The Conduent breach; from 10 million to 25 million (and counting)

The Conduent breach has quietly grown into one of the biggest third‑party data incidents in US history, and the real story now is how many different programs and employers are swept up in it, even for people who have never heard of Conduent. When we first covered this incident, public filings...

CVE-2026-27652

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-03 2026-03-03 00:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mg4jt2ljdh2x...

CVE-2026-20902

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 2026-02-27 02:54:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfspi5h6ck2n 2026-02-27 06:19:35+00:00| seen|...

CVE-2026-21660

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01 2026-02-27 13:18:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mftsdysdkq27 2026-03-02 19:01:51+00:00| seen|...

Accelerate Digital Service Delivery in Government Agencies

...

CVE-2025-67752

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

EUVD-2025-208104

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

CVE-2025-67752

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

PT-2026-21816

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR’s HTTP client wrapper oeHttp/oeHttpRequest has a default setting that disables SSL/TLS certificate verification verify: false. This makes all external HTTPS connections susceptible to...

Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files

The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data...

Cloud Based WAF Upload Scan and Control: The New Standard for File Upload Security

We're excited to announce the launch of Upload Scan and Control, an essential new feature for Imperva Cloud WAF. This add-on tackles one of the most critical vulnerabilities facing web applications today—insecure file uploads—offering protection with scalability, simplicity, and enterprise-grade...

Age verification vendor Persona left frontend exposed, researchers say

Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short whil...

The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring

In the second part of our series, we dive into Proactive Risk Management. Discover how Wiz for U.S. Government automates visibility and prioritizes risk remediation to meet FedRAMP continuous monitoring requirements without slowing down innovation...

CVE-2026-22885

creationtimestamp| type| source ---|---|--- 2026-02-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-01...

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover DTO attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activit...

STERNBERG SD.NET RIM 跨站请求伪造漏洞

STERNBERG SD.NET RIM is a government affairs integration system developed by the British company STERNBERG. Versions of STERNBERG SD.NET RIM prior to 4.7.3c contained a cross-site request forgeing vulnerability. This vulnerability allowed attackers to inject malicious SQL statements through POST...

Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities

We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls...

CERTFR-2026-ACT-007

creationtimestamp| type| source ---|---|--- 2026-02-16 12:45:50+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mey3eubk2s26 2026-02-16 12:45:54+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116080374524280085 2026-02-16 12:59:54+00:00| seen|...

Applying Public Health Systematic Approaches to Cybersecurity: The Economics of Collective Defense

The U.S. public health system increased life expectancy by more than 30 years since 1900 through systematic data collection, evidence-based intervention, and coordinated response. This paper examines whether cybersecurity can benefit from similar organizational principles. We find that both domai...