Back to articles

Tag archive

#cloudsecurity

U
Jul 16, 2026

Unpatched Claude for Chrome Flaws Expose Gmail, Google Docs Data

Two unpatched vulnerabilities in Anthropic's 'Claude for Chrome' extension could allow a second, malicious extension to access and exfiltrate a user's Google Workspace data, including Gmail, Docs, and Calendar. The flaws, which exploit the extension's trust model by allowing a script to trigger actions without genuine user consent, were reported in May but persist in the latest version. The risk is highest for users who have enabled the 'Act without asking' feature, which could allow for silent data theft.

Jul 16, 20264 min read0 reactions0 comments
A
Jul 15, 2026

AsyncAPI Supply Chain Attack Delivers Miasma RAT via NPM

A sophisticated supply chain attack has compromised several official AsyncAPI npm packages. Attackers gained push access to the project's GitHub 'next' branch, using the legitimate CI/CD pipeline to publish malicious versions containing the Miasma RAT. This technique bypassed typical defenses by using valid npm OIDC provenance attestations, highlighting significant risks in modern software development workflows. The Miasma RAT payload affects Windows, macOS, and Linux systems, posing a threat to developer environments and downstream applications.

Jul 15, 20264 min read0 reactions0 comments
E
Jul 18, 2026

EY Data Breach Linked to Compromised Third-Party IT Platform

Global professional services firm Ernst & Young (EY) has disclosed a data breach that occurred via a compromised third-party IT service management platform. Between March and April 2026, an unauthorized actor gained access to the system and downloaded documents containing sensitive personal and financial data from client tax support tickets. EY has secured the platform and notified authorities, but the full number of affected clients has not been disclosed.

Jul 18, 20263 min read0 reactions0 comments
2
Jul 18, 2026

23andMe Settles with 43 States for $18M After Data Breach

Genetic testing company 23andMe has agreed to an $18 million bankruptcy settlement with 43 U.S. states, including Pennsylvania, over a massive data breach discovered in October 2023. The breach, which impacted nearly 7 million customers, was attributed to credential stuffing attacks that succeeded due to poor security practices, such as a lack of mandatory multi-factor authentication (MFA). The settlement holds the company accountable for its security failures.

Jul 18, 20263 min read0 reactions0 comments
N
Jul 17, 2026

New Security Products Address Emerging Threats

This week saw the launch of several new security products aimed at addressing emerging enterprise threats. Polygraf AI introduced 'Meeting Guard' for real-time deepfake detection in video meetings. Nudge Security released capabilities to automate the discovery and remediation of risky OAuth grants and browser extensions. Lineation.ai launched a Zero Trust platform to secure autonomous AI agents at runtime. Finally, Cloudflare made its 'Precursor' bot management engine generally available, which uses in-browser behavioral analysis to stop advanced bots.

Jul 17, 20263 min read0 reactions0 comments