Tag: data-breach
-
The Agentic AI Posture Score: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account
AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had had with the company’s stuffed animals. First seen on wired.com Jump to article: www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/
-
France Fines National Employment Agency Euro5m Over 2024 Data Breach
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/france-finesemployment-agency-5m/
-
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated for approximately ten months with multi-platform remote access capabilities and integrated cryptocurrency mining operations. The…
-
France fines unemployment agency Euro5 million over data breach
The French data protection authority fined the national employment agency Euro5 million (nearly Euro6 million) for failing to secure job seekers’ data, which allowed hackers to steal the personal information of 43 million people. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-fines-unemployment-agency-5-million-over-data-breach/
-
Why Protecting Your Phone Number Matters for Online Security
Learn why phone numbers are critical to online security, how they’re exposed, and practical steps to reduce misuse, scams, and account takeover risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/why-protecting-your-phone-number-matters-for-online-security/
-
SoundCloud Data Breach: Nearly 30 Million Accounts Confirmed Exposed
SoundCloud has confirmed that a significant data breach first detected in December 2025 affected approximately 29.8 million user accounts. New verification of the leaked data clarifies the scope of the incident and highlights the practical risks for users of the music and audio platform. The breach did not involve a direct break-in to SoundCloud’s main……
-
ShinyHunters Claims 14M Panera Bread Records Exposed in Data Breach
The dataset allegedly includes names, email addresses, postal addresses, phone numbers, and account-related details. The post ShinyHunters Claims 14M Panera Bread Records Exposed in Data Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-panera-bread-data-breach/
-
Crooks are hijacking and reselling AI infrastructure: Report
Tags: access, ai, api, attack, authentication, business, cloud, communications, control, credentials, cybersecurity, data, data-breach, endpoint, exploit, firewall, group, infosec, infrastructure, intelligence, Internet, LLM, malicious, marketplace, risk, service, skills, technology, theft, threat, training, vulnerabilityexposed endpoints on default ports of common LLM inference services;unauthenticated API access without proper access controls;development/staging environments with public IP addresses;MCP servers connecting LLMs to file systems, databases and internal APIs.Common misconfigurations leveraged by these threat actors include:Ollama running on port 11434 without authentication;OpenAI-compatible APIs on port 8000 exposed to the internet;MCP servers accessible without…
-
NDSS 2025 Iris: Dynamic Privacy Preserving Search In Authenticated Chord PeerPeer Networks
Session 10C: Privacy Preservation Authors, Creators & Presenters: Angeliki Aktypi (University of Oxford), Kasper Rasmussen (University of Oxford) PAPER Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer-to-Peer Networks In structured peer-to-peer networks, like Chord, users find data by asking a number of intermediate nodes in the network. Each node provides the identity of the…
-
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/n8n-sandbox-flaws-allow-rce/
-
Massives Datenleck bedroht rund 150 Millionen Benutzer
Tags: credentials, credit-card, crypto, cyberattack, data-breach, finance, fraud, login, mail, malware, password, phishing, riskDie offengelegten Zugangsdaten stellen ein erhebliches Sicherheitsrisiko dar.Der Cybersicherheitsforscher Jeremiah Fowler deckte kürzlich ein Datenleck mit 149 Millionen Login-Daten auf. Zu den Opfern zählen vor allem Nutzer großer Tech-und Streaming-Anbieter. Aber auch Finanzdienstleistungskonten, Krypto-Wallets oder Handelskonten, Bank- und Kreditkarten-Logins tauchten in den offengelegten Datensätzen auf. Laut Forschungsbericht enthält die Datenbank jedoch nicht nur Benutzernamen und…
-
Trump’s Acting Cyber Chief Allegedly Leaked Data to ChatGPT
Sources say event triggered internal cybersecurity alerts and a DHSlevel review into whether federal information had been improperly exposed. The post Trump’s Acting Cyber Chief Allegedly Leaked Data to ChatGPT appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-cyber-chief-chatgpt/
-
Responding to Exposed Secrets An SRE’s Incident Response Playbook
Today, let’s take a closer look at incident response playbooks: how to build one, tailor it for secret leaks, take actions, and learn from incidents. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/responding-to-exposed-secrets-an-sres-incident-response-playbook/
-
Nike Investigates Alleged Data Breach Tied to World Leaks
Nike is investigating World Leaks’ claims of a data breach, underscoring growing risks from data-centric extortion attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nike-investigates-alleged-data-breach-tied-to-world-leaks/
-
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
Tags: attack, authentication, cve, cybersecurity, data-breach, exploit, flaw, Internet, vulnerabilityShadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8,…
-
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/
-
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data
The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/worldeaks-extortion-group-stole-1.4tb-nike-data
-
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/
-
Over 6,000 SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Tags: cve, cyber, data-breach, detection, email, exploit, rce, remote-code-execution, threat, vulnerabilityApproximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relying on SmarterMail for email and collaboration services. The Shadowserver Foundation integrated CVE-2026-23760 detection into their daily vulnerable HTTP scans, flagging susceptible servers based on version…
-
Microsoft brings AI-powered investigations to security teams
Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/microsoft-purview-data-security-investigations/
-
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform’s systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/
-
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes”, and then escape. This is his story. First seen on wired.com Jump to article: www.wired.com/story/he-leaked-the-secrets-southeast-asian-scam-compound-then-had-to-get-out-alive/
-
Revealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce
A whistleblower trapped inside a “pig butchering” scam compound gave WIRED a vast trove of its internal materials”, including 4,200 pages of messages that lay out its operations in unprecedented detail. First seen on wired.com Jump to article: www.wired.com/story/the-red-bull-leaks/
-
World Leaks Ransomware Group Claims 1.4TB Nike Data Breach
Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/worldleaks-ransomware-14tb-nike/