Tag: data-breach
-
AirBorne flaws can lead to fully hijack Apple devices
by
in SecurityNewsVulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and…
-
Data breach disclosed by UrbanOne following Cactus ransomware claims
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-disclosed-by-urbanone-following-cactus-ransomware-claims
-
VeriSource cops to 4 million accounts lost in 2024 data breach
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/verisource-cops-to-4-million-accounts-lost-in-2024-data-breach
-
Over 400 servers found to be exposed to SAP NetWeaver bug
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/over-400-servers-found-to-be-exposed-to-sap-netweaver-bug
-
Hackers ramp up scans for leaked Git tokens and secrets
by
in SecurityNewsThreat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-ramp-up-scans-for-leaked-git-tokens-and-secrets/
-
Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE attacks
by
in SecurityNews
Tags: apple, attack, data-breach, flaw, programming, rce, remote-code-execution, software, vulnerabilityA set of security vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
-
SK Telecom cyberattack: Free SIM replacements for 25 million customers
by
in SecurityNewsSouth Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sk-telecom-cyberattack-free-sim-replacements-for-25-million-customers/
-
Verizon 2025 Report Highlights Surge in Cyberattacks Through Third Parties
by
in SecurityNewsVerizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark picture of the escalating cyber threat landscape. Analyzing over 22,000 security incidents, including 12,195 confirmed data breaches, the report reveals a alarming 30% involvement of third parties in breaches-a figure that has doubled from previous years. This underscores the growing risks…
-
GPUAF: Two Methods to Root Qualcomm-Based Android Phones
by
in SecurityNewsSecurity researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, target the kgsl_mem_entry and Virtual Buffer Object (VBO) structures. By leveraging race conditions and memory management flaws, attackers can achieve…
-
Threat Actors Accelerate Transition from Reconnaissance to Compromise New Report Finds
by
in SecurityNews
Tags: api, attack, automation, cloud, cyber, cybercrime, data, data-breach, identity, technology, threat, tool, voipCybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from reconnaissance to compromise. The data shows a staggering 16.7% global increase in scans, with over 36,000 scans per second targeting not just exposed ports but delving into operational technology (OT), cloud APIs, and identity layers. Sophisticated tools probe SIP-based VoIP systems,…
-
21 million employee screenshots leaked in bossware breach blunder
by
in SecurityNewsIf you thought only your boss was peeking at your work screen, think again. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/21-million-employee-screenshots-leaked-in-bossware-breach-blunder
-
VeriSource data breach impacted 4M individuals
by
in SecurityNewsVeriSource breach exposed data of 4M people in Feb 2024; stolen info includes personal details from an employee benefits services provider. VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data was stolen on February 27, 2024, and the incident was discovered on February 28, 2024. The company…
-
Unbefugter Zugriff bei einem Medienunternehmen aus den USA
by
in SecurityNewsMedia firm Urban One confirms data breach after cybercriminals claim February attack First seen on therecord.media Jump to article: therecord.media/urban-one-data-breach-african-amercian-media
-
Weaponized Uyghur Language Software: Citizen Lab Uncovers Targeted Malware Campaign
by
in SecurityNewsIn a new report, researchers at Citizen Lab have exposed a spearphishing campaign targeting senior members of the First seen on securityonline.info Jump to article: securityonline.info/weaponized-uyghur-language-software-citizen-lab-uncovers-targeted-malware-campaign/
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
TikTok user database purportedly compromised, over 900K users’ info exposed
by
in SecurityNews
Tags: data-breachFirst seen on scworld.com Jump to article: www.scworld.com/brief/tiktok-user-database-purportedly-compromised-over-900k-users-info-exposed
-
VeriSource now says February data breach impacts 4 million people
by
in SecurityNewsEmployee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/verisource-now-says-february-data-breach-impacts-4-million-people/
-
Media firm Urban One confirms data breach after cybercriminals claim February attack
by
in SecurityNewsUrban One, the largest media company primarily serving African Americans, disclosed a data breach to regulators. A ransomware group said it had attacked the company. First seen on therecord.media Jump to article: therecord.media/urban-one-data-breach-african-amercian-media
-
Verizon’s Data Breach Report Findings ‘Underscore the Importance of a Multi-Layered Defense Strategy’
by
in SecurityNewsVerizon surveyed about 22,000 security incidents and 12,000 data breaches. Ransomware incidents increased, while the median ransom payment dropped. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-verizon-data-breach-investigations-report-2025/
-
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
by
in SecurityNewsOver 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-1-200-sap-netweaver-servers-vulnerable-to-actively-exploited-flaw/
-
Rack Ruby Framework Vulnerabilities Let Attackers Inject and Manipulate Log Content
by
in SecurityNewsResearchers Thai Do and Minh Pham have exposed multiple critical vulnerabilities in the Rack Ruby framework, a cornerstone of Ruby-based web applications with over a billion global downloads. Identified as CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610, these flaws pose significant risks to applications built on frameworks like Ruby on Rails and Sinatra. Rack, acting as a modular…
-
Exposure Management Works When the CIO and CSO Are in Sync
by
in SecurityNews
Tags: access, ai, attack, business, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, endpoint, finance, infrastructure, jobs, office, risk, strategy, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CIO Patricia Grant looks at how the CIO/CSO relationship is key to a successful exposure management program. You can read the entire Exposure Management Academy series here. When I…
-
Blue Shield of California Data Breach Exposes 4.7M Members’ Info
by
in SecurityNewsDiscover the Blue Shield of California data breach affecting 4.7M members. Learn about the risks and essential security measures to protect your data. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/blue-shield-of-california-data-breach-exposes-4-7m-members-info/
-
Threat actors are scanning your environment, even if you’re not
by
in SecurityNewsIn a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/28/outpost24-easm-sweepatic/
-
Datenleck bei einem Finanzdienstleister in Brasilien
by
in SecurityNews
Tags: data-breachXP Investimentos sofre acesso não-autorizado e alerta clientes que estão seguros First seen on tecmundo.com.br Jump to article: www.tecmundo.com.br/seguranca/404138-xp-investimentos-sofre-ataque-cibernetico-e-alerta-clientes.htm
-
4chan is back online, says it’s been ‘starved of money’
by
in SecurityNews4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks. The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was…
-
GDPR Data Breach Notification Template With Examples [Download]
by
in SecurityNewsThe GDPR is a law developed by the European Union (EU) to protect individuals’ personal data. Although it originated in the EU, several countries and organisations outside Europe have to date also adopted this regulation, which shows how detailed and well-thought-out it is. Among many of the GDPR’s guidelines, the data breach notification letter is……
-
Security Affairs newsletter Round 521 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNews
Tags: breach, ceo, cybersecurity, data, data-breach, email, group, international, malware, WeeklyReviewA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. African multinational telco giant MTN Group disclosed a data breach CEO of cybersecurity firm charged with installing malware…