rejecting Surveillance Powers, and Getting Hacked

John Z Black Mar 28, 2026

Policy, Law & Governance #eu #xai #grok #csam #european-commission #dutch-police #privacy #ai-regulation #breach #netherlands

In 48 hours, Europe fined xAI's Grok, voted to let CSAM scanning expire, had its Commission cloud breached, and watched its police force get phished.

The Hack That Broke the Promise of Anonymity: 8 Million Crime Tips Stolen from P3 Intel

John Z Black Mar 27, 2026

Incidents & Breaches #breach #law-enforcement #privacy #civic-security

P3 Global Intel, which powers Crime Stoppers tip lines worldwide, was hacked. 8 million anonymous tips are now in criminal hands. The parent company still hasn't confirmed a thing.

Hackers Claim an AstraZeneca Breach. Here's What We Know (Which Isn't Much Yet).

John Z Black Mar 25, 2026

Incidents & Breaches #astrazeneca #lapsus #breach #credentials #unverified

Lapsus$ is claiming they stole 3GB of AstraZeneca data including source code and credentials. AstraZeneca hasn't responded. Nothing's been independently verified. Here's why it's still worth watching.

Breach Disclosure Lag Is Becoming the Real Story in Financial Supply Chains

John Z Black Mar 18, 2026

Incidents & Breaches #breach #financial-services #third-party-risk #disclosure #ransomware #governance #incident-response

The Marquis breach started with a ransomware attack. The damage is still accumulating months later -- not because of what happened technically, but because of how disclosure was handled.

Four Major Companies Still Won't Talk About the Oracle EBS Breach

John Z Black Mar 17, 2026

Policy, Law & Governance #oracle #cl0p #breach #disclosure #governance #sec #enterprise-risk

Broadcom, Bechtel, Estee Lauder, and Abbott Technologies got named in the Cl0p Oracle EBS breach. None have said a word. The silence is becoming its own problem.

Telus Digital Got Breached and Nobody's Talking About What They Actually Handle

John Z Black Mar 13, 2026

Data Breach #telus #breach #outsourcing #ai-training-data #enterprise-risk #canada #third-party

Telus Digital confirmed a data breach after a hacker claimed one petabyte of stolen data. The petabyte number is probably inflated. The real story is what Telus Digital handles on behalf of major enterprise clients.

Your Vendors Got Hacked: Supply Chain Breaches Keep Piling Up

John Z Black Mar 10, 2026

Breaches & Incidents #supply-chain #salesforce #shinyhunters #healthcare #cognizant #trizetto #ericsson #breach

ShinyHunters hit 400 companies through Salesforce misconfigs. Cognizant lost 3.4 million patient records. Ericsson got popped via a vendor. The supply chain is the perimeter now, and it's breaking.