u/raptorhunter22

A suspected major data breach at Adobe, allegedly by a hacker called “Mr. Raccoon,” may have exposed millions of records via a third-party Indian BPO. Reports claim up to 13 million support tickets, 15,000 employee records, and HackerOne submissions were accessed. Adobe hasn’t confirmed the breach, but shared evidence suggests serious gaps in access control and vendor security.

Cisco reportedly suffered a breach of its internal development environment after attackers leveraged credentials stolen during the recent Trivy supply-chain compromise. More details linked with sample data

Axios is one of the most used npm packages which just got hit by a supply chain attack. Malicious versions of Axios (1.14.1 and 0.30.4) hit the npm registry yesterday. They carry a malware dropper called plain-crypto-js@4.2.1. If you ran npm install in the last 24 hours, check your lockfile. Roll back to 1.14.0 and rotate every credential that was in your environment. Currently, as of now, npmjs has removed the compromised versions of axios package along with the malicious plain crypto js package. Live updates + info linked.

Analysis of the LiteLLM incident: stolen CI tokens → malicious PyPI releases → credential exfiltration from runtime environments.

With focus on trust boundaries in CI/CD and secret exposure.

Breach occurred at Navia Benefit Solutions, a 3rd party, not HackerOne infra.

Around 287 HackerOne employees PII leaked.

Navia delayed breach notifications by weeks. Filed at Maine AG.

Navia was independently breached. Over 10K US employee's PII exposed.

Reports point to an auth flaw (BOLA-type) enabling access to employee PII (SSNs, DoB, addresses, benefits data).

Exposure window: Dec 2025 to Jan 2026.