DEV Community: BeyondMachines

State of (in)security - Week 16, 2026

BeyondMachines — Mon, 20 Apr 2026 18:01:10 +0000

Summary

Week 16 of 2026 saw 17 advisories and 22 incidents, with 16.7 million individuals impacted, driven largely by the McGraw-Hill Salesforce misconfiguration breach (13.5M) alongside major ransomware, phishing, and third-party compromises affecting healthcare, finance, and tech sectors. Key vulnerabilities included actively exploited zero-days in Microsoft products, critical flaws in Cisco, Fortinet, SAP, and Adobe, and a systemic RCE risk in the MCP protocol.

Take Action:

This week third party libraries and AI are the focus: If you're using Claude Code, update immediately to the latest version and stop using authentication helpers. Instead, set the ANTHROPIC_API_KEY environment variable directly. If you use Axios in your applications, start planning an update to version 1.15.0 or later. Make sure your nginx-ui instances are isolated from the internet and accessible from trusted networks only.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Kairos Ransomware Group Claims 441GB Data Theft from Strata Republic

BeyondMachines — Mon, 20 Apr 2026 16:01:11 +0000

Summary

The Kairos ransomware group claims to have stolen 441 GB of sensitive data from Australian strata management firm Strata Republic, including tax file numbers and employee IDs. The threat actor has threatened to leak the full dataset following the company's silence regarding the breach.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Dell Patches Root-Level Vulnerabilities in PowerProtect Data Domain

BeyondMachines — Mon, 20 Apr 2026 15:01:10 +0000

Summary

Dell patched over 15 vulnerabilities in PowerProtect Data Domain, including a critical SQLite flaw and multiple root-level vulnerabilities that allow remote code execution and full system compromise.

Take Action:

Make sure your Dell PowerProtect Data Domain appliances are isolated from the internet and accessible only from trusted management networks. Then plan a quick update DD OS to version 7.13.1.70, 8.3.1.30, 8.6.1.10, 8.7.0.1, or later (depending on your branch) via the Data Domain Download portal.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Maryland Real Property Search Tool Taken Offline Following Suspicious Activity

BeyondMachines — Mon, 20 Apr 2026 09:01:09 +0000

Summary

Maryland state officials took the Real Property Search tool offline on April 14, 2026, after detecting suspicious activity on servers hosting the Department of Assessments and Taxation application. The incident has disrupted real estate transactions and prompted warnings against using unofficial third-party data sources.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Vercel Discloses Internal System Breach Following Third-Party OAuth Compromise

BeyondMachines — Mon, 20 Apr 2026 08:01:11 +0000

Summary

Vercel suffered a data breach after a third-party AI tool's Google Workspace OAuth app was compromised, allowing attackers to access internal systems and allegedly exfiltrate employee data, source code, and API keys.

Take Action:

If you're a Vercel customer, reach out to Vercel immediately. Immediately check your Google Admin Console (https://admin.google.com/ac/owl/list?tab=apps) filtering by app ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com: if it appears, revoke access and rotate all exposed secrets (NPM/GitHub tokens, API keys, deployment credentials). Finally, audit your Vercel deployments and Linear workspace for suspicious activity.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Amtrak Customer Data Leaked Following Salesforce Environment Compromise

BeyondMachines — Sun, 19 Apr 2026 16:01:10 +0000

Summary

Amtrak's customer data, including 2.1 million unique emails and support ticket details, was leaked by the ShinyHunters group after a social engineering attack compromised the company's Salesforce environment.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Ameriprise Financial Reports Data Breach Affecting Over 47,000 Customers

BeyondMachines — Sun, 19 Apr 2026 15:01:09 +0000

Summary

Ameriprise Financial Inc. disclosed a data breach affecting 47,876 individuals after an unauthorized person accessed stored files in March 2026, exposing Social Security numbers and financial account details.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Hotel Curracloe Guests Targeted in Phishing Campaign Following GuestDiary Data Breach

BeyondMachines — Sun, 19 Apr 2026 14:01:09 +0000

Summary

Hotel Curracloe in Ireland reported a third-party data breach at its booking provider, GuestDiary.com, which led to targeted phishing attacks against guests via WhatsApp and email.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Aligned Orthopedic Partners Discloses Email Environment Data Breach

BeyondMachines — Sun, 19 Apr 2026 13:01:10 +0000

Summary

Aligned Orthopedic Partners reports a data breach involving unauthorized access to its email environment between November and December 2025, potentially exposing sensitive personal and protected health information.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Impac Mortgage Holdings Reports Two-Year-Old Data Breach Affecting Over 19,000 Individuals

BeyondMachines — Sun, 19 Apr 2026 12:01:11 +0000

Summary

Impac Mortgage Holdings disclosed a data breach that exposed the Social Security numbers of 19,253 individuals after an unknown actor accessed its systems in early 2024. The company waited two years after discovery to notify the public and is now offering credit monitoring services.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Inditex Reports Data Breach via Former Third-Party Technology Provider

BeyondMachines — Sun, 19 Apr 2026 11:01:11 +0000

Summary

Inditex, the parent company of Zara, reports a data breach involving unauthorized access to customer transaction databases hosted by a former third-party technology provider. Commercial interaction records were exposed, but Inditex claims that sensitive personal data, passwords, and financial information are secure.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines

Critical Remote Code Execution Vulnerability Discovered in Protobuf.js Library

BeyondMachines — Sun, 19 Apr 2026 10:01:10 +0000

Summary

Protobuf.js patched a critical remote code execution vulnerability (CVE-2026-41242) caused by unsafe dynamic code generation when processing malicious protobuf schemas. The flaw allows attackers to execute arbitrary JavaScript code on servers or developer machines, potentially exposing sensitive credentials and enabling lateral movement.

Take Action:

If your applications use protobuf.js (or libraries like gRPC, Firebase, or Google Cloud SDKs), update protobuf.js to version 8.0.1 or 7.5.5 ASAP. Run npm audit to catch hidden dependencies. Going forward, only load schemas you control and prefer precompiled static schemas in production to avoid this class of attack entirely.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines