Tag: data-breach
-
Second data breach at European Commission this year leaves open questions over resilience
The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/european-commission-cyberattack-cloud-infrastructure-website/
-
TA446 Uses DarkSword Exploit Kit to Target iPhone Users
TA446, a Russia-linked espionage group, has started using the DarkSword exploit kit to compromise iOS devices in a new phishing wave that abuses Atlantic Council”‘themed lures. The campaign underscores how quickly leaked iOS exploit chains can be weaponized against high”‘value policy and government targets. Unlike earlier TA446 operations that relied on password”‘protected ZIP attachments delivering…
-
European Commission Confirms Cloud Data Breach
The European Commission has revealed details of a data breach impacting its AWS infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/european-commission-cloud-data/
-
European Commission confirms data breach after Europa.eu hack
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/
-
Hackers Probe Citrix NetScaler Systems Ahead of Suspected CVE-2026-3055 Exploitation
Tags: citrix, cve, cyber, cyberattack, cybersecurity, data-breach, exploit, flaw, hacker, intelligence, threat, vulnerabilityCybersecurity researchers are warning organizations about imminent cyberattacks targeting a newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firms watchTowr and Defused Cyber have uncovered active reconnaissance campaigns targeting CVE-2026-3055, a severe flaw that allows attackers to steal sensitive data. With hackers actively scanning for exposed systems, organizations are urged…
-
CISA Warns of Actively Exploited F5 BIG-IP Vulnerability in Ongoing Attacks
Tags: attack, cisa, cyber, cybersecurity, data-breach, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited flaw in F5 BIG-IP systems. The vulnerability has been officially added to the Known Exploited Vulnerabilities (KEV) catalog, signaling that threat actors are successfully weaponizing the bug in real-world attacks. Organizations running exposed F5 infrastructure must address this threat…
-
Studie legt die schwerwiegendsten Datenlecks im Jahr 2025 offen
Tags: data-breachNur eine Handvoll großer Datenlecks haben das Cybersicherheitsjahr”¯2025 geprägt sie überstrahlten mit ihrem Ausmaß und ihren Folgen tausende kleinere Vorfälle bei weitem. Die Expertenteams von NordPass und Nord Stellar haben die bedeutendsten Datenpannen und -lecks zusammengetragen, die sie beobachtet haben. Hier sind die fünf größten Datenlecks gemessen an der Anzahl der offengelegten Zugangsdaten… First seen…
-
ShinyHunters Claims 350GB Data Breach at European Commission
ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet. First seen on hackread.com Jump to article: hackread.com/shinyhunters-350gb-data-breach-european-commission/
-
AI Is Outpacing Enterprise Security Controls
Netskope’s Sanjay Beri on Data Risk, Agent Visibility and Enabling AI Safely. AI adoption has outrun enterprise security, leaving data exposed and controls nonexistent. Sanjay Beri, co-founder and CEO at Netskope, says the answer isn’t restriction. It’s visibility, context and a culture of enablement. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-outpacing-enterprise-security-controls-a-31259
-
AI Is Outpacing Enterprise Security Controls
Netskope’s Sanjay Beri on Data Risk, Agent Visibility and Enabling AI Safely. AI adoption has outrun enterprise security, leaving data exposed and controls nonexistent. Sanjay Beri, co-founder and CEO at Netskope, says the answer isn’t restriction. It’s visibility, context and a culture of enablement. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-outpacing-enterprise-security-controls-a-31259
-
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet.Handala Hack Team, which carried out the breach, said on its website that Patel “will now find his…
-
Lloyds Group to Compensate 450,000 Customers After App Glitch
Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected… First seen on hackread.com Jump to article: hackread.com/lloyds-compensate-customers-app-glitch-exposed-data/
-
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices.The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under…
-
Anthropic’s Mythos leak is a wake-up call: Phishing 3.0 is already here
<div cla Anthropic’s leaked model made headlines this week. But the real story is what current AI models can already do to your inbox. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/anthropics-mythos-leak-is-a-wake-up-call-phishing-3-0-is-already-here/
-
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/coruna-darksword-democratizing-nation-state-exploit-kits
-
Neue Darksword-Version geleakt: Warum dieses Exploit-Kit Millionen iPhones hacken kann
First seen on t3n.de Jump to article: t3n.de/news/darksword-exploit-iphones-hacken-1735530/
-
Claude Mythos and the Cybersecurity Risk That Was Already Here
<div cla On March 26, Anthropic confirmed the existence of Claude Mythos, an unreleased AI model described internally as “a step change” in capabilities, after a data leak exposed approximately 3,000 unpublished assets in a publicly searchable, unencrypted data store (Fortune, March 26, 2026). The leak was not a sophisticated intrusion. A toggle switch in…
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
Ajax data breach exposed season tickets, supporter bans open to tampering
AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/afc-ajax-data-breach-supporter-bans/
-
Breach Roundup: Tycoon2FA Phishing Platform Rebounds
Tags: 2fa, attack, breach, data, data-breach, healthcare, iran, malware, north-korea, oracle, phishing, ransomware, russiaAlso, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France. This week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim…
-
NYC Health Notifying Patients of 2 Third-Party Hacks
Incidents Are Unrelated, Says NYC Health + Hospitals. Hackers had access to New York City’s municipal healthcare system for nearly three months before being detected, stealing data of an undisclosed number of patients. The incident is the second hacking-related data breach within weeks involving a third-party firm hired by NYC Health + Hospitals. First seen…
-
Ajax football club hack exposed fan data, enabled ticket hijack
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ajax-football-club-hack-exposed-fan-data-enabled-ticket-hijack/
-
Chain Reaction: How One Stolen Token Tore Through Five Ecosystems
Why Your Static Credentials Are a Ticking Time Bomb The TeamPCP campaign, one of the largest credential theft campaigns of 2026, began with a compromise in Trivy. A security tool trusted to scan for vulnerabilities and leaked secrets was weaponized against the very environments it was meant to protect. Instead of catching exposed credentials, it……
-
Former NSA chiefs worry American offensive edge in cybersecurity is slipping
A systemic numbness to cyberattacks has exposed the U.S. economy and its institutions to ever-widening threats. Retired four-star military officials worry the worst day in cyber is yet to come. First seen on cyberscoop.com Jump to article: cyberscoop.com/former-nsa-chiefs-offensive-edge-rsac/
-
Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks
Leaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/26/apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks/
-
A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know.
Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by security researchers. DarkSword has now leaked online. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/26/a-major-hacking-tool-has-leaked-online-putting-millions-of-iphones-at-risk-heres-what-you-need-to-know/