Tag: data-breach
-
A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft
A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited. First seen on wired.com Jump to article: www.wired.com/story/a-mega-trove-of-exposed-social-security-numbers-underscores-critical-identity-theft-risks/
-
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Tags: control, cve, cvss, cybersecurity, data-breach, flaw, phone, remote-code-execution, voip, vulnerabilityCybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow…
-
Microsoft says Office bug exposed customers’ confidential emails to Copilot AI
Microsoft said the bug meant that its Copilot AI chatbot was reading and summarizing paying customers’ confidential emails, bypassing data protection policies. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/
-
Securing OpenClaw Against”ClawHavoc”
As of February 2026, OpenClaw (formerly Clawdbot and Moltbot ) is a popular platform for autonomous AI agents. Its “sovereign” architecture, which gives AI direct access to file systems and terminals, significantly increases its attack surface”, leading to elevated risks, most notably illustrated by the ClawHavoc supply-chain campaign, which exposed thousands of deployments to potential…
-
Data breach at fintech firm Figure affects nearly 1 million accounts
Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-breach-at-fintech-firm-figure-affects-nearly-1-million-accounts/
-
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks
Tags: control, corporate, cve, cyber, data-breach, endpoint, exploit, ivanti, mobile, network, remote-code-execution, vulnerability, zero-dayTwo critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run arbitrary commands on exposed EPMM servers, effectively giving them full control of the mobile device…
-
Canada Goose says leaked customer transaction data did not come from company systems
On Saturday afternoon, the ShinyHunters cybercriminal organization claimed to have stolen more than 600,000 records from the company containing personal information. First seen on therecord.media Jump to article: therecord.media/canada-goose-says-leaked-customer-data-was-not-from-company
-
What 5 Million Apps Revealed About Secrets in JavaScript
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery – until now. Intruder’s research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here’s what we learned. First seen on bleepingcomputer.com Jump to…
-
Hobby coder accidentally creates vacuum robot army
A hobby coding experiment reportedly exposed live camera feeds, microphones, and floor plans from thousands of robot vacuums worldwide. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/hobby-coder-accidentally-creates-vacuum-robot-army/
-
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more
A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs…
-
ShinyHunters leaked 600K+ Canada Goose customer records, but the firm denies it was breached
ShinyHunters leaked 600,000+ Canada Goose customer records, though the company insists its systems were not breached. Data extortion group ShinyHunters has published over 600,000 Canada Goose customer records on its data leak site. Canada Goose is a Canadian luxury outerwear company best known for high”‘end, cold”‘weather jackets and parkas. Founded in 1957 and headquartered in…
-
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension
A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
-
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension
A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/
-
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
Tags: apt, attack, breach, crypto, cyber, data-breach, group, korea, lazarus, network, north-korea, security-incident, supply-chainEvent Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH”, valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical…
-
Japanese sex toys maker Tenga discloses data breach
Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal…
-
Japanese sex toys maker Tenga discloses data breach
Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal…
-
Japanese sex toys maker Tenga discloses data breach
Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal…
-
Odido Breach Impacts Millions of Dutch Telco Users
Dutch telco Odido has revealed a major data breach impacting over six million customers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/odido-breach-millions-dutch-telco/
-
Odido Breach Impacts Millions of Dutch Telco Users
Dutch telco Odido has revealed a major data breach impacting over six million customers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/odido-breach-millions-dutch-telco/
-
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons
Tags: access, ai, application-security, attack, automation, backdoor, banking, ceo, cisco, ciso, compliance, control, credentials, crypto, cyber, cybercrime, cybersecurity, data-breach, defense, detection, endpoint, exploit, finance, fintech, firewall, framework, infrastructure, intelligence, international, malware, monitoring, network, north-korea, oracle, password, risk, service, software, theft, threat, tool, vulnerabilitySecurity shortcomings: Adrian Cheek, senior cybercrime researcher at threat exposure management firm Flare, said the Bangladesh Bank heist was possible because of a number of security shortcomings, including a failure to air gap critical infrastructure.”The Bank of Bangladesh had four servers and the same number of desktops connected to SWIFT,” Cheek says. “This infrastructure, however,…
-
Security Affairs newsletter Round 563 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, breach, cisa, data, data-breach, email, fintech, flaw, international, phishing, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…
-
Indian pharmacy chain giant exposed customer data and internal systems
A backend flaw in web admin dashboards used by one of India’s largest pharmacy chains, exposed thousands of online pharmacy orders. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/indias-major-pharmacy-chain-exposed-customer-data-and-internal-systems/
-
Texas AG Investigating Conduent, BCBS Texas in Hack
Will the Back-Office Services’ Firm Incident Shatter US Data Breach Records?. The Texas attorney general office has launched an investigation into the Conduent Business Services hacking incident, which affected about 15.5 million Texans, including about 4 million Blue Cross Blue Shield of Texas members. Will the nationwide victim tally shatter data breach records in the…
-
Fintech lending giant Figure confirms data breach
The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/fintech-lending-giant-figure-confirms-data-breach/
-
260K Users Exposed in AI Extension Scam
Fake AI Chrome extensions exposed 260,000 users by using remote iframes to extract data and maintain persistent access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/260k-users-exposed-in-ai-extension-scam/
-
Dutch phone giant Odido says millions of customers affected by data breach
The Dutch phone giant Odido is the latest phone and internet company to be hacked in recent months, as governments and financially motivated hackers continue to steal highly confidential information about phone customers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/dutch-phone-giant-odido-says-millions-of-customers-affected-by-data-breach/
-
Odido CRM Data Breach Exposes 6.2M Customer Records
A cyberattack on Odido’s CRM system exposed personal data from 6.2 million customers, though passwords and billing information were not affected. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/odido-crm-data-breach-exposes-6-2m-customer-records/