Tag: data-breach
-
Critical GitHub RCE bug exposed millions of repositories
Full compromise across tenants: In its analysis, Wiz detailed how the issue could be escalated from initial command execution to full remote code execution on affected systems.”On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible…
-
Critical GitHub RCE bug exposed millions of repositories
Full compromise across tenants: In its analysis, Wiz detailed how the issue could be escalated from initial command execution to full remote code execution on affected systems.”On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible…
-
ShinyHunters exploit Anodot incident to target Vimeo
The video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails. Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provides AI-driven data analytics and anomaly detection tools. Most of the exposed information includes technical data, video titles, and…
-
Vimeo Confirms Data Breach After Hackers Access User Database
Tags: access, breach, cyber, data, data-breach, hacker, risk, security-incident, software, supply-chain, vulnerabilityVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with software supply chains, where a vulnerability in one vendor can compromise multiple downstream companies.…
-
WhatsApp’s encryption protects servers but leaves users exposed to client-side attacks
The use of encryption helps to secure WhatsApp’s infrastructure, but researchers at Black Hat Asia warn platform’s architecture is driving hackers to target user devices directly First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642369/WhatsApps-encryption-protects-servers-but-leaves-users-exposed-to-client-side-attacks
-
WhatsApp’s encryption protects servers but leaves users exposed to client-side attacks
The use of encryption helps to secure WhatsApp’s infrastructure, but researchers at Black Hat Asia warn platform’s architecture is driving hackers to target user devices directly First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642369/WhatsApps-encryption-protects-servers-but-leaves-users-exposed-to-client-side-attacks
-
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-clickup-api-key-email-exposure/
-
Feuding Ransomware Groups Leak Each Other’s Data
When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data
-
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded API key in ClickUp’s public website exposed hundreds of enterprise and government email addresses for over a year. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickup-data-leak-exposes-enterprise-emails-for-over-a-year/
-
Video service Vimeo confirms Anodot breach exposed user data
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/video-service-vimeo-confirms-anodot-breach-exposed-user-data/
-
ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs
ADT confirmed a data breach exposing customer names, addresses, phone numbers, and partial SSNs, with millions of records reportedly affected. The post ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-adt-data-breach-millions-customer-records/
-
ShinyHunters claims it stole 1.4 million records from Udemy
The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/28/udemy-data-breach-shinyhunters-group/
-
Medtronic Confirms Data Breach After ShinyHunters Claims
Medtronic confirms IT breach as ShinyHunters claims millions of records accesseda First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/medtronic-data-breach-shinyhunters/
-
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/checkmarx-confirms-lapsus-hackers-leaked-its-stolen-github-data/
-
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
-
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
-
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Bank pays out compensation to more customers and reveals expansion of affected group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642496/Lloyds-Bank-compensates-another-1625-customers-after-alarming-data-breach
-
Checkmarx Confirms Security Incident Involving GitHub Repository Exposure
Tags: application-security, ciso, cyber, cybercrime, data, data-breach, github, group, security-incidentApplication security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal group successfully leaked Checkmarx data on the dark web. This alarming development stems from an earlier security…
-
New Android spyware Morpheus linked to Italian surveillance firm
Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand…
-
French police arrest 21-year-old >>HexDex<< hacker over 100 alleged data breaches
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western France. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/french-police-arrest-hexdex-hacker
-
ClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 Firms
A major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left inside ClickUp’s production JavaScript bundle. This script loads automatically whenever a user visits the platform’s content delivery network.…
-
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds
A Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access controls. The Nine-Second Data Breach Jer Crane, founder of automotive software platform PocketOS, reported that the…
-
ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack
The ShinyHunters extortion group is claiming responsibility for a breach of home and commercial security vendor ADT that exposed the data of 5.5 million customers. attack appears to be part of a larger and ongoing vishing campaign being run by the prolific threat actors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/adt-breach-exposes-data-of-5-5-million-customers-shinyhunters-likely-behind-attack/
-
FIRESIDE CHAT: Leaked secrets are now the go-to attack vector, and AI is accelerating exposures
A consequential shift is underway in how enterprise breaches begin. The leaked credential, once treated as a hygiene problem, has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/fireside-chat-leaked-secrets-are-now-the-go-to-attack-vector-and-ai-is-accelerating-exposures/
-
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems. First seen on hackread.com Jump to article: hackread.com/shinyhunters-leak-udemy-zara-7-eleven-data-breach/
-
Home Security Firm ADT Breach: 5.5M Customers’ Data Exposed
Prolific ShinyHunters Extortion Group Made ‘Pay or Leak’ Threat to Victim. Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee. First seen…
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
Home security giant ADT data breach affects 5.5 million people
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/home-security-giant-adt-data-breach-affects-55-million-people/