Iron Mountain: Data breach mostly limited to marketing materials
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. Headquartered in Portsmouth, New Hampshire, and founded in 1951, Iron Mountain specializes in data centers and records management, and has over 240,000 customers worldwide from more than 61 countries, including 95% of the Fortune 1000. READ MORE...
Coinbase confirms insider breach linked to leaked support tool screenshots
Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December. "Last year our security team detected that a single Coinbase contractor improperly accessed customer information, impacting a very small number of users (approximately 30)," a Coinbase spokesperson told BleepingComputer. READ MORE...
Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations
The information of more than a quarter (28%) of Mexico's population may be at risk following the leak of 2.3TB of data online by a hacktivist group, but Mexico's cybersecurity and digital-technology agency, the Agencia de Transformación Digital y Telecomunicaciones (ATDT), downplayed the significance of any potential compromise. On Jan. 30, a hacking collective known as the Chronus Group reportedly posted documents and data from at least 25 different government institutions in Mexico. READ MORE...
CISA updated ransomware intel on 59 bugs last year without telling defenders
On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem. "Frustrated" by the agency failing to notify defenders when key pieces of intel change, Glenn Thorpe, senior director of security research and detection engineering at GreyNoise, counted the number of missed opportunities to potentially stop ransomware attacks last year. READ MORE...
Dark Patterns Undermine Security, One Click at a Time
Cookie banners with a "no reject" option. Free trial subscriptions that are absurdly difficult to cancel. Hidden refund options. Misleading email access requests. The list of dark patterns - deceptive user interface designs that toe the line between malicious and benign - grows longer by the year. Organizations plaster dark patterns across their websites as a marketing tactic or to enhance the user experience. READ MORE...
Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks
Cybersecurity firms have analyzed the AI agent social network Moltbook and found a vulnerability exposing sensitive data, as well as malicious activity conducted by the bots. Moltbook emerged following the launch of OpenClaw (previously Clawdbot and Moltbot), an open source, self-hosted AI agent that can autonomously perform a wide range of activities, from executing terminal commands to sending emails. READ MORE...
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as "LookOut," affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path to system takeover or access to sensitive corporate data. The most critical discovery, a RCE chain, allows an attacker to take full control of a Looker server by running their own malicious commands remotely. READ MORE...
Ivanti's EPMM is under active attack, thanks to two critical zero-days
Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls. The vulnerabilities - CVE-2026-1281 and CVE-2026-1340 - each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti Endpoint Manager Mobile (EPMM). READ MORE...
DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft
A critical-severity bug in Docker's Ask Gordon AI assistant can be exploited to compromise Docker environments, cybersecurity firm Noma Security warns. Named DockerDash, the bug exists in the MCP Gateway's contextual trust, where malicious instructions injected into a Docker image's metadata labels are forwarded to the MCP and executed without validation. An attacker can embed malicious instructions in the metadata fields of a Docker image. READ MORE...
- ...in 1789, George Washington is unanimously elected the first president of the United States by the U.S. Electoral College.
- ...in 1818, businessman Joshua Abraham Norton, who later proclaimed himself as "Norton I, Emperor of the United States" while living in San Francisco, is born in Kent, England.
- ...in 1940, filmmaker George A. Romero, who directed the original 1968 "Night of the Living Dead" as well as other horror classics, is born in New York City.
- ...in 1948, musician Vincent Furnier, AKA '70s rock icon Alice Cooper ("School's Out", "I'm Eighteen"), is born in Detroit, MI.
