Hushvault

Weekly Digest on AI, Geopolitics & Security

For policymakers and operators who need to stay ahead.

No spam. One clear briefing each week.

Tag: data breach

The $1 Million Password: How One Infostealer Campaign Exposed the Gap Between Enterprise Security Rhetoric and Reality

One criminal leveraged old stolen passwords and a lack of multi-factor authentication (MFA) to quietly breach roughly 50 large enterprises—showcasing that the weakest link in cloud security is not technology, but basic governance and accountability. This campaign, run by a threat actor known as Zestix or Sentap, is a case study in how organizations can…

January 11, 2026
A Silent Exposure: How Illinois’ Human Services Agency Left 700,000 Residents’ Health Data Public for Years

Illinois’ largest human services agency left sensitive health-related data for nearly 700,000 people exposed on the open internet for years—then waited more than 100 days after discovering the problem to tell anyone. The Illinois Department of Human Services (IDHS) now faces questions that go far beyond a single misconfiguration. The breach, disclosed publicly in early…

January 11, 2026
The Ransomware Paradox: How 8,000 Attacks, State Hacks, and a 700,000-Record Breach Redefined Cyber Risk in 2025

Ransomware in 2025 reached a historic paradox: law enforcement notched some of its biggest victories against cybercriminals, yet the world endured more attacks, more disruption, and more victims than ever before. Instead of killing ransomware, the takedowns helped transform it—away from a few powerful “brands” and toward a fragmented, industrial-scale ecosystem that is harder to…

January 11, 2026
The $262 Million Security Theater: How MFA Failures and Three‑Year‑Old Passwords Fueled a Global Infostealer Breach

A single criminal campaign has exposed a structural weakness at the heart of modern enterprise security: organizations are spending heavily on advanced tools while still allowing three‑year‑old stolen passwords to unlock terabytes of their most sensitive data. Over roughly a year, a threat actor known as Zestix (aka Sentap) quietly breached about 50 global enterprises…

January 11, 2026
How One Access Broker Quietly Breached Dozens of Global Enterprises—And Exposed the Limits of Traditional Security

A single criminal operating under the aliases Zestix and Sentap has quietly breached dozens of major global enterprises not by exploiting advanced zero‑day vulnerabilities, but by doing something far simpler: logging in with valid usernames and passwords stolen from employees’ own devices. This campaign exposes a fundamental weakness in modern corporate security strategies—an overreliance on…

January 11, 2026
From API Misconfiguration to Account Takeover: Inside the Instagram Breach Targeting 17.5 Million Users

The latest Instagram data exposure is not just another static breach; it has rapidly evolved into an active campaign in which millions of people are being targeted in real time with account takeover attempts, phishing, and SIM‑swapping attacks. At the center of the incident is a 17.5‑million‑record dataset scraped from Instagram’s APIs in late 2024…

January 10, 2026
‘It’s terrifying’: WhatsApp AI helper mistakenly shares user’s number

A recent incident involving Meta’s AI assistant on WhatsApp has raised significant concerns about the reliability and ethics of AI systems. Barry Smethurst, a record shop worker, encountered a disturbing experience when he asked the AI for the contact number of TransPennine Express. Instead of providing the correct information, the chatbot gave him a private…

June 18, 2025