Tag: breach
-
Vercel Confirms Security Breach Affecting Customer Accounts
Vercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number of customer accounts and stored data. The cloud platform provider disclosed that it is actively investigating the incident with help from outside incident response experts and has also notified law enforcement. According…
-
Vercel Confirms Security Breach Affecting Customer Accounts
Vercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number of customer accounts and stored data. The cloud platform provider disclosed that it is actively investigating the incident with help from outside incident response experts and has also notified law enforcement. According…
-
Telco Privacy Violation? Fine! No, Telco Privacy Violation, Fine. Supreme Court to Determine if FCC Can Charge Telcos for Data Breaches
The intersection of constitutional law and cybersecurity enforcement, specifically the Seventh Amendment right to a jury trial in regulatory data privacy cases. Central Conflict: Whether federal agencies (like the FCC, SEC, or FTC) can administratively impose monetary penalties for data misuse without a jury, or if such actions are “Suits at common law” requiring Article…
-
Some Interrail travellers told to cancel passports as hacked data posted online
Eurail, which sells passes, says data being ‘offered for sale on dark web’ after December breach affecting 300,000 peopleHolidaymakers across Europe are facing the stress and expense of getting new passports after their personal data was posted on the dark web following a hack of the Interrail company Eurail.Personal data, including passport numbers, names, phone…
-
Malicious npm Package Hijacks Hugging Face for Malware Delivery
Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross”‘platform implant chain. Earlier campaign phases already used Hugging Face as a simple hosting point for those binaries, but the latest builds…
-
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
A severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code. Xinference has over 600,000 total downloads, making this a significant security event for the software…
-
University of Warsaw Data Breach Exposes 200,000+ Sensitive Files on Darknet
Over 200,000 files containing sensitive personal information from the University of Warsaw have been leaked online. The University of Warsaw cyberattack, which targeted the institution’s digital systems, resulted in the publication of the stolen data on the darknet in mid-April 2026. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/university-of-warsaw-cyberattack/
-
Malicious pgserve, automagik developer tools found in npm registry
Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
-
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not
A company that ran anonymous tip lines for 35,000 American schools – handling reports of bullying, weapons, and self-harm – boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a challenge, with predictable results… First seen on grahamcluley.com Jump…
-
The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
<div cla In today’s security landscape, some of the most dangerous vulnerabilities aren’t flagged by automated scanners at all. These are the business logic flaws: subtle mistakes in an application’s design or workflow that malicious actors can exploit by doing the unexpected. As a result, companies can be blindsided by breaches even when their vulnerability…
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
France confirms data breach at government agency that manages citizens’ IDs
The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/22/france-confirms-data-breach-at-government-agency-that-manages-citizens-ids/
-
France confirms data breach at government agency that manages citizens’ IDs
The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/22/france-confirms-data-breach-at-government-agency-that-manages-citizens-ids/
-
Fake Google Antigravity Installer Can Steal Accounts in Minutes
Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies. The post Fake Google Antigravity Installer Can Steal Accounts in Minutes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-google-antigravity-downloads-steal-accounts-minutes/
-
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems. First seen on hackread.com Jump to article: hackread.com/discord-access-anthropic-claude-mythos-ai-breach/
-
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an…
-
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as the Agence … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/france-titres-online-portal-data-breach/
-
French police arrest suspected hacker behind dozens of data breaches
French authorities have arrested a suspected hacker believed to be behind dozens of data breaches targeting public institutions, sports federations and private organizations across the country. First seen on therecord.media Jump to article: therecord.media/french-hacker-cyberattacks-arrest
-
Cosmetics giant Rituals confirms data breach of customer membership records
The cosmetics retailer, which counts 41 million customers in its membership data, declined to provide an accurate total number of customers affected. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/22/cosmetics-giant-rituals-confirms-data-breach-of-customer-membership-records/
-
Drittanbieter-Tokens gestohlen – Shiny Hunters erpressen Rockstar Games nach Snowflake-Breach
Tags: breachFirst seen on security-insider.de Jump to article: www.security-insider.de/anodot-hack-snowflake-kunden-shiny-hunters-erpressung-a-02407f5ea10016f06caa840596397f8d/
-
Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit
Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported. First seen on hackread.com Jump to article: hackread.com/bluesky-online-ddos-attack-iran-313-team/
-
French Fintech Accounts Used to Launder Stolen Funds Before Detection
Cybercriminals are turning French freelancer fintech accounts into high-speed money laundering channels, moving stolen funds within minutes often before banks or victims realise anything is wrong. Fintech platforms like Revolut, Wise and N26 allow fast, remote account opening, light-touch digital KYC, and access to SEPA instant transfers, invoicing, cards, and sometimes crypto all packaged for…
-
France’s ‘Secure’ ID agency probes breach as crooks claim 19M records
Tags: breachGov admits ‘incident’ as forum sellers boast of fresh haul covering up to a third of the population First seen on theregister.com Jump to article: www.theregister.com/2026/04/22/frances_secure_id_agency_probes/
-
March 2026 Cyber Threat Landscape Fueled by Ransomware, Breaches, and Access Markets
Tags: access, attack, breach, cyber, cybersecurity, data, data-breach, intelligence, ransomware, threatThe 2026 threat landscape continued to intensify in March, with ransomware attacks, expanding data breach activity, and a growing underground market for compromised access shaping the global cybersecurity environment. According to analysis from CRIL (Cyble Research & Intelligence Labs), organizations worldwide faced a highly active and coordinated threat ecosystem throughout the month. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/march-2026-threat-landscape/
-
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
Tags: breach, cyber, data, data-breach, government, hacker, identity, infrastructure, intelligence, leak, security-incident, threatThe French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle registration certificates, and driver’s licenses nationwide. Recent threat intelligence reports suggest this security incident represents a massive compromise that could impact up…
-
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
Tags: breach, cyber, data, data-breach, government, hacker, identity, infrastructure, intelligence, leak, security-incident, threatThe French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle registration certificates, and driver’s licenses nationwide. Recent threat intelligence reports suggest this security incident represents a massive compromise that could impact up…
-
Apple Intelligence flaw kept stolen tokens reusable on another device
Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/apple-intelligence-token-vulnerability-serpent-attack/
-
Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook
Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/financial-sector-cyber-threats-report/