SURIQData breaches
Confirmed breaches and large-scale data theft: what was taken, how it happened, and what exposed organizations should do next.
A USB worm swaps your crypto address mid-paste, and no breach alarm ever fires
Microsoft found a USB worm that hijacks the clipboard to swap crypto wallet addresses and hides its command channel in Tor. Here is why it beats your controls.
Your Salesforce wasn't breached. A connected app handed over the data.
The Icarus group stole Salesforce CRM data through Klue's connected app, not a Salesforce flaw. Why OAuth integration tokens are the unmonitored attack surface.
SearchLeak in Microsoft 365 Copilot: prompt injection as a new door to old bugs
SearchLeak chained prompt injection, an HTML render race, and Bing SSRF to steal Microsoft 365 Copilot data in one click. What it means for detection.
Ivanti Sentry's CVE-2026-10520: patch the gateway, then hunt for the breach
Ivanti Sentry CVE-2026-10520 is an unauthenticated root RCE under active attack. CISA's new 3-day patch rule applies; patched gateways were already breached.
PeopleSoft's PSEMHUB zero-day turns the patch service into the breach
CVE-2026-35273 sits in PeopleSoft's Updates Environment Management module. Mandiant ties active exploitation to ShinyHunters, with 100+ orgs already breached.
Ready to meet the Guardians?
Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.