A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns.

The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic.

A clothing retailer patched a website flaw that exposed customer data via order links, highlighting risks associated with predictable URL structures.

The post Clothing Retailer Patches Website Flaw Exposing Customer Data appeared first on TechRepublic.

McGraw-Hill confirms a data exposure tied to a Salesforce misconfiguration as hackers claim 45M records, raising concerns over SaaS security risks.

The post McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked appeared first on TechRepublic.

The post Open Access: How a Simple Fiverr Config Error Exposed 30,000 Private Documents to Google appeared first on Daily CyberSecurity.

Booking.com confirms a data breach that exposed traveler details, raising urgent concerns about highly targeted phishing scams and customer safety.

The post Booking.com Hack Exposes Customer Data, Sparks Travel Scam Fears appeared first on TechRepublic.

A massive breach exposed 337K LAPD-linked files, raising concerns over third-party risk, sensitive data exposure, and law enforcement cybersecurity gaps.

The post Massive Data Breach Exposes 337K LAPD-Linked Records appeared first on TechRepublic.

The Bitcoin Depot cyberattack has resulted in the theft of approximately 50.903 Bitcoin, valued at $3.665 million, after unauthorized actors gained access to the company’s internal systems. The incident, disclosed in a filing with the U.S. Securities and Exchange Commission (SEC), occurred on March 23, 2026, and involved compromised credentials linked to the company’s digital asset settlement accounts. Bitcoin Depot Inc. confirmed that the attackers were able to access certain parts of its information technology environment and execute unauthorized transfers from company-controlled cryptocurrency wallets.

How the Bitcoin Depot Cyberattack Unfolded

According to the company’s Form 8-K filing, the Bitcoin Depot cyberattack began when an unauthorized party infiltrated its IT systems and obtained control of credentials associated with digital asset settlement accounts. These credentials were then used to transfer Bitcoin without authorization. Upon detecting the breach, the company said it immediately activated its incident response protocols. External cybersecurity experts were brought in to investigate the intrusion, and law enforcement authorities were notified. The company noted that, based on the investigation so far, the incident appears to be limited to its corporate systems and did not impact customer-facing platforms or services.

Financial Impact of the Bitcoin Depot Cyberattack

The unauthorized transfer involved 50.903 Bitcoin, which Bitcoin Depot valued at approximately $3.665 million at the time of the incident. This figure has been recorded as a preliminary estimate of loss in the company’s filing. While the Bitcoin Depot cyberattack has been classified as a material incident due to potential reputational, legal, and regulatory consequences, the company stated that it does not expect the breach to have a significant impact on its overall financial condition or operational performance. However, the final financial impact may change as the investigation progresses. The company also indicated that it maintains cybersecurity insurance, which may cover part of the losses, although there is no guarantee of full recovery.

No Evidence of Customer Data Exposure

Bitcoin Depot emphasized that there is currently no evidence suggesting that customer data was accessed or exfiltrated during the Bitcoin Depot cyberattack. The company stated that its customer platforms, systems, and environments remain unaffected. This distinction is significant, as the breach appears to have been confined to internal systems rather than broader infrastructure that handles customer transactions or personal data. Still, the company acknowledged that the investigation is ongoing and that conclusions could evolve as more information becomes available.

Ongoing Investigation and Security Measures

The Bitcoin Depot cyberattack remains under active investigation, with third-party cybersecurity specialists continuing to analyze the scope and method of the intrusion. The company has committed to updating its disclosures if new material information emerges. As part of its response, Bitcoin Depot is working to strengthen its IT systems and implement additional safeguards aimed at preventing similar incidents in the future. These efforts include reviewing access controls and reinforcing security around credential management. The company also indicated that it will amend its SEC filing if required details were not fully available at the time of the initial report.

Broader Implications for Crypto Security

The Bitcoin Depot cyberattack highlights a key risk in the cryptocurrency sector, compromised credentials tied to internal systems can lead to direct financial losses, even when customer platforms remain unaffected. The incident resulted in a loss of $3.665 million after attackers gained control of settlement account credentials and moved funds from company-controlled wallets. While there is no evidence of customer data exposure so far, the breach reflects the ongoing challenges organizations face in securing digital asset infrastructure. The investigation is still ongoing, and the full scope and long-term impact have yet to be determined. The Cyber Express team has reached out to Bitcoin Depot for additional details; however, no response had been received at the time of writing. We will update this story as more information becomes available.

The CareCloud data breach is under investigation after the healthcare software firm disclosed that hackers may have accessed systems storing electronic health records. The CareCloud data breach incident, which took place on March 16, caused a temporary disruption but has raised concerns over possible exposure of sensitive patient data. In a filing with the U.S. Securities and Exchange Commission, CareCloud said one of its electronic health record (EHR) environments was impacted for around eight hours. The company restored access the same day but confirmed that an unauthorized third party had gained temporary access to the system.

CareCloud Data Breach: Unauthorized Access Confirmed

CareCloud said the data breach was limited to a single environment within its CareCloud Health division. The company operates six such environments and believes the rest of its systems, platforms, and data were not affected. The breach was identified and contained on the same day. However, the company is still working to determine what exactly the attacker accessed during that window. “The Company continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated, and the categories and volume of any such data,” the filing noted. At this stage, there is no confirmation on whether data was stolen, but the possibility of exposure remains.

Patient Data Exposure a Key Concern

The CareCloud data breach is significant because the affected system stores electronic health records, one of the most sensitive categories of data in the healthcare sector. Such systems typically include personal details, medical histories, treatment records, and financial information. Even limited unauthorized access can create long-term risks for patients, including identity theft or misuse of medical data. CareCloud has not disclosed how many individuals could be affected. Following the incident, CareCloud said it reported the matter to its cybersecurity insurance provider and brought in external experts to investigate. The company has engaged a cyber response team from a Big Four accounting firm to conduct forensic analysis and secure its systems. The CareCloud data breach has also been reported to law enforcement authorities. The company said it has since restored all affected systems and believes the attacker no longer has access.

Declared Material Despite Limited Operational Impact

While operations were restored quickly, CareCloud classified the CareCloud data breach as a material cybersecurity incident. The company said the decision was based on the sensitivity of the potentially affected data and the possible legal, regulatory, and reputational consequences. It added that the incident has not had a material impact on its financial condition so far, but the full impact is still being assessed. CareCloud provides technology and software solutions to more than 45,000 healthcare providers, including electronic health records and revenue management tools. The company reported $120.5 million in revenue in its last fiscal year. Given its scale, even a limited breach could have wider implications across the healthcare ecosystem. The CareCloud data breach highlights a familiar issue in the sector, systems may recover quickly, but understanding the extent of data exposure often takes much longer.

Investigation Ongoing

CareCloud said it is continuing its investigation and will update disclosures as more information becomes available. For now, the key question remains unanswered: whether patient data was accessed or taken during the breach. Until that is confirmed, the CareCloud data breach will remain a developing story for both regulators and the healthcare industry.

Hackers claim they stole 6.8 million Crunchyroll email addresses through a third-party vendor breach, exposing support ticket data and other user details.

The post Nearly 7M Email Addresses Exposed in Crunchyroll Third-Party Breach appeared first on TechRepublic.

AI makes it easy to find executive PII online. Security teams must reduce digital exposure before attackers use AI to surface sensitive data.

The post AI Just Made Executives the Easiest Targets on the Internet appeared first on Security Boulevard.

PayPal disclosed a software error in its Working Capital platform that exposed sensitive customer data, including Social Security numbers, for months in 2025.

The post PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months appeared first on TechRepublic.

Fintech lender Figure suffered a social-engineering breach that led to a data dump online. Have I Been Pwned found 967,200 exposed email records.

The post Figure Data Breach Exposes Nearly 1 Million Customers Online appeared first on TechRepublic.

The Red Report 2026 on the Top 10 Most Prevalent Att&Ck® Mitre Techniques shows a shift by bad actors from disruption to long-lived access. 

The post 80% of Att&Ck® Mitre Techniques Now Dedicated to Evasion and Persistence  appeared first on Security Boulevard.

Flickr disclosed a data exposure tied to a third-party email provider, highlighting how external service vulnerabilities can put millions of users at risk.

The post Flickr’s 35M Users Affected by Third-Party Data Exposure appeared first on TechRepublic.