Cybersecurity 101
Incident Response: The Complete Guide
A complete guide to incident response — the six-phase lifecycle, the response team, plans and playbooks, frameworks, and the practices that limit breach damage.
Data Breaches
Trump Mobile Confirms Third-Party Platform Exposed Customer Names, Addresses, Phone Numbers
Trump Mobile confirmed customer names, email and mailing addresses, phone numbers, and order identifiers were exposed to the open internet via a third-party platform provider, and said it is still evaluating whether it must notify affected customers.
Policy & Government
'The Worst Leak I've Witnessed': CISA Contractor Left AWS GovCloud Admin Keys on Public GitHub for Six Months
GitGuardian discovered a public GitHub repo named 'Private-CISA' holding 844 MB of plaintext passwords, AWS GovCloud admin tokens, and Entra ID SAML certs belonging to CISA — public since November 2025. The Nightwing contractor engineer manually disabled push-protection.
Data Breaches
NYC Health + Hospitals Just Lost 1.8 Million People's Fingerprints in a Third-Party Breach
NYC Health + Hospitals confirmed an intrusion through an unnamed third-party vendor exposed personal and medical data of at least 1.8 million individuals, including stolen biometric fingerprint records. The first major US public-hospital disclosure to confirm biometric loss.
Data Breaches
Cerner Discovered the Breach in February 2025. Atrium Health Patients Found Out 15 Months Later
Cerner discovered the breach in February 2025. Atrium Health patients only learned this week. The 15-month gap — across 16 health systems through one Oracle-owned vendor — is the year's clearest HIPAA business-associate accountability test.
Data Breaches
Comcast's $117.5M Xfinity Settlement Puts a Price Tag on Citrix Bleed — $10K Per Customer
Comcast just agreed to write a $117.5 million check over a vulnerability it didn't write. The Xfinity settlement is the first major Citrix Bleed bill to come due — the precedent it sets for shared customer-vendor liability is the part defenders should read twice.
Cyber Attacks
Foxconn Hit by Nitrogen Ransomware — 11M Files Across Apple, NVIDIA, Google
Foxconn confirmed a cyberattack on its North American factories. Nitrogen ransomware claims 8TB and 11M+ files including Apple, NVIDIA, Google, Intel, and Dell project documentation. Mount Pleasant AI server factory was offline for a week.
Data Breaches
Odido Refuses to Compensate 6.2M Breach Victims After ShinyHunters Attack
Odido's CEO confirmed May 12 that the Dutch telecom will not compensate 6.2 million ShinyHunters breach victims. Dutch prosecutors are investigating whether the company retained data beyond GDPR limits. The CRM compromise pattern matches the broader ShinyHunters Salesforce campaign.
Critical Infrastructure
Ransomware Forces West Pharmaceutical to Take Global Systems Offline
West Pharmaceutical Services disclosed a disruptive ransomware attack via SEC Form 8-K on May 7, took global systems offline, and engaged Palo Alto Unit 42. The pharma-packaging CI adjacency just became a documented sector risk.
Policy & Government
GM Just Paid $12.75M for Selling Driver Data It Shouldn't Have Kept
California AG Bonta announced a $12.75M civil penalty against GM and OnStar for selling driver data to data brokers 2020-2024. Largest CCPA penalty ever; first data minimization enforcement.
shinyhunters
Instructure Paid the Ransom. Congress Just Opened an Investigation.
Instructure paid ShinyHunters on May 11 to delete 3.65TB from 8,809 schools. Congress opened an investigation the same day. The vendor-paid-ransom precedent for SaaS is now set.
Critical Infrastructure
South Staffordshire Water Just Got Fined Nearly 1 Million Pounds for a Cl0p Attack Hackers Hid In for 20 Months
The ICO fined South Staffordshire Water nearly GBP 1 million over a Cl0p attack that exposed 633,887 records. Hackers sat undetected for 20 months. Only 5 percent of the IT environment was monitored.