Tag: data-breach
-
Inside the story of the US defense contractor who leaked hacking tools to Russia
The former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker. This is how we first learned of his arrest, reported the story, and some of the unanswered questions we still have. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/25/inside-the-story-of-the-us-defense-contractor-who-leaked-hacking-tools-to-russia/
-
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who……
-
ShinyHunters Claims Odido NL and Ben.nl Breach as Company Confirms Cyberattack
ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data. First seen on hackread.com Jump to article: hackread.com/shinyhunters-odido-nl-ben-nl-breach-confirm-cyberattack/
-
12.4 Million Accounts Exposed in CarGurus Leak
ShinyHunters’ alleged CarGurus leak exposed 12.4 million accounts, heightening phishing and fraud risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/12-4-million-accounts-exposed-in-cargurus-leak/
-
Datenpanne bei Erotikplattform Frivol leakt berufliche EAdressen
Cybernews-Sicherheitsforscher haben ein Datenleck mit Hunderttausenden betroffenen Nutzern bei Frivol.com entdeckt. Bei der Seite handelt es sich um ein Erotikportal, spezialisiert auf nutzergenerierte Inhalte von Amateuren. Unter den rund 479.000 geleakten E-Mail-Adressen befanden sich auch Nutzerkonten, die sich mit ihren Firmenadressen registriert hatten und mit geringem Aufwand bestimmten Unternehmen zugeordnet werden konnten. ‘Der Vorfall zeigt,…
-
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S.,…
-
CarGurus data breach exposes information of 12.4 million accounts
The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
-
Teenagers charged over public bike service breach that exposed 4.62 million records
Two South Korean teenagers have been charged in connection with a cyberattack that compromised the personal data of 4.62 million users of Seoul’s public bike service, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/south-korean-teens-bike-service-cyberattack-charges/
-
Conduent data breach grows, affecting at least 25M people
The number of people affected by a data breach at government contractor giant Conduent is growing, as millions of people continue to receive notices warning them that hackers stole their personal data. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/conduent-data-breach-grows-affecting-at-least-25m-people/
-
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
Public prosecutor mulls sentencing following investigations into two separate attacks First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/korean_bike_breach_charges/
-
Massive Conduent Data Breach Exfiltrates 8 TB Affects Over 25 Million Americans
A massive data breach at business services giant Conduent has compromised the sensitive personal information of over 25 million Americans, making it one of the largest cybersecurity incidents in recent history. The breach, which went undetected for nearly three months, involves the exfiltration of approximately 8 terabytes of data by the SafePay ransomware group. While…
-
Chinese AI Labs Launch Massive Distillation Attacks on Anthropic Claude, Tracking 13M Exchanges
Anthropic has identified and exposed industrial-scale data extraction campaigns orchestrated by three major Chinese AI laboratories: DeepSeek, Moonshot, and MiniMax. These organizations utilized approximately 24,000 fraudulent accounts to generate over 16 million exchanges with Anthropic’s Claude models. The primary objective of these campaigns was >>distillation,<< a technique where a less capable AI model is trained…
-
Everest ransomware hits Vikor Scientific ‘s supplier, data of 140,000 patients stolen
Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of…
-
Odido Faces Alleged Data Breach as ShinyHunters Claims 21M Records Exposed
A notorious cybercriminal group, ShinyHunters, has claimed responsibility for a massive data breach involving Odido and BEN, exposing millions of customer records. The group asserts that Odido, a Dutch telecommunications provider, was not truthful in its initial disclosure of the incident. This development suggests the breach may be significantly larger and more severe than initially…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails
A code bug blew past every security label in the book”¦ and exposed the fatal flaw in how we govern AI. The post Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-copilot-bug-confidential-emails/
-
Ad Tech Firm Optimizely Investigates Vishing Incident
Optimizely is investigating a vishing incident that exposed limited business contact data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ad-tech-firm-optimizely-investigates-vishing-incident/
-
PayPal Ties Small Data Breach and Fraud to App Coding Error
Fintech Giant Says Personal Data Exposed for About 100 Business Users of Loan App. Financial services firm PayPal said it discovered a data breach that lasted for six months, exposed some business customers’ personal information and led to fraudulent charges. The company said about 100 customers were affected, and that it has fully refunded them…
-
Ad tech firm Optimizely confirms data breach after vishing attack
New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/
-
Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach
A youX breach exposed sensitive borrower data in Australia, including over 200,000 driver’s licence numbers, raising fraud and phishing risks. The post Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-youx-data-breach-australia-drivers-licence-exposure/
-
PayPal Confirms Six-Month Data Exposure Linked to Loan System Error
PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months. First seen on hackread.com Jump to article: hackread.com/paypal-confirms-loan-system-error-data-exposure/
-
1.2 Million Accounts Exposed in French Bank Registry Breach
Stolen government credentials were used to access France’s FICOBA registry, exposing data tied to roughly 1.2 million bank accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/1-2-million-accounts-exposed-in-french-bank-registry-breach/
-
How Exposed Endpoints Increase Risk Across LLM Infrastructure
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the…
-
Datenleck: Daten einiger Paypal-Nutzer monatelang geleakt
Von Juli bis Dezember 2025 konnten Angreifer Daten einiger Paypal-Business-Kunden abgreifen. Auch unbefugte Transaktionen wurden beobachtet. First seen on golem.de Jump to article: www.golem.de/news/datenleck-daten-einiger-paypal-nutzer-monatelang-geleakt-2602-205713.html
-
128M Users Exposed as Popular VS Code Extensions Reveal Critical Flaws
Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, highlight IDEs as the weakest link in organizational supply chain security. Developers often store sensitive data like API keys, business logic, database configs, and even customer info right in…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
-
UK council faces data breach claim after mishandling trans complaints
Confidential complainant details passed to local politician following debate First seen on theregister.com Jump to article: www.theregister.com/2026/02/22/cornwall_council_complaints_breach/
-
PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months
PayPal disclosed a software error in its Working Capital platform that exposed sensitive customer data, including Social Security numbers, for months in 2025. The post PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-paypal-working-capital-data-exposure-2025/