Publications & Analyses
Argus Flow releases, platform announcements, press updates, and cybersecurity analyses.
Vercel Data Breach Linked to Employee AI Tool Access and Stolen OAuth Tokens
Vercel experienced a data breach after an employee's interaction with an AI tool led to the compromise of OAuth tokens. This incident highlights how stolen OAuth tokens are becoming a significant new attack surface for lateral movement by threat actors.
Ericsson Data Breach: 15,000 Employees and Customers Affected
Telecom giant Ericsson announced a data breach affecting 15,000 employees and customers. The incident occurred due to the compromise of a third-party service provider's systems. Personal data of the affected individuals may have been exposed.
Seiko USA Website Defaced: Customer Data Theft Claimed
The Seiko USA website was defaced by cyber attackers. Attackers claim to have stolen the company's Shopify customer database and threaten to leak it unless a ransom is paid, potentially exposing customer information.
France: Ransomware Attacks Decline in 2025, SMBs Remain Primary Target
The French National Cybersecurity Agency (ANSSI) reported a decrease in ransomware attacks across France in 2025. However, French small and medium businesses (SMBs) continued to be the organizations most targeted by these malicious campaigns. These attacks typically involve data encryption and potential data exfiltration, threatening data availability and confidentiality.
European Commission Confirms Data Breach on AWS Infrastructure
The European Commission has confirmed a data breach affecting its AWS cloud infrastructure. While the exact number of compromised records and specific data types remain undisclosed, the incident highlights ongoing challenges in cloud security for major organizations.
Malicious Chrome Extensions Campaign Exposes User Data
A campaign involving 108 malicious Chrome extensions has stolen user sessions and Google data. Operating through a single C2 infrastructure, these extensions also injected unwanted ads into users' browsers. Millions of users' data might be at risk due to this widespread attack.
Booking.com User Data Accessed in Security Incident
Booking.com confirmed that some user data, including names, emails, phone numbers, and booking details, was accessed by hackers. The company has secured its systems and contained the issue.
Basic-Fit Data Breach Affects 1 Million Gym Members
Basic-Fit, Europe's largest gym chain, has confirmed a data breach impacting approximately 1 million members. Unauthorized access to company systems led to the theft of personal information, including names, birth dates, and bank details. The incident was recently detected by the company.
Grafana Patches AI Bug Potentially Exposing User Data
Grafana has addressed an AI vulnerability that could have allowed attackers to exfiltrate sensitive user data. The bug involved AI ingesting hidden malicious instructions from attacker-controlled web pages, potentially returning confidential information. This critical flaw has now been patched by Grafana.
Microsoft and Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injection vulnerabilities in Microsoft Copilot and Salesforce Agentforce could have allowed external attackers to leak sensitive data. Both companies have swiftly released patches to address these security weaknesses.
Vercel Reports Security Incident Affecting Customer Data
Vercel, the creator of Next.js, has disclosed a security incident that resulted in unauthorized access to its systems. The incident potentially led to the exposure of user names, email addresses, and other basic account-related information for some customer accounts. The company urged users to reset passwords and enable multi-factor authentication.
Employee Data Breaches Reach Seven-Year High Driven by Non-Cyber Incidents
Employee data breaches have surged to a seven-year high, with non-cyber incidents identified as the primary driver. This trend highlights the growing risks associated with human error and internal processes rather than direct cyberattacks. The analysis was conducted by law firm Nockolds.