From a major data breach affecting millions of Americans to ransomware attacks, supply chain attacks and browser fixes, this roundup reminds us that digital safety is never something you set and forget. 

Let’s take a look at the biggest stories making headlines and what each one means for you.

Over 10 Million People Affected in Conduent Data Breach

Business services company, Conduent has revealed that hackers broke into its network and stole the personal details of more than 10 million people. The attackers were inside the company’s system for almost three months (October 2024 to January 2025) before being caught.

During that time, they took a huge amount of data, including names, home addresses, dates of birth, Social Security numbers, and health and insurance details. 

Conduent said the attack disrupted its services for several U.S. government agencies and private organizations. Although the company didn’t name the hackers, a ransomware group called Safepay claimed responsibility earlier this year.

What can you do?

If you’ve ever used a service connected to Conduent, it’s best to be cautious. 

• Get your free annual credit report and watch for strange account activity
• Avoid sharing personal information with anyone who contacts you unexpectedly.

EY's 4-terabyte SQL Server Backup Publicly Accessible on Microsoft Azure

Security researchers at NeoSecurity found a 4-terabyte SQL Server backup file sitting publicly accessible on Microsoft Azure belonging to the top audit firm, Ernst and Young (EY).

The file appeared to be a raw .BAK database dump, which often contains schemas, user records, and embedded secrets like API keys and credentials. 

The discovery was made during an attack surface mapping exercise. Neo Security and other researchers reported responsible disclosure, and EY responded by triaging and remediating the exposure. This kind of mistake can happen when cloud storage ACLs are misconfigured and a private container is accidentally exposed to the public.

What’s the Implication of This?

A 4-terabyte backup is a lot of records, probably millions in one place. If it’s unencrypted and open to the public, it can be found within minutes by automated scanners, and information in the hands of cybercriminals can lead to phishing scams, identity fraud, and more. Also, for firms that handle financial data, that kind of data breach can erode client trust.

What You Can Do

• Encrypt all backups and store the encryption keys separately.
• Review who has access to your cloud storage and block public access by default.
• Use automated tools to scan for open or misconfigured storage before attackers do.
• Set alerts for sudden access changes or strange file uploads.
• After every deployment, double-check that backups and storage buckets are still private.
• If you find a leak, report it quickly and tell affected clients what you’re doing to fix it.

Schneider Electric and Emerson Appear on Cl0p Leak Site After Oracle EBS Attack

Security researchers have spotted files from Schneider Electric and Emerson on the Cl0p leak site. It’s part of a wider campaign exploiting Oracle E-Business Suite flaws. Dozens of companies using Oracle EBS may have been hit, leading to stolen business data. Investigations are still ongoing.

What’s the Implication of This?

Systems like Oracle EBS are highly used in finance, HR, and supply chain operations, which makes them major targets. When attackers find a weakness, they can access invoices, payroll data, and supplier details which is information that enables fraud and extortion. Even if there is no ransomware, leaking stolen data can damage reputations and pressure companies to pay. For anyone using Oracle EBS, vendor patches and network separation are very urgent.

What You Can Do

• Apply all Oracle EBS patches and security updates immediately.
• Look for unusual outbound data transfers or suspicious database activity.
• Change or limit service accounts with broad access.
• Secure and log all database backups.
• Keep ERP systems separate from regular office networks.

Dentsu Says Merkle Suffered a Cyberattack

Dentsu, a global advertising and marketing firm, has confirmed that Merkle, its U.S.-based customer experience arm, was hit by a cyberattack. 

After noticing unusual activity on Merkle’s network, the company immediately activated its incident response plan. Some systems were taken offline to contain the issue while Dentsu brought in an external cybersecurity team to carry out forensic work and remediation. 

The company also reported the incident to relevant authorities as it investigates what data, if any, was accessed and how far the impact will reach.

What’s the Implication of This?

There’s a lot at stake when companies handle other people’s data. For firms like Merkle that store large amounts of customer and marketing information, when they're hit, the damage doesn’t stop with them. It spreads to the brands they work with. Clients end up dealing with bad press, legal trouble, and the stress of changing passwords and reassuring customers.

What You Can Do

• Ask your vendor what systems were affected and whether any of your customer data or credentials were involved.
• Request a clear remediation timeline and updates on what actions they’re taking.
• Change all passwords, API keys, and shared accounts linked to their systems.
• Enforce multi-factor authentication and limit how long vendors can keep privileged access.
• Review your vendor risk process and confirm they use proper network segmentation, logging, and have an incident response plan that includes client notification.
• Keep a short record of every step you take and every update you receive to show due diligence if regulators or customers ask.

Svenska kraftnät Reports Data Breach After File Transfer Compromise

Sweden’s national grid operator, Svenska kraftnät, has confirmed a data breach involving an external file transfer tool. The good news is that the power supply and core systems were not affected. The ransomware group Everest claims to have stolen about 280 gigabytes of data and has listed the agency on its leak site. Authorities have been notified, and investigations are ongoing.

What You Can Do

• Review any external file transfer tools in your setup.
• Enforce multi-factor authentication and log all file transfers.
• Use file scanning and data loss prevention tools to catch risky uploads.
• Run security drills that assume attackers breached a non-operational system.
• Ask your vendors or partners for clear updates if shared data was exposed.

Malicious npm Packages Found Stealing Developer Credentials

Researchers have found ten fake npm packages that were stealing developer credentials across Windows, macOS, and Linux. The attackers used typosquatting, which is the use of slightly misspelled versions of popular package names to trick developers. Once installed, the malware displayed fake CAPTCHA and quietly stole tokens, SSH keys, and passwords.

What You Can Do

• Double-check package names before installing.
• Use an approved list of dependencies and prefer verified or signed packages.
• Run installs in containers or sandboxes to isolate risks.
• Always rotate locally stored tokens and SSH keys.
• Monitor CI builds for strange outbound traffic.
• Train your team to report suspicious package activity quickly.

Ukrainian Man Extradited to the U.S. for Conti Ransomware

The United States has extradited a Ukrainian man named Oleksii Lytvynenko, who is accused of taking part in Conti ransomware attacks. He had been living in Ireland with his family after fleeing the war in Ukraine, but U.S. investigators say he was involved in several ransomware operations that targeted American businesses.

According to the Justice Department, victims in Tennessee paid over $500,000 in cryptocurrency to recover their data, while another victim’s files were leaked after refusing to pay. Lytvynenko faces serious charges, including wire fraud and computer fraud, which together could lead to up to 25 years in prison.

What can you do?

• Train your employees because most ransomware attacks start with a simple phishing email and ensure cyberawareness is a top priority
• Back up critical data offline, and always keep security software up to date.

Nation-State Hackers Breached Top Telecom Partner for Almost a Year

Ribbon Communications, a U.S. company that provides backbone technology for telecom networks like Verizon, BT, Deutsche Telekom, and even the U.S. Department of Defense 

said it discovered “unauthorized access” to its systems in September 2025.

However, investigators believe the hackers may have been inside since December 2024. The company suspects a nation-state group, possibly linked to China, was behind the attack. Some files on laptops outside Ribbon’s main network were accessed, though the firm says it hasn’t found proof of large-scale data theft.

What’s the implication of this?

Nation-state attacks are concerning because they often target infrastructure rather than individuals. If a company like Ribbon is compromised, it could put sensitive communications or even national defense data at risk. Cyberwarfare is no longer just about stealing money; it’s about gaining long-term access and intelligence.

What can you do?

• Review your vendor access. Make sure partners only have the permissions they need. 
• Use multi-factor authentication for all accounts tied to your phone number or network provider.

Akira Ransomware Claims to Have Breached Apache OpenOffice

The Akira ransomware group claims it has hacked Apache OpenOffice, one of the most popular free office software suites in the world. The hackers say they stole 23 gigabytes of data, including employee details, financial records, and internal reports.

OpenOffice is run by volunteers under the Apache Software Foundation, and millions of people around the world use it, especially in schools and small businesses. For now, Apache has not confirmed or denied the breach, and experts are still checking whether the stolen files are real or reused from older leaks.

What can you do?

• If you use OpenOffice, there’s no reason to panic yet, but stay alert for fake update links or suspicious emails pretending to be from the project team. 
• Keep your software downloaded only from the official Apache website and always back up important files.

Google Patches 20 Chrome Vulnerabilities

If you use Google Chrome, there’s good news. The company has released version 142 of the browser, which fixes 20 security flaws. 7 of these are high-risk, including two serious bugs in Chrome’s V8 JavaScript engine, which powers most of the web content you see.

Google rewarded two security researchers with $50,000 each for finding those bugs, while the company’s own AI system, Big Sleep, discovered three others. In total, Google paid about $130,000 in bug bounties for this update.

The company says there’s no sign that any of these vulnerabilities have been used by attackers yet, but details are being kept private for now, probably to stop hackers from exploiting the flaws before users update their browsers.

What can you do?

• If your Chrome hasn’t updated yet, go to Settings → About Chrome and check for version 142.0.7444.59 or later. 
• Restart your browser so updates can happen automatically.

Cybersecurity is not just about firewalls and antivirus software right now. It also involves supply chains, vendor risk management, cloud hygiene, and protecting data like developer credentials and file transfers. The sophisticated way attackers move means preparation and consistent patching are a necessity. And the best way to stay safe is to be one step ahead. 

Join our newsletter to get timely information and tips.

Subscribe to our blog because the more you understand these threats, the harder it becomes for them to catch you off guard.