Breach Autopsy: Hasbro and the Weeks-Long Recovery Problem
Hasbro's cyber incident matters because a weeks-long recovery window usually points to deeper resilience failures, not just one bad day.
breach-autopsy
Breach Autopsy: CISA KEV Adds CVE-2026-35616 in Fortinet FortiClient EMS
Breach Autopsy: CISA KEV Adds CVE-2026-35616 in Fortinet FortiClient EMS
On April 6, 2026, CISA added CVE-2026-35616 to the Known Exploited Vulnerabilities (KEV) catalog, with a federal remediation due date of April 9, 2026. The flaw affects Fortinet FortiClient EMS and can allow unauthenticated code or command execution through crafted
Breach Autopsy: Microsoft Ties Storm-1175 to High-Tempo Medusa Ransomware Operations
Breach Autopsy: Microsoft Ties Storm-1175 to High-Tempo Medusa Ransomware Operations
Microsoft reported on April 6, 2026 that threat actor Storm-1175 is running rapid intrusion-to-encryption operations and chaining vulnerable internet-facing systems into Medusa ransomware campaigns. The activity pattern matters for defenders because it compresses the detection window: initial access, privilege movement,
Breach Autopsy: Change Healthcare and the $22M Ransom That Broke US Pharmacies
When a single ransomware attack on a healthcare clearinghouse disrupts prescriptions nationwide, the third-party risk math changes.
Breach Autopsy: NPM Typosquatting Attack Compromises 200+ Developer Environments
Attackers registered 'requst' instead of 'request' and waited for typos to deliver malware to developer machines running npm install.
Breach Autopsy: European Commission's Amazon Cloud Account Compromise Exposes Third-Party Infrastructure Risk
The European Commission is investigating a breach after an Amazon cloud account was compromised. Government agencies running on vendor infrastructure face unique disclosure complexities.
Breach Autopsy: Balance Autism and the Hidden Cost of Vendor Email Compromises
When a vendor's compromised email becomes your class action lawsuit - Balance Autism's settlement shows why vendor access control is a legal liability, not just a security one.