1. LastPass Confirms Customer Data Stolen in Klue Supply Chain Breach LastPass disclosed that the Icarus extortion group used OAuth tokens stolen in a supply chain attack against market-intelligence vendor Klue to access customer records within its Salesforce environment. Exposed data included names, phone numbers, email and physical addresses, and support case records, though LastPass […]
What a Nonprofit Needs to Know About Cyber Security in 2026
Last winter, a nonprofit food pantry director in a town of about 6,000 people called me after what could have been a very bad week. Someone had impersonated her board chair in an email and asked the bookkeeper to transfer $4,200 to a new account. The bookkeeper, who works two jobs and answers emails between […]
Cyber Security Weekly: Top 5 News Stories for the Week of June 15th
1. Cisco Catalyst SD-WAN Manager zero-day under active exploitation (CVE-2026-20245). Attackers are actively exploiting a privilege-escalation flaw in Cisco Catalyst SD-WAN Manager that lets an authenticated local user upload a crafted file and execute commands as root. At the time of writing, no patch is available, leaving network operators dependent on access controls and monitoring. […]
Why Our K-12 Schools Sit on the Front Line of Cyber Crime
A few years ago, I sat across from a senior statewide school administrator, a man whose decisions shaped policy for K-12 schools across the Commonwealth, and explained, plainly, that schools are targets for cyber criminals. He would not have it. Schools, he told me, had nothing a criminal would want. No money to speak of, […]
Cyber Security Weekly: Top 5 Cybersecurity News Stories for the Week of June 8–14, 2026
1. ShinyHunters Exploit Oracle PeopleSoft Zero-Day to Breach Universities (CVE-2026-35273) A critical, unauthenticated remote code execution flaw (CVSS 9.8) in Oracle PeopleSoft PeopleTools was exploited in the wild as a zero-day between May 27 and June 9, roughly two weeks before Oracle’s out-of-band advisory. Mandiant attributed the campaign to the financially motivated group UNC6240 (ShinyHunters), […]
Incident Response: How to Survive Ransomware
Incident response (IR): iAn organization’s structured approach to detecting, managing, and recovering from cybersecurity threats and data breaches aims to limit attack damage, minimize business disruption, and prevent future incidents. The owner of a family-run building supply company in a Kentucky town of about nine thousand got to the store a little before seven. She […]