06 Feb 2026
By Mary

InfoSec News Nuggets 02/06/2026

Data breach at govtech giant Conduent balloons, affecting millions more Americans A previously disclosed ransomware incident involving Conduent is now believed to impact far more people than initially reported, potentially reaching into the tens of millions. Reporting cites revised impact figures including at least 15.4M affected in Texas and 10.5M in Oregon, plus additional notifications across multiple states. The exposed data reportedly includes names, Social Security numbers, medical data, and health insurance information. The company…
Read More
09 May 2025
By Mary

InfoSec News Nuggets 5/9/2025

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an…
Read More
06 Nov 2024
By Mary

InfoSec News Nuggets 11/06/2024

Cisco notifies ‘limited set’ of customers after hacker accessed non-public files  Cisco said it has notified a limited set of customers about files that were accessed by a hacker during an incident announced in October. The tech giant has repeatedly denied that it suffered a breach but said on October 18 its investigation into the incident revealed that a threat actor downloaded data on a public-facing DevHub environment — a platform the company uses to make software code, scripts and…
Read More
16 Oct 2024
By Mary

InfoSec News Nuggets 10/16/2024

Gmail Scam Alert: Hackers Spoof Google to Steal Credentials Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for malicious actors seeking to infiltrate accounts and pilfer sensitive data. Sam Mitrovic, an expert on Microsoft security products and the founder of CloudJoy, a Power Platform consultancy, recently sounded the alarm regarding an exceptionally sophisticated, AI-augmented…
Read More
22 Aug 2024
By Mary

InfoSec News Nuggets 8/22/2024

Post-Quantum Cryptography set to revolutionise digital security Post-Quantum Cryptography (PQC) is poised to redefine the very foundation of digital security by addressing threats posed by advancements in quantum computing. Recently, the National Institute of Standards and Technology (NIST) finalised a principal set of encryption algorithms designed to withstand cyberattacks from quantum computers. This significant step prompts organisations to reconsider their approaches to cybersecurity. According to the Australian Signals Directorate (ASD), which monitors NIST developments to…
Read More
17 Oct 2023
By Mary

InfoSec News Nuggets 10/17/2023

Equifax Fined $13.5 Million Over 2017 Data Breach  The British watchdog Financial Conduct Authority (FCA) on Friday announced that it has fined Equifax Ltd, the UK arm of credit reporting firm Equifax Inc, more than £11 million (approximately $13.5 million) over the massive 2017 data breach. Roughly 147 million people were impacted by the incident, including 13.8 million UK consumers, after hackers gained access to Equifax servers in the US. In 2020, the US government indicted four…
Read More
12 Sep 2022
By Mary

InfoSec News Nuggets 09/12/2022

EU to introduce strict IoT security regulation The EU is set to introduce a law that would require smart devices to follow strict cyber security rules, on threat of a device ban. Internet of Things (IoT) devices such as smart home controls or fitness trackers are becoming more ubiquitous, making life more convenient while also increasing the vectors through which threat actors can perpetrate cyber crime. The proposal, which Reuters reports is titled the Cyber Resilience Act, will…
Read More
21 Dec 2020
By Mary

InfoSec News Nuggets 12/21/2020

Nuclear weapons agency breached amid massive cyber onslaught The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, officials directly familiar with the matter said. On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by…
Read More
07 Oct 2020
By Mary

InfoSec News Nuggets 10/07/2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever. To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals…
Read More