Tag: data-breach
-
‘Silent’ Google API key change exposed Gemini AI data
Mitigation: The first job for concerned site admins is to check in the GCP console for keys specifically allowing the Generative Language API. In addition, look for unrestricted keys, now identified by a yellow warning icon. Check if any of these keys are public.Exposed keys should all be rotated or ‘regenerated,’ with a grace period…
-
The Case for Why Better Breach Transparency Matters
It’s become a standard practice for organizations to disclose the bare minimum about a data breach, or worse, not disclose the incident at all. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/why-better-breach-transparency-matters
-
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities
Tags: ai, attack, cyber, data, data-breach, intelligence, metric, service, software, supply-chain, threat, vulnerabilityThe 2026 State of DevSecOps report reveals a critical tension between development velocity and security. While organizations rapidly adopt AI-assisted coding, many fail to manage dependencies properly, leaving their software supply chains highly vulnerable to threat actors.”‹ Threat Intelligence Data Threat Vector Key Metric Security Impact Deployed Services 87% of organizations have known vulnerabilities”‹. High…
-
Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach
ManoMano is notifying 38 million customers after a third-party customer service breach exposed personal data, highlighting growing supply chain security risks. The post Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-manomano-38m-third-party-data-breach/
-
ManoMano data breach impacted 38 Million customer accounts
European DIY platform ManoMano suffered a data breach via a third-party provider, exposing personal data of 38 million customers. European DIY e-commerce platform ManoMano disclosed a major data breach affecting 38 million customers. Hackers accessed personal information by compromising a third-party service provider, prompting notifications and potential security measures for impacted users across multiple countries.…
-
12 Million exposed .env files reveal widespread security failures
Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide. Configuration mistakes rarely trigger alarms. A forgotten deny rule, an overlooked server setting, or a full project folder uploaded to production can quietly expose a company’s most sensitive secrets. In many cases, those secrets live inside simple environment files…
-
Hacker-Angriffe: USA, Indien und Deutschland stark betroffen
Zwischen 2023 und 2025 wurden weltweit fast 10.000 große Datenlecks registriert, bei denen über 7,8 Milliarden E-Mail-Datensätze offengelegt wurden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-angriffe-deutschland-betroffen
-
1 Million Records from Dutch Telco Odido Leaked Online in Massive Data Breach
The Dutch telecommunications company Odido suffered a massive data breach that exposed the personal information of nearly 700,000 customers. The incident, which included an extortion attempt, has raised serious concerns about customer privacy and data security in the telecom sector. Following the breach, attackers leaked the stolen information online in two separate dumps. Extent of…
-
OpenClaw Insights: A CISO’s Guide to Safe Autonomous Agents FireTail Blog
Tags: access, ai, api, breach, ciso, compliance, control, data, data-breach, detection, endpoint, finance, firewall, framework, governance, guide, LLM, network, open-source, risk, risk-management, software, strategy, technology, tool, vulnerabilityFeb 27, 2026 – Alan Fagan – The “OpenClaw” crisis has board members asking, “Could this happen to us?” The answer isn’t to ban AI agents. It’s to govern them. By now, the dust is settling on the OpenClaw (aka MoltBot) incident. The technical post-mortems (including our own) have been written, the exposed ports have…
-
Nearly 38 Million Impacted in ManoMano Third-Party Breach
ManoMano is notifying nearly 38 million customers after a third-party breach exposed personal data and underscored growing vendor security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nearly-38-million-impacted-in-manomano-third-party-breach/
-
Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security
Tags: access, ai, business, ciso, cloud, compliance, control, data, data-breach, detection, email, endpoint, infrastructure, leak, microsoft, monitoring, risk, risk-management, saas, toolWhen Microsoft confirmed that a bug allowed Copilot to surface and summarize emails marked confidential despite existing DLP controls, it reignited urgent questions about Microsoft Copilot security, DLP bypass risk and enterprise AI data protection. The reaction was immediate. For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it…
-
European DYI chain ManoMano data breach impacts 38 million customers
DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/
-
When Payment Data Becomes the Weakest Link
Tags: access, awareness, breach, cloud, compliance, container, control, cybersecurity, data, data-breach, encryption, fraud, least-privilege, PCI, radius, risk, service, software, strategy, threatWhen Payment Data Becomes the Weakest Link madhav Thu, 02/26/2026 – 10:56 Most cybersecurity incidents don’t begin with an attack. They begin with a design decision. Four people experienced that reality in the same week. Different roles. Different systems. One shared outcome. Cybersecurity Karen Kelvie – Product Marketing, Data Protection More About This Author >…
-
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-police-chatgpt-smear-japan-pm-takaichi
-
Marquis Sues SonicWall Over 2025 Firewall Data Breach
Tags: attack, authentication, backup, breach, cloud, credentials, data, data-breach, firewall, flaw, ransomware, softwareLawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis. Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits. First seen…
-
Critical Zyxel router flaw exposed devices to remote attacks
Tags: attack, cve, data-breach, flaw, injection, remote-code-execution, router, vulnerability, zyxelZyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a critical remote code execution vulnerability, tracked as CVE-2025-13942 (CVSS score of 9.8), affecting more than a dozen router models. A command injection flaw in the UPnP feature of several Zyxel CPEs, Fiber ONTs, and…
-
ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump
ShinyHunters allegedly leaked 12.4 million CarGurus records, exposing personal and financing data and raising risks of phishing and data extortion attacks. The post ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-shinyhunters-cargurus-data-leak-12-million-records/
-
Inside the story of the US defense contractor who leaked hacking tools to Russia
The former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker. This is how we first learned of his arrest, reported the story, and some of the unanswered questions we still have. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/25/inside-the-story-of-the-us-defense-contractor-who-leaked-hacking-tools-to-russia/
-
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who……
-
ShinyHunters Claims Odido NL and Ben.nl Breach as Company Confirms Cyberattack
ShinyHunters claims 21 million records stolen in Odido NL and Ben.nl data breach as telecom company confirms cyberattack impacting customer contact system data. First seen on hackread.com Jump to article: hackread.com/shinyhunters-odido-nl-ben-nl-breach-confirm-cyberattack/
-
12.4 Million Accounts Exposed in CarGurus Leak
ShinyHunters’ alleged CarGurus leak exposed 12.4 million accounts, heightening phishing and fraud risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/12-4-million-accounts-exposed-in-cargurus-leak/
-
Datenpanne bei Erotikplattform Frivol leakt berufliche EAdressen
Cybernews-Sicherheitsforscher haben ein Datenleck mit Hunderttausenden betroffenen Nutzern bei Frivol.com entdeckt. Bei der Seite handelt es sich um ein Erotikportal, spezialisiert auf nutzergenerierte Inhalte von Amateuren. Unter den rund 479.000 geleakten E-Mail-Adressen befanden sich auch Nutzerkonten, die sich mit ihren Firmenadressen registriert hatten und mit geringem Aufwand bestimmten Unternehmen zugeordnet werden konnten. ‘Der Vorfall zeigt,…
-
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S.,…
-
CarGurus data breach exposes information of 12.4 million accounts
The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
-
Teenagers charged over public bike service breach that exposed 4.62 million records
Two South Korean teenagers have been charged in connection with a cyberattack that compromised the personal data of 4.62 million users of Seoul’s public bike service, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/south-korean-teens-bike-service-cyberattack-charges/
-
Conduent data breach grows, affecting at least 25M people
The number of people affected by a data breach at government contractor giant Conduent is growing, as millions of people continue to receive notices warning them that hackers stole their personal data. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/conduent-data-breach-grows-affecting-at-least-25m-people/
-
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
Public prosecutor mulls sentencing following investigations into two separate attacks First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/korean_bike_breach_charges/
-
Massive Conduent Data Breach Exfiltrates 8 TB Affects Over 25 Million Americans
A massive data breach at business services giant Conduent has compromised the sensitive personal information of over 25 million Americans, making it one of the largest cybersecurity incidents in recent history. The breach, which went undetected for nearly three months, involves the exfiltration of approximately 8 terabytes of data by the SafePay ransomware group. While…
-
Chinese AI Labs Launch Massive Distillation Attacks on Anthropic Claude, Tracking 13M Exchanges
Anthropic has identified and exposed industrial-scale data extraction campaigns orchestrated by three major Chinese AI laboratories: DeepSeek, Moonshot, and MiniMax. These organizations utilized approximately 24,000 fraudulent accounts to generate over 16 million exchanges with Anthropic’s Claude models. The primary objective of these campaigns was >>distillation,<< a technique where a less capable AI model is trained…