Tag: data-breach
-
Nike Probes Possible Cybersecurity Incident Following Dark Web Claims
Nike has confirmed that it is investigating a potential cybersecurity incident after claims surfaced online that its internal data may have leaked by a cybercrime group. The same group, known for extortion-driven attacks against other companies, previously claimed the Nike cyberattack on its dark web site. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/nike-cyberattack-investigation/
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Treasury Cuts Ties With Booz Allen Over IRS Data Leaks
Booz Allen Loses Treasury Work in Move Tied to Trump Waste Crackdown. The U.S. Department of Treasury said it canceled all active contracts with Booz Allen Hamilton, citing data protection failures in handling taxpayer information. Treasury cited a criminal case against Charles Littlejohn, a former employee who leaked the tax returns of President Donald Trump.…
-
ShinyHunters claims 2 Million Crunchbase records; company confirms breach
Crunchbase confirms a data breach after cybercrime group ShinyHunters claims to have stolen over 2 million personal records. Crunchbase confirmed a data breach after the cybercriminal group ShinyHunters claimed to steal over 2 million personal records from its systems. The group leaked a 402 MB compressed archive on their website due to a failed extortion…
-
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
-
PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems running vulnerable versions of the telnetd service. Vulnerability Overview CVE-2026-24061…
-
Nike Data Breach Claims Surface as WorldLeaks Leaks 1.4TB of Files Online
As users continue to assess the Under Armour data breach, WorldLeaks, the rebranded version of the Hunters International… First seen on hackread.com Jump to article: hackread.com/nike-data-breach-worldleaks-leaks-files-online/
-
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/law-firm-coupang-security-failures/
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
Nike is investigating a possible data breach, after WorldLeaks claims
Nike is investigating a possible cyber incident after the WorldLeaks group claimed it stole data from the company’s systems. Nike is probing a potential security breach after the WorldLeaks cybercrime group claimed it accessed and stole data from the company’s systems. The footwear and apparel giant said it has launched an investigation to assess the…
-
Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls
Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise multiple user accounts. SharePoint Abuse for Initial Access The attack began with a phishing email sent from a compromised trusted vendor’s email address, embedding SharePoint URLs that mimicked…
-
Attackers Leveraging telnetd Exploit for Root Privileges After PoC Goes Public
The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without authentication, triggering widespread exploitation attempts across internet-exposed systems. The security flaw affects GNU InetUtils telnetd versions 1.9.3 through 2.7, with the vulnerable…
-
Data Leak Exposes 149M Logins, Including Gmail, Facebook
A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft. The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-149-million-passwords-exposed-infostealer-database/
-
Ransomware Hackers Leak Under Armour Customer Data
Russia-Linked Ransomware Group Dumps Customer Data After Failed Extortion Attempt. Under Armour may trade on the blood, sweat, respect slogan, but a Russia-linked ransomware group hasn’t been abiding, after they stole data pertaining to 72.7 million of the athleisure giant’s customers, then leaked it on darkweb sites after saying the retailer refused to pay a…
-
76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers
The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76 unique zero-day vulnerabilities across automotive systems, claiming a combined prize pool of $1,047,000 USD. The competition crowned Tobias Scharnowski,…
-
More than half of former UK employees still have access to company spreadsheets, study finds
More than half of UK employees retain access to company spreadsheets they no longer need, leaving sensitive business data exposed long after people change roles or leave organisations, according to new research from privacy technology company Proton. The study, based on a survey of 250 small and medium-sized businesses (SMB) in the UK, found that…
-
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/under-armour-investigates-data/
-
149 Million Usernames and Passwords Exposed by Unsecured Database
This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware. First seen on wired.com Jump to article: www.wired.com/story/149-million-stolen-usernames-passwords/
-
Manage My Health Data Breach Sparks Warnings Over Impersonation and Phishing Attempts
The fallout from the Manage My Health data breach is continuing, with the company warning that fraudsters may now be attempting to contact affected users by impersonating the online patient portal. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/manage-my-health-data-breach-phishing/
-
Investigation underway after 72M Under Armour records surface online
Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal. Under Armour is an American company that designs, manufactures, and sells sportswear, athletic shoes, and fitness-related accessories. TechCrunch reported that Under Armour is investigating a data breach after 72M customer records were posted online. The stolen data, linked…
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online
TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user’s approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/22/under-armour-says-its-aware-of-data-breach-claims-after-72m-customer-records-were-posted-online/
-
Europe’s GDPR cops dished out Euro1.2B in fines last year as data breaches piled up
Regulators logged over 400 personal data breach notifications a day for first time since law came into force First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/europes_gdpr_cops_dished_out/
-
Sportswear firm Under Armour falls victim to data breach
Details of over 70 million customers of US sportswear giant Under Armour were leaked following a supposed ransomware attack by the Everest gang First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637595/Sportswear-firm-Under-Armour-falls-victim-to-data-breach
-
Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover
Tags: access, authentication, cisa, cve, cvss, cyber, data-breach, exploit, firewall, flaw, fortinet, Internet, malicious, threat, vulnerabilityThreat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining admin access on internet-exposed devices. Fortinet disclosed them on December 9, 2025, with CVSS scores of 9.8, and CISA added CVE-2025-59718 to its Known Exploited…
-
Breach Notifications in Europe Rise, While Fines Hold Steady
$1.4 Billion in Known Fines Levied in 2025, Despite Criticism From Outside EU. The volume of data breach notifications being issued to Europeans increased by one-fifth over the past year, while the total fines being imposed by data protection authorities held steady, adding up to 1.2 billion euros for the second year in a row,…