A breach at market research firm Klue has resulted in stolen data from multiple cybersecurity companies, including Huntress, HackerOne, Jamf, Recorded Future, and Tanium.
The initial compromise of Klue's systems led to unauthorized access to sensitive information held by the affected security firms. Klue, which provides competitive intelligence and market research services, serves as a repository of business data for numerous enterprise clients.
The breach affects five confirmed cybersecurity vendors, though the full scope of compromised data remains unclear. Huntress, which specializes in managed threat detection, HackerOne's vulnerability disclosure platform, Jamf's device management tools, Recorded Future's threat intelligence services, and Tanium's endpoint management solutions were all impacted.
No details have been disclosed regarding what specific data was accessed or the timeline for discovery and notification. The incident underscores risks posed by centralized repositories of business intelligence and highlights potential attack vectors targeting service providers rather than end users directly.
Affected companies have not yet released detailed breach disclosures or timelines for remediation efforts.
Security vulnerability disclosures are becoming routine rather than noteworthy events as organizations scale their disclosure practices. The shift reflects maturation in how the tech industry handles security issues.
Tesla is defending its Full Self-Driving system after a Model 3 crashed into a Texas home, killing a 76-year-old woman. The company claims the driver manually overrode the system.
A high-severity server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager is being actively exploited by threat actors. The flaw, CVE-2026-20230, allows attackers to bypass network restrictions and access internal systems.
Tata Electronics has confirmed it suffered a cyberattack targeting portions of its IT infrastructure, with hackers subsequently leaking data. The company disclosed the breach in a statement to BleepingComputer.