Tag: data-breach
-
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys … but so can miscreants First seen on theregister.com Jump to article: www.theregister.com/2025/02/19/automated_tool_scans_public_repos/
-
Data breach notifications commenced by Finastra
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-notifications-commenced-by-finastra
-
Threat Actors Using $10 Infostealer Malware to Compromise US Security
Tags: access, credentials, cyber, cybersecurity, data-breach, defense, malware, marketplace, military, threatA recent cybersecurity investigation has unveiled a troubling reality: U.S. military personnel and employees of major defense contractors, including Lockheed Martin, Boeing, and Honeywell, have been compromised by infostealer malware. This inexpensive yet potent cyberweapon, available for as little as $10 per infected device on underground marketplaces, has exposed critical credentials, including access to classified…
-
Finastra Notifies Customers of Data Breach
Finastra notifies customers of data breach that took place more than three months ago, impacting sensitive financial information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/finastra-notifies-customers-data/
-
Tech investment firm Insight Partners discloses data breach
The company holds investments in several major technology companies, such as Wiz and Kaseya. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/tech-investment-firm-insight-partners-discloses-data-breach/740320/
-
Russian CryptoBytes Hackers Target Windows Machines with UxCryptor Ransomware
Tags: cyber, cybercrime, data-breach, group, hacker, malware, ransomware, russia, threat, tool, windowsThe SonicWall Capture Labs threat research team has identified continued activity from the Russian cybercriminal group CryptoBytes, which has been active since at least 2023. This financially motivated group is leveraging a ransomware strain named UxCryptor, which has gained notoriety for its reliance on leaked ransomware builders. These tools lower the technical barrier for malware…
-
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…
-
Palo Alto Networks PAN-OS vulnerability exploited in the wild
Palo Alto Networks says threat actors used a publicly available PoC exploit in attack attempts against firewall customers with PAN-OS management interfaces exposed to the internet. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619271/Palo-Alto-Networks-PAN-OS-vulnerability-exploited-in-the-wild
-
Anstieg von Datenlecks: Vier kompromittierte Konten pro Sekunde
Im Jahr 2024 erlebte Deutschland eine alarmierende Zunahme von Datenlecks. Durchschnittlich wurden pro Sekunde vier Nutzerkonten kompromittiert, was die steigende Bedrohung durch Cyberangriffe verdeutlicht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/anstieg-datenlecks
-
Clinical Trial Database Exposes 1.6M Records to Web
Researcher Says Firm Failed to Secure Sensitive Health Data From Survey Forms. An unsecured database containing 2 terabytes of data allegedly exposed more than 1.6 million clinical research records to the internet, including sensitive personal and medical information of patients, said the security researcher who discovered the lapse. Why does this keep happening? First seen…
-
DarkMind: A Novel Backdoor Attack Exploiting Customized LLMs’ Reasoning Capabilities
The rise of customized large language models (LLMs) has revolutionized artificial intelligence applications, enabling businesses and individuals to leverage advanced reasoning capabilities for complex tasks. However, this rapid adoption has also exposed critical vulnerabilities. A groundbreaking study by Zhen Guo and Reza Tourani introduces DarkMind, a novel backdoor attack targeting the reasoning processes of customized…
-
Finastra Starts Notifying People Impacted by Recent Data Breach
Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach. The post Finastra Starts Notifying People Impacted by Recent Data Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/finastra-starts-notifying-people-impacted-by-recent-data-breach/
-
Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers
Tags: breach, credentials, cyber, cybersecurity, data, data-breach, email, finance, identity, password, phone, service, theftA cybersecurity incident at Zacks Investment Research has exposed sensitive data belonging to 12 million users, marking the second major breach for the financial services firm since 2022. The compromised information includes email addresses, phone numbers, names, IP addresses, physical addresses, and weakly protected password hashes, raising concerns about identity theft and credential-stuffing attacks. Breach…
-
BitConnect Scam Exposed as Indian Authorities Seize Illicit Gains
The Directorate of Enforcement (ED) in Ahmedabad has dealt a significant blow to one of history’s largest cryptocurrency frauds, recovering Rs. 1,646 crore (approx. $219 million) in illicit crypto assets linked to the BitConnect Ponzi scheme during coordinated raids on 11 and 15 February. The operation”, part of a years-long probe into the multi-billion-rupee scam”, also seized…
-
Password managers under increasing threat as infostealers triple and adapt
Tags: access, attack, authentication, automation, breach, ceo, cloud, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, defense, email, encryption, exploit, finance, hacker, identity, intelligence, least-privilege, login, malicious, malware, mfa, password, phishing, ransomware, risk, service, switch, tactics, theft, threat, tool, vulnerability, zero-trustMalware-as-a-service infostealers: For example, RedLine Stealer is specifically designed to target and steal sensitive information, including credentials stored in web browsers and other applications. It is often distributed through phishing emails or by tricking prospective marks into visiting booby-trapped websites laced with malicious downloaders.Another threat comes from Lumma stealer, offered for sale as a malware-as-a-service,…
-
Privacy Roundup: Week 7 of Year 2025
Tags: access, antivirus, api, apple, attack, breach, business, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, law, leak, malware, microsoft, military, network, password, phishing, privacy, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, windows, zero-dayThis is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 – 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Thermomix-Datenleck: Millionen Nutzerdaten der Web-Plattform Rezeptwelt.de gestohlen
Tags: data-breachFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/thermomix-datenleck-millionen-nutzerdaten-web-plattform-rezeptwelt-de-diebstahl
-
Fintech giant Finastra notifies victims of October data breach
Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fintech-giant-finastra-notifies-victims-of-october-data-breach/
-
Mars Hydro Datenleck 2025: Fast 3 Milliarden Datensätze offen im Netz
Massives Leak bei Mars Hydro: Fast 3 Milliarden Datensätze standen ungeschützt im Netz. Außerdem: Leak-News zu Storenvy, Zacks und Doxbin. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/mars-hydro-datenleck-2025-fast-3-milliarden-datensaetze-offen-im-netz-310422.html
-
CVE-2024-1709 and CVE-2023-48788: Exploits Fueling Russia’s BadPilot Campaign
Microsoft Threat Intelligence has exposed a multiyear cyber espionage campaign conducted by a subgroup of the Russian state-sponsored First seen on securityonline.info Jump to article: securityonline.info/cve-2024-1709-and-cve-2023-48788-exploits-fueling-russias-badpilot-campaign/
-
Online-Investitionsrecherche: Daten von Millionen Zacks-Nutzern geleakt
Tags: data-breachIn einem Untergrundforum stehen persönliche Daten von Millionen Zacks-Kunden zum Verkauf. First seen on heise.de Jump to article: www.heise.de/news/Online-Investitionsrecherche-Daten-von-Millionen-Zacks-Nutzern-geleakt-10283931.html
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33
Tags: breach, credit-card, cyber, data, data-breach, google, india, international, malware, mobile, north-korea, usaSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site From South America to Southeast Asia: The Fragile Web of REF7707 Analyzing DEEP#DRIVE: North Korean…
-
Pennsylvania utility says MOVEit breach at vendor exposed some customer data
A Pennsylvania utility company says that basic customer data stolen from one of its vendors in 2023 was recently exposed online, but the incident did not affect its core systems. First seen on therecord.media Jump to article: therecord.media/pennsylvania-utility-says-moveit-vendor-breach-exposed-some-data
-
Almost 12M Zacks Investment Research Accounts Exposed
Tags: data-breachFirst seen on scworld.com Jump to article: www.scworld.com/brief/almost-12m-zacks-investment-research-accounts-exposed
-
South Korean CSOs Under Cyberattack: 3-Year Study
A three-year study conducted by independent security researcher Ovie (Ovi) has exposed the scale and sophistication of digital First seen on securityonline.info Jump to article: securityonline.info/south-korean-csos-under-cyberattack-3-year-study/