Tag: data-breach
-
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
-
Seed Phrase geleakt: Behördenpanne führt zu millionenschwerem Krypto-Diebstahl
Krypto-Anleger wissen, wie wichtig es ist, eine Seed Phrase sicher und geheim zu bewahren. Steuerfahnder aus Südkorea aber offenkundig nicht. First seen on golem.de Jump to article: www.golem.de/news/seed-phrase-geleakt-behoerdenpanne-fuehrt-zu-millionenschwerem-krypto-diebstahl-2603-205980.html
-
Security Affairs newsletter Round 565 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Canadian Tire 2025 data breach impacts 38 million users Iran ‘s Internet near-totally blacked out amid…
-
Canadian Tire 2025 data breach impacts 38 million users
A data breach at Canadian Tire exposed personal data from over 38 million accounts, including contact details and encrypted passwords. More than 38 million accounts were affected by an October 2025 data breach at Canadian retail giant Canadian Tire (CTC). The incident marks one of the largest retail data breaches in Canada, raising concerns about…
-
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
South Korea’s National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
-
How vCISO Services Reduce Cyber Risk Without Increasing Costs?
Smaller organizations are increasingly under attack, with ransomware emerging as the dominant threat. According to the Verizon 2025 Data Breach Investigations Report, ransomware was involved in 88% of breaches affecting small and medium-sized enterprises (SMEs), compared to 39% among large enterprises. Such incidents can disrupt operations, expose sensitive information, and drive up recovery costs. Despite……
-
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data.The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix “AIza”) embedded in client-side code to provide Google-related services…
-
Lovable-hosted app littered with basic flaws exposed 18K users, researcher claims
Who’s to blame the vibey platforms or the humans who ignore security warnings? First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/lovable_app_vulnerabilities/
-
Security hole could let hackers take over Juniper Networks PTX core routers
The hole is “especially dangerous, because these devices often sit in the middle of the network, not on the fringes,” said Piyush Sharma, CEO of Tuskira. “If an attacker gains control of a PTX, the impact is bigger than a single device compromise because it can become a traffic vantage point and a control point…
-
‘Silent’ Google API key change exposed Gemini AI data
Mitigation: The first job for concerned site admins is to check in the GCP console for keys specifically allowing the Generative Language API. In addition, look for unrestricted keys, now identified by a yellow warning icon. Check if any of these keys are public.Exposed keys should all be rotated or ‘regenerated,’ with a grace period…
-
The Case for Why Better Breach Transparency Matters
It’s become a standard practice for organizations to disclose the bare minimum about a data breach, or worse, not disclose the incident at all. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/why-better-breach-transparency-matters
-
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities
Tags: ai, attack, cyber, data, data-breach, intelligence, metric, service, software, supply-chain, threat, vulnerabilityThe 2026 State of DevSecOps report reveals a critical tension between development velocity and security. While organizations rapidly adopt AI-assisted coding, many fail to manage dependencies properly, leaving their software supply chains highly vulnerable to threat actors.”‹ Threat Intelligence Data Threat Vector Key Metric Security Impact Deployed Services 87% of organizations have known vulnerabilities”‹. High…
-
Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach
ManoMano is notifying 38 million customers after a third-party customer service breach exposed personal data, highlighting growing supply chain security risks. The post Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-manomano-38m-third-party-data-breach/
-
ManoMano data breach impacted 38 Million customer accounts
European DIY platform ManoMano suffered a data breach via a third-party provider, exposing personal data of 38 million customers. European DIY e-commerce platform ManoMano disclosed a major data breach affecting 38 million customers. Hackers accessed personal information by compromising a third-party service provider, prompting notifications and potential security measures for impacted users across multiple countries.…
-
12 Million exposed .env files reveal widespread security failures
Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide. Configuration mistakes rarely trigger alarms. A forgotten deny rule, an overlooked server setting, or a full project folder uploaded to production can quietly expose a company’s most sensitive secrets. In many cases, those secrets live inside simple environment files…
-
Hacker-Angriffe: USA, Indien und Deutschland stark betroffen
Zwischen 2023 und 2025 wurden weltweit fast 10.000 große Datenlecks registriert, bei denen über 7,8 Milliarden E-Mail-Datensätze offengelegt wurden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-angriffe-deutschland-betroffen
-
1 Million Records from Dutch Telco Odido Leaked Online in Massive Data Breach
The Dutch telecommunications company Odido suffered a massive data breach that exposed the personal information of nearly 700,000 customers. The incident, which included an extortion attempt, has raised serious concerns about customer privacy and data security in the telecom sector. Following the breach, attackers leaked the stolen information online in two separate dumps. Extent of…
-
OpenClaw Insights: A CISO’s Guide to Safe Autonomous Agents FireTail Blog
Tags: access, ai, api, breach, ciso, compliance, control, data, data-breach, detection, endpoint, finance, firewall, framework, governance, guide, LLM, network, open-source, risk, risk-management, software, strategy, technology, tool, vulnerabilityFeb 27, 2026 – Alan Fagan – The “OpenClaw” crisis has board members asking, “Could this happen to us?” The answer isn’t to ban AI agents. It’s to govern them. By now, the dust is settling on the OpenClaw (aka MoltBot) incident. The technical post-mortems (including our own) have been written, the exposed ports have…
-
Nearly 38 Million Impacted in ManoMano Third-Party Breach
ManoMano is notifying nearly 38 million customers after a third-party breach exposed personal data and underscored growing vendor security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nearly-38-million-impacted-in-manomano-third-party-breach/
-
Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security
Tags: access, ai, business, ciso, cloud, compliance, control, data, data-breach, detection, email, endpoint, infrastructure, leak, microsoft, monitoring, risk, risk-management, saas, toolWhen Microsoft confirmed that a bug allowed Copilot to surface and summarize emails marked confidential despite existing DLP controls, it reignited urgent questions about Microsoft Copilot security, DLP bypass risk and enterprise AI data protection. The reaction was immediate. For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it…
-
European DYI chain ManoMano data breach impacts 38 million customers
DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/
-
When Payment Data Becomes the Weakest Link
Tags: access, awareness, breach, cloud, compliance, container, control, cybersecurity, data, data-breach, encryption, fraud, least-privilege, PCI, radius, risk, service, software, strategy, threatWhen Payment Data Becomes the Weakest Link madhav Thu, 02/26/2026 – 10:56 Most cybersecurity incidents don’t begin with an attack. They begin with a design decision. Four people experienced that reality in the same week. Different roles. Different systems. One shared outcome. Cybersecurity Karen Kelvie – Product Marketing, Data Protection More About This Author >…
-
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-police-chatgpt-smear-japan-pm-takaichi
-
Marquis Sues SonicWall Over 2025 Firewall Data Breach
Tags: attack, authentication, backup, breach, cloud, credentials, data, data-breach, firewall, flaw, ransomware, softwareLawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis. Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits. First seen…
-
Critical Zyxel router flaw exposed devices to remote attacks
Tags: attack, cve, data-breach, flaw, injection, remote-code-execution, router, vulnerability, zyxelZyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a critical remote code execution vulnerability, tracked as CVE-2025-13942 (CVSS score of 9.8), affecting more than a dozen router models. A command injection flaw in the UPnP feature of several Zyxel CPEs, Fiber ONTs, and…
-
ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump
ShinyHunters allegedly leaked 12.4 million CarGurus records, exposing personal and financing data and raising risks of phishing and data extortion attacks. The post ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-shinyhunters-cargurus-data-leak-12-million-records/
-
Inside the story of the US defense contractor who leaked hacking tools to Russia
The former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker. This is how we first learned of his arrest, reported the story, and some of the unanswered questions we still have. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/25/inside-the-story-of-the-us-defense-contractor-who-leaked-hacking-tools-to-russia/
-
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who……
-
ShinyHunters Claims Odido NL and Ben.nl Breach as Company Confirms Cyberattack
ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data. First seen on hackread.com Jump to article: hackread.com/shinyhunters-odido-nl-ben-nl-breach-confirm-cyberattack/