Supply Chain Risk Management Capabilities Center
An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university’s network in May.
The breach was discovered and reported to law enforcement authorities following an outage that affected some of its systems on June 24, following an investigation with support from external cybersecurity experts.
CISA released two Industrial Control Systems (ICS) advisories on August 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.
Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.
“We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use,” reads a Pandora data breach notification sent to customers.
In a joint cybersecurity advisory, authorities from the United States, Canada, the United Kingdom, and Australia have issued an urgent warning regarding the evolving tactics of the cybercriminal group known as Scattered Spider. This advisory comes from a coalition that includes the FBI, CISA, RCMP, NCSC-UK, ASD’s ACSC, CCCS, and the Australian Federal Police, reflecting the transnational scale and severity of the threat.
Scattered Spider—also tracked as UNC3944, Oktapus, Storm-0875, and Muddled Libra—has gained infamy for its brazen intrusions into commercial sectors, critical infrastructure, and IT service providers. The group’s attacks are marked by sophisticated social engineering, data theft, and ransomware extortion campaigns.
Are you ready to accelerate zero trust at your agency?
“You have to be able to scale across hundreds of teams, thousands of workloads,” says AWS Principal Technologist Sean Phuphanich, when discussing how to make a zero trust architecture the foundation for modernization. “That’s really where a lot of the stumbling blocks come into play because then you’re dealing with a lot of different teams, different environments, different tools.”
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company’s operations worldwide in September 2023.
Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings. The company employs over 100,000 people through its corporate operations and subsidiaries across 150 countries, reporting sales of $27.4 billion in 2024.
The U.S. Department of Homeland Security issued a 30-day notice that the Transportation Security Administration (TSA) has submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. The request seeks to extend the current data collection related to pipeline security incidents, apart from the contact details of designated cybersecurity coordinators and their alternates.
The rapid advancement of technology and increasing data utilisation have underscored the need for new models to manage and secure big data effectively. However, the constraints of isolated network environments and the limitations of existing security frameworks hinder the adoption of cutting-edge technologies such as AI and cloud computing, as well as the safe utilisation of data.
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.
A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.
A new bill requiring the US Commerce Department to assess the national security risks associated with routers and modems controlled by adversarial nations is one step closer to becoming law after passing the House of Representatives.
The House passed the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act on April 28, advancing the legislation after it was cleared by the House Energy and Commerce Committee three weeks earlier.