Ericsson US Discloses Data Breach Impacting 15,000 Individuals

Ericsson US Discloses Data Breach Impacting 15,000 Individuals

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. In data breach notification letters, Ericsson said that a service provider who was storing personal data for employees and customers discovered a breach on April 28, 2025. While the theft has been confirmed, no specific cybercrime group has claimed responsibility, and there is currently no evidence of data misuse.

Source: Security Week

Cognizant TriZetto Suffers Data Breach, Impacting 3.4 Million Patients

TriZetto Provider Solutions, a healthcare technology subsidiary of the IT services giant Cognizant, disclosed a major data breach affecting over 3.4 million patients. The unauthorized access began in November 2024 but remained undetected for over a year, with discovery only occurring in late 2025. Following the discovery, TriZetto initiated an incident response investigation and began officially notifying affected consumers on February 6, 2026. Because the stolen data include highly sensitive personal identifiers such as medical records, impacted victims now face a risk of spear-phishing campaigns, medical identity theft, and severe financial fraud.

Source: Bleeping Computer

ShinyHunters Exploits Salesforce Experience Cloud Sites

Salesforce confirmed on March 10, 2026, that the ShinyHunters group is behind an ongoing campaign exploiting misconfigured Experience Cloud sites. The attackers are not exploiting a platform vulnerability but rather overly broad guest user permissions. Using a weaponized version of the “Aura Inspector” tool, they have mass-scanned hundreds of organizations to extract data without needing credentials. Salesforce urges customers to audit guest user profiles, disable public API access, and monitor Aura logs for unusual query volumes.

Source: SC Media, The Register

US Cyber Strategy Released Targeting AI and Quantum

The White House released President Trump’s 2026 Cyber Strategy, a four-page document outlining six core pillars to strengthen national security. The strategy outlines a broad approach to strengthening the nation’s cybersecurity posture, combining deterrence, regulatory reform, infrastructure protection, and investment in emerging technologies, including AI and quantum. While the strategy outlines a vision for strengthening U.S. cybersecurity, the document falls short on detailed implementation plans. More detailed guidance, operational priorities, and performance metrics for agencies are expected to follow in the coming months.

Source: Security Week

Wikipedia Suffered Security Incident of Self-propagating JS Worm

The Wikimedia Foundation suffered a security incident involving a self-propagating JavaScript worm that vandalized nearly 4,000 pages. The worm spread by injecting malicious code into Wikipedia’s global and user-specific JavaScript files, allowing it to execute in editors’ browsers and modify site content with hidden scripts. Engineers temporarily restricted editing to revert the changes and remove the malicious code. The incident began after a dormant script was executed, possibly during testing by a staff member. Wikipedia has since contained the threat and restored operations.

Source: Bleeping Computer

Click here to subscribe our Newsletter