Incident Blog News(103)- 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 18.10.25 | F5 network compromised | On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devices by developing exploits for these vulnerabilities. | Incident blog | SOPHOS |
| 18.10.25 | F5 Systems Compromised, BIG IP Vulnerabilities Exfiltrated: What To Do Next | F5 recently disclosed that a nation-state actor accessed a proprietary BIG-IP development network, including source code and details about vulnerabilities still under development. | Incident blog | Eclypsium |
| 18.10.25 | Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities | On Oct. 15, 2025, F5 — a U.S. technology company — disclosed that a nation-state threat actor conducted a significant long-term compromise of their corporate networks. In this incident, attackers stole source code from their BIG-IP suite of products and information about undisclosed vulnerabilities. | Incident blog | Palo Alto |
|
11.10.25 |
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report | Cloud incidents like ransomware attacks and account compromise can bring operations to a halt and create a situation in which costs, reputation and customer trust are at stake. | Incident blog | Palo Alto |
| 27.9.25 | Investigation Report on Jaguar Land Rover Cyberattack | Executive Summary CYFIRMA analyzed the September 2, 2025, Jaguar Land Rover (JLR) cyber incident, which caused widespread disruption by shutting down global IT systems and | Incident blog | Cyfirma |
| 13.9.25 | Beaches and breaches | Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. | Incident blog | CISCO TALOS |
| 21.6.25 | An Investigation of AWS Credential Exposure via Overprivileged Containers | Overprivileged or misconfigured containers in Amazon EKS can expose sensitive AWS credentials to threats like packet sniffing and API spoofing, highlighting the need for least privilege and proactive security to detect and reduce these risks. | Incident blog | Trend Micro |
| 10.5.24 | FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure | The FortiGuard Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. | Incident blog | FOTINET |
|
2.11.24 | Protecting major events: An incident response blueprint | Go behind the scenes with Talos incident responders and learn from what we've seen in the field. | Incident blog | Cisco Blog |
31.8.24 | It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. | |||
20.7.24 | It's best to just assume you’ve been involved in a data breach somehow | Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. | Incident blog | Cisco Blog |
13.7.24 | Cloudflare 1.1.1.1 incident on June 27, 2024 | On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak... | Incident blog | Cloudflare |
13.7.24 | Impact of data breaches is fueling scam campaigns | Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. | Incident blog | Cisco Blog |
| 29.6.24 | Snowflake isn’t an outlier, it’s the canary in the coal mine | By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login | Incident blog | Cisco Blog |
| 15.6.24 | 560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe | Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data | Incident blog | Eset |
| 8.6.24 | The murky world of password leaks – and how to check if you’ve been hit | Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look | Incident blog | Eset |
| 23.3.24 | Threat actors leverage document publishing sites for ongoing credential and session token theft | Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. | Incident blog | Cisco Blog |
| 25.2.24 | 2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics | Our annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures. | Incident blog | Palo Alto |