Tag: data-breach
-
2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE Flaw
Tags: control, cve, cyber, cybersecurity, data-breach, exploit, flaw, fortinet, rce, remote-code-execution, threat, tool, vulnerabilityCybersecurity researchers have issued an urgent warning for organizations using Fortinet’s FortiClient Enterprise Management Server (EMS). Over 2,000 instances of this critical administrative tool are currently exposed to the public internet. Threat actors are actively exploiting severe vulnerabilities to take full control of these systems. These security gaps are tracked as CVE-2026-35616, which is a…
-
New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In
What happened New Progress ShareFile bugs could let attackers take over exposed on-premises servers without logging in by chaining an authentication bypass with remote code execution. The issues affect customer-managed ShareFile Storage Zones Controller 5.x deployments. The first flaw, CVE-2026-2699, is an authentication bypass on the Admin.aspx configuration page that can expose restricted admin functionality…The…
-
Hackers Spread Vidar and GhostSocks Malware Through Claude Code Leak
What happened Hackers are weaponizing the leaked Claude Code source to spread Vidar and GhostSocks malware through malicious repositories that impersonate the exposed codebase. The campaign followed Anthropic’s March 31 packaging error, which exposed the source code for Claude Code in a public npm package through a JavaScript source map file containing more than half…The…
-
CBP facility codes sure seem to have leaked via online flashcards
Tags: data-breachQuizlet flashcards seem to include sensitive information about gate security at CBP locations. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/cbp-facility-codes-sure-seem-to-have-leaked-via-online-flashcards/
-
The Hack That Exposed Syria’s Sweeping Security Failures
When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity. First seen on wired.com Jump to article: www.wired.com/story/inside-the-hack-that-exposed-syrias-security-failures/
-
Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach
What happened An internet-connected coffee machine reportedly led to a significant corporate data breach after attackers used the device as an entry point into a secure network. A digital forensics investigator identified only as TR examined the incident after a client suspected a rival had infiltrated its systems. Instead of finding malware, the investigator found…The…
-
European Commission breach exposed data of 30 EU entities, CERT-EU says
CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed…
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
The Theranos Playbook Is Quietly Returning in Cybersecurity
Market Pressures Are Rewarding Storytelling More Than Validation, Operational Value The fall of health tech company Theranos exposed how hype can outpace reality. In cybersecurity, similar pressures are emerging as vendors compete with bold claims and buyers struggle to verify outcomes. The result: a market where narrative can overshadow measurable operational value. First seen on…
-
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models. First seen on wired.com Jump to article: www.wired.com/story/meta-pauses-work-with-mercor-after-data-breach-puts-ai-industry-secrets-at-risk/
-
Security lapse lets researchers view React2Shell hackers’ dashboard
Tags: access, attack, breach, credentials, data-breach, exploit, hacker, Internet, risk, update, vulnerabilityIndustrial scale: “This is all about neglect and efficiency,” Gene Moody, field CTO at patch management provider Action1, told CSO . “React2Shell quickly met all the criteria attackers look for: public disclosure, reliable exploitation, and internet-facing exposure. That combination effectively guaranteed widespread abuse. Since then, multiple campaigns have automated the full [attack] lifecycle [of], scanning,…
-
EU cyber agency attributes major data breach to TeamPCP hacking group
The European Union’s cybersecurity agency said the hacking group TeamPCP was behind a massive recent data breach at the European Commission. First seen on therecord.media Jump to article: therecord.media/european-commission-cyberattack-teampcp
-
Hims & Hers warns of data breach after Zendesk support ticket breach
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach/
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
Europe’s cyber agency blames hacking gangs for massive data breach and leak
CERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/03/europes-cyber-agency-blames-hacking-gangs-for-massive-data-breach-and-leak/
-
Claude Code source leak exploited to spread malware
A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/claude-code-leak-github-malware/
-
14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability
Tags: access, attack, cve, cyber, cybersecurity, data-breach, exploit, flaw, Internet, network, rce, remote-code-execution, vulnerabilityCybersecurity researchers have identified a massive attack surface involving F5 BIG-IP Access Policy Manager (APM) devices. Following a critical severity upgrade to a recently disclosed flaw, over 17,100 instances are currently exposed to the internet, leaving enterprise networks vulnerable to full system takeovers. The Escalation of CVE-2025-53521 The vulnerability, tracked as CVE-2025-53521, was initially classified…
-
CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations. First seen on wired.com Jump to article: www.wired.com/story/cbp-facility-codes-sure-seem-to-have-leaked-via-online-flashcards/
-
CERT-EU: European Commission hack exposes data of 30 EU entities
The European Union’s Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cert-eu-european-commission-hack-exposes-data-of-30-eu-entities/
-
Adobe Data Breach Allegedly Exposes 13 Million Support Tickets
A threat actor known as >>Mr. Raccoon<< claims to have breached Adobe, stealing a massive amount of sensitive data. According to a report by International Cyber Digest, the stolen files include 13 million customer support tickets, 15,000 employee records, internal documents, and all of the company's HackerOne bug bounty submissions. The attacker did not hack…
-
Claude Code Leak Exposes AI Supply Chain Threats
A packaging error in Anthropic’s Claude Code exposed over 500,000 lines of source code. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/claude-code-leak-exposes-ai-supply-chain-threats/
-
Hasbro hit by cyberattack, investigates possible data breach
Hasbro suffers a cyberattack, disrupting some operations; the company is probing the scope and potential data compromise. Toy giant Hasbro reported a cyberattack on Wednesday that disrupted certain company operations. The firm is investigating the full extent of the incident, including whether any files or sensitive data were compromised, as it works to restore normal…
-
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
An exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/02/canadian-money-transfer-app-duc-expose-drivers-licenses-passports-amazon-server/
-
Possible US Government iPhone Hacking Tool Leaked
Tags: data-breach, defense, exploit, google, government, group, hacking, iphone, malware, tool, vulnerabilityWired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code.…
-
Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm
Tags: breach, cyber, cybersecurity, data, data-breach, defense, group, hacker, international, iran, military, threatThe international cybersecurity community was alerted to a major data breach involving Israeli military infrastructure. Handala, a recognized Iranian nation-state threat actor, claims to have successfully breached PSK Wind Technologies, a key Israeli defense contractor. The incident has resulted in the public release of highly classified military data, representing a significant compromise of sensitive operational…