Cisco Battles Critical Zero-Day as Massive Breaches at Conduent &amp; Canadian Tire Expose 63M+

Canadian Tire Confirms 38 Million Customer Accounts Compromised in Massive Data Breach Stemming from Cloud Misconfiguration

Retail giant Canadian Tire has confirmed that a data breach discovered in October 2025 compromised the personal information of over 38 million customer accounts. The incident, which affected e-commerce databases for brands including Canadian Tire, SportChek, and Mark's, was caused by a misconfigured cloud environment. Exposed data includes names, addresses, emails, phone numbers, and, for a subset of users, dates of birth and partial credit card information. While the company states the encrypted passwords (PBKDF2 hashes) and partial card data are not directly usable for fraud, the scale of the breach poses a significant risk of phishing and identity-related scams.

Cloud MisconfigurationVulnerability ManagementPIPEDAE-commercePBKDF2

Cloud Misconfiguration at Canadian Tire Exposes 38 Million Customer Accounts

Middle East Cyber Conflict Escalates Following Military Strikes on Iran

U.S.-Israel Strikes on Iran Trigger Wave of Retaliatory Cyberattacks Across Middle East

Coordinated military strikes against Iran on February 28, reportedly involving the U.S. and Israel, have ignited a significant escalation in cyber warfare across the Middle East. Security firms have issued heightened threat advisories, warning of disruptive attacks from state-aligned actors and hacktivists. Pro-Iran groups, such as 'Handala Hack,' have launched DDoS attacks, defacements, and data leak campaigns targeting government, aviation, and financial sectors in Israel and other regional nations. The conflict has also severely disrupted civil aviation, with hundreds of flights cancelled amid safety concerns.

GeopoliticsHacktivismDDoSDefacementWiper Malware

Middle East Cyber Conflict Escalates Following Military Strikes on Iran

Coupang Reports $26M Loss, Blames 34M-Customer Data Breach for Fallout

Coupang's Financials Hit by 2025 Data Breach, Resulting in Q4 Loss and Customer Churn

South Korean e-commerce giant Coupang has reported a net loss of $26 million for Q4 2025, a sharp reversal from a profit a year earlier. The company directly attributes the poor financial performance and a miss on revenue estimates to the fallout from a November 2025 data breach that compromised the personal information of 34 million customers. The incident led to a decline in active customers, increased churn in its membership program, and forced the company to pledge $1.2 billion in customer compensation, resulting in negative free cash flow. The disruption is expected to continue into early 2026.

Insider ThreatFinancial ImpactE-commerceCustomer TrustData Governance

Coupang Reports $26M Loss, Blames 34M-Customer Data Breach for Fallout

UH Cancer Center Pays Ransom After Breach Exposes Data of 1.24 Million People

University of Hawaiʻi Cancer Center Discloses Ransomware Attack Impacting 1.24 Million Individuals

The University of Hawaiʻi (UH) Cancer Center has disclosed a major data breach stemming from a ransomware attack in August 2025. The incident compromised the sensitive personal information of approximately 1.24 million people, including Social Security numbers and historical voter registration and driver's license data used for research. The affected data was stored on servers in the Epidemiology Division and did not impact patient care systems. Due to the extent of the encryption, UH confirmed it paid a ransom to the unidentified attackers to obtain a decryption tool and an affirmation that the exfiltrated data was destroyed.

Ransom PaymentPIISSNHIPAAHigher Education

UH Cancer Center Pays Ransom After Breach Exposes Data of 1.24 Million People

Indian Chief Justice: Forensic Science is a 'Protective Shield' Against Digital Crime

INFORMATIONAL

Chief Justice of India Surya Kant Emphasizes Critical Role of Forensic Science in the Digital Age

Speaking at the National Forensic Sciences University, Chief Justice of India (CJI) Surya Kant described forensic science as an essential "protective shield" for the justice system in the face of complex digital crimes. He highlighted that threats like cyber intrusions, digital fraud, and transnational data crimes are challenging traditional investigation methods. The CJI stressed that the integrity of justice depends on verifiable, fact-based evidence provided by ethically-guided forensic analysis, warning that scientific analysis "cannot exist in a moral vacuum."

Digital ForensicsLegalJudiciaryCybercrime LawDigital Evidence

3 min read

Indian Chief Justice: Forensic Science is a 'Protective Shield' Against Digital Crime

India Risks Trading 'Autonomy for Efficiency' with Foreign AI, Warns Ex-Diplomat

INFORMATIONAL

Former Indian Foreign Secretary Nirupama Rao Warns Against Reliance on 'Borrowed Algorithms'

At the Asia Economic Dialogue, former Indian foreign secretary Nirupama Rao warned that India risks losing its national autonomy if it becomes overly dependent on foreign-developed artificial intelligence. She argued that relying on "borrowed algorithms" might increase efficiency at the cost of sovereignty. Rao identified AI, semiconductors, and cybersecurity as critical "sovereignty platforms" where India must build its own mastery to secure its national interests in a turbulent global environment and avoid vulnerabilities from concentrated supply chains.

Technological SovereigntyAI PolicyGeopoliticsSemiconductorsNational Security

4 min read

India Risks Trading 'Autonomy for Efficiency' with Foreign AI, Warns Ex-Diplomat

Indian Banks Embrace AI to Combat 1.4 Million Annual Cyberattacks

MEDIUM

Indian Banking Sector Adopts AI for Fraud Detection as Cyberattacks Mount

Leaders in India's banking sector are turning to Artificial Intelligence (AI) as a strategic defense against a rising tide of cyber threats, estimated at 1.4 million attacks annually. Executives highlighted that AI is crucial for fraud detection, cost reduction, and superior risk management in underwriting. Global banks like Bank of America and JP Morgan Chase are cited as examples of successful AI implementation. The push for AI adoption coincides with a broader digital transformation in the sector, including a new government dashboard for real-time oversight and a focus on using vast data reserves for hyper-personalized customer services.

AIFraud DetectionBankingRisk ManagementDigital Transformation

4 min read

Indian Banks Embrace AI to Combat 1.4 Million Annual Cyberattacks

Statamic CMS Flaw (CVE-2026-28423) Enables Cloud Credential Theft via SSRF

MEDIUM

Server-Side Request Forgery (SSRF) Vulnerability in Statamic CMS Poses Risk to Cloud Infrastructure

A Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-28423, has been disclosed in the Statamic content management system. The flaw, which has a CVSS score of 6.8, exists in the Glide image manipulation feature. An unauthenticated attacker can exploit it to force the server to make HTTP requests to internal network services or, more critically, to cloud metadata endpoints. This could allow an attacker to steal sensitive cloud credentials (e.g., from an AWS EC2 instance), leading to a full compromise of the underlying cloud infrastructure. Users are advised to patch or reconfigure the feature to prevent abuse.

SSRFCMSCloud SecurityAWSIMDS

Statamic CMS Flaw (CVE-2026-28423) Enables Cloud Credential Theft via SSRF

Updated Articles (3)

Patch Released for "ClawJacked" WebSocket Hijacking Flaw in OpenClaw AI Agent

Patch Shipped for "ClawJacked" WebSocket Hijacking Vulnerability in OpenClaw AI Agent

Update:

Further details have emerged regarding the 'ClawJacked' vulnerability in the OpenClaw AI agent. A new patch, version 2026.2.25, has been released, superseding the previously mentioned version. This update explicitly clarifies that the flaw allows malicious websites to bypass password protection when hijacking a local AI agent via WebSocket. The vulnerability was publicly disclosed by Oasis Security, highlighting the critical need for users to update to the latest patched version to prevent unauthorized control and potential data exfiltration from connected enterprise systems.

February 15, 2026

Updated: March 1, 2026

OpenClawClawJackedWebSocketVulnerabilityHijacking +1 more

Patch Released for "ClawJacked" WebSocket Hijacking Flaw in OpenClaw AI Agent

Conduent Data Breach Impact Explodes to 25 Million Americans, Safepay Ransomware Blamed

CRITICAL

Conduent Breach Victim Count Surges to Over 25 Million, Affecting Nationwide Government Services

Update:

The Conduent data breach, attributed to Safepay ransomware, now confirms additional affected clients including Humana and Volvo Group North America, expanding the scope beyond Blue Cross Blue Shield. New technical analysis provides a comprehensive list of likely MITRE ATT&CK techniques, such as T1190 for initial access and T1041 for exfiltration. Crucially, the update introduces specific cyber observables for detection, including monitoring Windows Security Event Logs for anomalous logons, 'vssadmin.exe' commands, and unusual outbound network traffic patterns. This enhances understanding of the attack's methodology and provides actionable intelligence for defenders.

February 26, 2026

Updated: March 1, 2026

6 min read

ConduentData BreachSafepayRansomwarePII +2 more

Conduent Data Breach Impact Explodes to 25 Million Americans, Safepay Ransomware Blamed

Cisco Scrambles to Patch Critical SD-WAN Zero-Day Exploited for Months

CRITICAL

Cisco Patches Critical Authentication Bypass Flaw (CVE-2026-20127) in Catalyst SD-WAN After Months of Active Exploitation

Update:

Cisco has updated its patching guidance for CVE-2026-20127, now recommending version 20.9.1 or later for all affected Catalyst SD-WAN Manager instances, superseding previous specific branch recommendations. The critical CVSS 10.0 zero-day, actively exploited by UAT-8616 since 2023, allows unauthenticated attackers to gain full admin access, often chained with CVE-2022-20775 for root. New details reveal attackers are also deleting logs (T1070.003) post-compromise to erase their tracks, emphasizing the need for immediate patching and thorough post-incident forensics.

February 27, 2026

Updated: March 1, 2026