Tag: data-breach
-
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
Tags: apt, backdoor, china, cisa, cyber, cybersecurity, data-breach, espionage, infrastructure, threatCISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. >>The Cybersecurity…
-
Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database
An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.” First seen on wired.com Jump to article: www.wired.com/story/huge-trove-of-nude-images-leaked-by-ai-image-generator-startups-exposed-database/
-
Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database
An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.” First seen on wired.com Jump to article: www.wired.com/story/huge-trove-of-nude-images-leaked-by-ai-image-generator-startups-exposed-database/
-
NCSC’s ‘Proactive Notifications’ warns orgs of flaws in exposed devices
The UK’s National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ncscs-proactive-notifications-warns-orgs-of-flaws-in-exposed-devices/
-
AI creates new security risks for OT networks, warns NSA
Tags: ai, cisa, compliance, control, cyber, data, data-breach, government, healthcare, infrastructure, injection, intelligence, LLM, network, risk, technology, trainingPrinciples for the Secure Integration of Artificial Intelligence in Operational Technology, authored by the NSA in conjunction with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and a global alliance of national security agencies.While the use of AI in critical infrastructure OT is in its early days, the guidance reads like an attempt…
-
AI creates new security risks for OT networks, warns NSA
Tags: ai, cisa, compliance, control, cyber, data, data-breach, government, healthcare, infrastructure, injection, intelligence, LLM, network, risk, technology, trainingPrinciples for the Secure Integration of Artificial Intelligence in Operational Technology, authored by the NSA in conjunction with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and a global alliance of national security agencies.While the use of AI in critical infrastructure OT is in its early days, the guidance reads like an attempt…
-
Marquis data breach impacted more than 780,000 individuals
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people. Marquis is a Texas-based fintech and software firm that provides data-driven marketing, customer data platforms, analytics,…
-
Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say
Based on a leaked video, security researchers alleged that Intellexa staffers have remote live access to their customers’ surveillance systems, allowing them to see hacking targets’ personal data. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/04/sanctioned-spyware-maker-intellexa-had-direct-access-to-government-espionage-victims-researchers-say/
-
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm. ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or…
-
ATT Extends Deadline for Data Breach Settlement Claims
The deadline for 51 million affected customers to claim compensation from two massive data leaks is now Dec. 18. The post ATT Extends Deadline for Data Breach Settlement Claims appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-att-data-breach-settlement/
-
New Scanner Released to Detect Exposed ReactJS and Next.js RSC Endpoints (CVE-2025-55182)
Security researchers have released a specialized scanning tool to identify vulnerable React Server Component (RSC) endpoints in modern web applications, addressing a critical gap in the detection of CVE-2025-55182. New Detection Approach Challenges Existing Security Assumptions A newly available Python-based scanner is transforming how organizations assess their exposure to CVE-2025-55182 by introducing a sophisticated surface…
-
Marquis Data Breach Exposes Dozens of U.S. Banks and Credit Unions
A significant cybersecurity incident affecting multiple U.S. financial institutions came to light on November 26, 2025, when Marquis Software Solutions notified affected customers of a ransomware attack. The breach, discovered on August 14, 2025, compromised the personal information of thousands of customers across numerous banks and credit unions throughout the United States. Marquis Software Solutions,…
-
Post Office Escapes £1m Fine After Postmaster Data Breach
The Information Commissioner’s Office has chosen only to reprimand the Post Office after a 2024 breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/post-office-1m-fine-postmaster/
-
Twins with hacking history charged in insider data breach affecting multiple federal agencies
Muneeb and Sohaib Akhter previously pleaded guilty to hacking into the State Department and other cybercrimes in 2015. First seen on cyberscoop.com Jump to article: cyberscoop.com/muneeb-sohaib-akhter-government-contractors-insider-attack/
-
When ERP Systems Become the Attack Surface
Tags: attack, business, cyber, data-breach, flaw, oracle, skills, vulnerability, vulnerability-managementSkills Needed: Enterprise Architecture, Configuration and Vulnerability Management When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation. First seen on govinfosecurity.com Jump to…
-
Marquis data breach impacts over 74 US banks, credit unions
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/
-
Freedom Mobile discloses data breach exposing customer data
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/freedom-mobile-discloses-data-breach-exposing-customer-data/
-
Post Office avoids ÂŁ1m fine over botched website upgrade data breach
The Information Commissioner’s Office considered fining the Post Office ÂŁ1m for a 2024 data breach that let subpostmasters down again First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366635582/Post-Office-avoids-1m-fine-over-botched-website-upgrade-data-breach
-
French DIY retail giant Leroy Merlin discloses a data breach
Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/french-diy-retail-giant-leroy-merlin-discloses-a-data-breach/
-
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-20-npm-malware-attack-exposed-up-to-400-000-dev-secrets/
-
4.3M Users Exposed in ShadyPanda’s Long-Running Browser Hack
ShadyPanda spent years hiding inside Google-verified extensions before unleashing an RCE backdoor that compromised 4.3 million users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3m-users-exposed-in-shadypandas-long-running-browser-hack/
-
A data breach at analytics giant Mixpanel leaves a lot of open questions
We sent over a dozen questions to Mixpanel’s CEO about the company’s data breach. Here’s what we want to know. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/02/a-data-breach-at-analytics-giant-mixpanel-leaves-a-lot-of-open-questions/
-
A data breach at analytics giant Mixpanel leaves a lot of open questions
We sent over a dozen questions to Mixpanel’s CEO about the company’s data breach. Here’s what we want to know. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/02/a-data-breach-at-analytics-giant-mixpanel-leaves-a-lot-of-open-questions/
-
South Korean E-Commerce Giant Coupang Probes Massive Breach
Chinese Developer Formerly Employed by Company Suspected of Data Theft. South Korea’s biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is…
-
South Korean E-Commerce Giant Coupang Probes Massive Breach
Chinese Developer Formerly Employed by Company Suspected of Data Theft. South Korea’s biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is…
-
South Korean E-Commerce Giant Coupang Probes Massive Breach
Chinese Developer Formerly Employed by Company Suspected of Data Theft. South Korea’s biggest online retailer, Coupang, said a five-month breach exposed personal data pertaining to 34 million customers, and only came to light after it received an extortion demand. Police said a former developer at the company, a Chinese national who fled the country, is…
-
Kensington and Chelsea confirms IT outage was a data breach after all
Borough says attackers copied ‘historical’ info as three-council cyber woes drag on First seen on theregister.com Jump to article: www.theregister.com/2025/12/02/london_councils_data_breach/
-
North Korea lures engineers to rent identities in fake IT worker scheme
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/
-
North Korea lures engineers to rent identities in fake IT worker scheme
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/
-
SmartTube Android TV App Compromised After Signing Keys Leak
SmartTube, a popular open-source YouTube client for Android TV devices with over 25,900 GitHub stars, has been compromised after its digital signing keys were exposed, prompting an urgent security response from developer Yurii Liskov (yuliskov). The incident, disclosed on November 27, 2025, has forced affected users to reinstall the application under a new digital signature…