Tag: data-breach
-
Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data
Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…
-
15,200 OpenClaw Control Panels Exposed Online with Full System Access
A critical security oversight has left thousands of AI agents wide open to the public internet. 15,200 instances of the OpenClaw AI framework (formerly Clawdbot and Moltbot) are vulnerable to remote takeover. The STRIKE team used internet-wide reconnaissance, including favicon fingerprinting, to identify approximately 42,900 unique IP addresses hosting OpenClaw control panels across 82 countries.…
-
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data
The Netherlands’ Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country’s parliament on Friday.”On January 29, the National…
-
European Commission Hit by Mobile Management Data Breach
The European Commission is investigating a mobile device management breach that exposed staff data amid similar attacks across Europe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/european-commission-hit-by-mobile-management-data-breach/
-
10K Claude Desktop Users Exposed by Zero-Click Vulnerability
More than 10,000 Claude Desktop users could face silent system takeover from a zero-click calendar-based flaw. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/10k-claude-desktop-users-exposed-by-zero-click-vulnerability/
-
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-cloud-infrastructure-crime-bots
-
23andMe Data Breach Settlement Deadline Is Near: Here’s How Much You Could Get
23andMe customers affected by a data breach may be eligible for cash or monitoring services. Here’s how to file a claim before the deadline. The post 23andMe Data Breach Settlement Deadline Is Near: Here’s How Much You Could Get appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-23andme-data-breach-settlement-deadline/
-
Google Warns Over 1 Billion Android Phones Are Now at Risk
Google warns that over 40% of Android devices no longer receive security updates, leaving more than 1 billion devices exposed to malware and spyware attacks. The post Google Warns Over 1 Billion Android Phones Are Now at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-update-billion-devices-risk/
-
Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks
Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-exploit-solarwinds-wdh-flaws-to-deploy-velociraptor/
-
Cyber Attack Hits European Commission Staff Mobile Systems
The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers. First seen on hackread.com Jump to article: hackread.com/cyber-attack-european-commission-staff-mobile-systems/
-
Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure
Internal files describe a training platform as part of a large integrated system designed to allow attackers to practice hacking replicas of “the real network environments” of China’s “main operational opponents in the South China Sea and Indochina directions.” First seen on therecord.media Jump to article: therecord.media/leaked-china-documents-show-testing-cyber-neighbors
-
More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster
By default, the bot listens on all network interfaces, and many users never change it First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/openclaw_instances_exposed_vibe_code/
-
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi”‘stage intrusion that involved the threat actors exploiting internet”‘exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently First seen…
-
US bid for Dutch ID infrastructure raises sovereignty concerns
Kyndryl’s proposed takeover shows how critical systems become exposed to foreign control without an overarching policy decision First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638606/US-bid-for-Dutch-ID-infrastructure-raises-sovereignty-concerns
-
European Commission Mitigates Cyberattack Aimed at Employee Mobile Information
The European Commission successfully contained a cyberattack targeting its mobile device management infrastructure on January 30, 2026. The incident, which potentially exposed staff names and mobile numbers, was neutralized within nine hours of detection, demonstrating the organization’s robust cybersecurity protocols. European Commission Mitigates Cyberattack The Commission’s central system managing mobile devices detected suspicious activity that…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
Flickr emails users about data breach, pins it on third party
Attackers may have snapped user locations and activity information, message warns First seen on theregister.com Jump to article: www.theregister.com/2026/02/06/flickr_emails_users_about_data_breach/
-
European Commission discloses breach that exposed staff data
The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-commission-discloses-breach-that-exposed-staff-data/
-
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Tags: api, cloud, cybersecurity, data-breach, docker, exploit, infrastructure, kubernetes, malicious, wormCybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed First seen on thehackernews.com Jump…
-
Researchers Find 40,000+ Exposed OpenClaw Instances
SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/researchers-40000-exposed-openclaw/
-
Mindestens 30 GB gestohlen – Datenleck bei Dating-App Bumble
Tags: data-breachFirst seen on security-insider.de Jump to article: www.security-insider.de/hackerangriff-auf-dating-app-bumble-nutzerdaten-gestohlen-a-c83ea13de10c0e7081020238a599f20f/
-
Mindestens 30 GB gestohlen – Datenleck bei Dating-App Bumble
Tags: data-breachFirst seen on security-insider.de Jump to article: www.security-insider.de/hackerangriff-auf-dating-app-bumble-nutzerdaten-gestohlen-a-c83ea13de10c0e7081020238a599f20f/
-
Flickr moves to contain data exposure, warns users of phishing
Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…
-
Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data
Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-moltbook-the-social-network-for-ai-agents-exposed-real-humans-data/
-
Moltbook Gave Everyone Control of Every AI Agent
Database Misconfiguration Exposed 1.5 million API Tokens. A misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/moltbook-gave-everyone-control-every-ai-agent-a-30710
-
Six more vulnerabilities found in n8n automation platform
CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.”The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level…
-
TeamPCP and the Rise of Cloud-Native Cybercrime
Flare researchers report that TeamPCP is abusing exposed cloud control planes to run large-scale, automated exploitation campaigns. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teampcp-and-the-rise-of-cloud-native-cybercrime/
-
Flickr emails users about data breach, pins it on 3rd party
Attackers may have snapped user locations and activity information, message warns First seen on theregister.com Jump to article: www.theregister.com/2026/02/06/flickr_emails_users_about_data_breach/