In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a “pay or leak” extortion campaign. The attackers allegedly accessed Kemper’s Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement. – Read more
Latest article
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed....
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified...
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security...
3 Principles to Safely Scale Agentic AI
- Read more
