Tag: data-breach
-
When Data Leaks Don’t Look Like Breaches: The Instagram Exposure Explained
A recent disclosure revealed that data associated with more than 17.5 million Instagram accounts was exposed through a large-scale data leak, with records reportedly including user IDs, contact details, and account metadata, according to CyberPress. While no direct breach of Instagram’s core infrastructure has been publicly confirmed, the exposed dataset highlights a persistent challenge for…
-
CI/CD Under Attack: What the AWS CodeBuild “CodeBreach” Flaw Reveals About Modern Supply Chain Risk
A recent disclosure revealed a critical flaw in AWS CodeBuild that could allow attackers to abuse CI/CD pipelines and inject malicious code into trusted software builds by exploiting weaknesses in webhook validation, according to WebProNews. Rather than targeting production systems directly, the issue exposed how attackers can compromise software supply chains by manipulating trusted automation.…
-
‘Damn Vulnerable’ Training Apps Leave Vendors’ Clouds Exposed
Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/vulnerable-vendors-training-apps
-
NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows. Vulnerability Overview The flaw exists in NVIDIA NSIGHT Graphics across all Linux versions prior to…
-
VoidLink Emerges: First Fully AI-Driven Malware Signals a New Era of Cyber Threats
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware linked to inexperienced threat actors, VoidLink represents the first documented case of high-complexity, production-grade malware authored by AI under the direction of a skilled developer. Development artifacts exposed through operational…
-
Carlsberg Event Wristband Leaked PII, Researcher Told Not to Disclose
A poorly secured wristband system used at a Carlsberg exhibition allowed access to visitor photos, videos, and full names. Attempts to report the issue were ignored for months. First seen on hackread.com Jump to article: hackread.com/carlsberg-event-wristband-leaked-pii-disclose/
-
For cyber risk assessments, frequency is essential
Tags: access, authentication, backup, breach, ciso, cloud, compliance, cyber, cyberattack, cybersecurity, data, data-breach, exploit, framework, GDPR, infrastructure, mitigation, network, password, radius, ransomware, regulation, risk, risk-assessment, risk-management, strategy, tool, vulnerabilityIdentifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals.Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk…
-
Integrating Enzoic Alerts into Microsoft Sentinel with Azure Logic Apps
Introduction Enzoic provides real-time alerts when user credentials are exposed in data breaches, and integrating these alerts into your security operations center (SOC) can greatly enhance your threat response. Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) platform in Azure that aggregates and analyzes security data across an organization. (Note: You will……
-
Minnesota Agency Notifies 304,000 of Vendor Breach
State Monitoring Incident Involving a Health Entity Worker for Potential Fraud. The Minnesota Department of Human Services is notifying nearly 304,000 people of data breach involving someone at a healthcare provider who inappropriately accessed information from an IT system managed by a vendor. State officials are monitoring the incident for potential fraud. First seen on…
-
UStrive security lapse exposed personal data of its users, including children
The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn’t commit to alerting affected individuals. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/20/ustrive-security-lapse-exposed-personal-data-of-its-users-including-children/
-
UStrive security lapse exposed personal data of its users, including children
The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn’t commit to alerting affected individuals. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/20/ustrive-security-lapse-exposed-personal-data-of-its-users-including-children/
-
UStrive security lapse exposed personal data of its users, including children
The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn’t commit to alerting affected individuals. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/20/ustrive-security-lapse-exposed-personal-data-of-its-users-including-children/
-
Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass…
-
Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass…
-
Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass…
-
Cloudflare Zero-Day Let Attackers Bypass WAF via ACME Certificate Validation Path
A critical zero-day vulnerability in Cloudflare exposed a fundamental weakness in how security exceptions are handled at scale. The flaw allowed attackers to bypass Cloudflare’s Web Application Firewall (WAF) entirely and directly access protected origin servers by abusing a certificate validation endpoint. The issue was not caused by customer misconfiguration, but by a logic error…
-
When Language Becomes the Attack Surface: Inside the Google Gemini Calendar Exploit
Tags: ai, attack, cybersecurity, data-breach, exploit, flaw, google, LLM, malicious, software, vulnerabilitySecurity teams have spent decades hardening software against malicious input, yet a recent vulnerability involving Google Gemini demonstrates how those assumptions begin to fracture when language itself becomes executable. The issue, disclosed by cybersecurity researchers at Miggo Security, exposed a subtle but powerful flaw in how natural language interfaces like AI LLMs interact with privileged…
-
RansomHouse Claims Data Breach at Major Apple Contractor Luxshare
RansomHouse claims to have breached Apple contractor Luxshare, but no evidence has been released. Links are offline and the breach remains unverified. First seen on hackread.com Jump to article: hackread.com/ransomhouse-data-breach-apple-contractor-luxshare/
-
Raaga Confirms Major Data Breach Exposing Personal Information of 10.2Million Users
Indian music streaming platform Raaga has become the latest victim of a significantcybersecurityincident after sensitive user data was posted for sale on a popular hacking forum in December 2025. The breach has exposed personal information from over 10 million users, raising serious concerns about account security and the risk of identity theft. The compromised database contains approximately…
-
Why Secrets in JavaScript Bundles are Still Being Missed
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed?To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches. Applying this at scale by scanning…
-
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack
In late 2025 and early 2026, one of the world’s most advanced scientific organizations, the European Space Agency (ESA), faced a string of cyberattacks that exposed severe weaknesses in its cybersecurity posture. Hackers stole hundreds of gigabytes of data. Among the data stolen were proprietary software, credentials, and mission documents. As a final act, the……
-
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it
Tags: attack, authentication, computer, credentials, crypto, cve, data, data-breach, email, encryption, group, Hardware, international, mandiant, microsoft, network, ntlm, phishing, risk, service, supply-chain, theft, threat, vulnerability, windowspass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys.None of this makes NTLMv1 less secure or easier to target than it already…
-
Ransomware attack on Ingram Micro impacts 42,000 individuals
Tags: apple, attack, cisco, cybersecurity, data, data-breach, jobs, microsoft, ransomware, service, supply-chain, technologyIngram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping…
-
Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon
As businesses continue their digital transformation journeys, they are exposed to an ever-expanding attack surface. With the proliferation of cloud environments, remote work, and the increasing use of IoT devices, the complexity of cybersecurity threats has intensified. In this fast-evolving landscape, traditional security tools”, based on signatures and static rule-based methods”, are no longer sufficient.…
-
Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon
As businesses continue their digital transformation journeys, they are exposed to an ever-expanding attack surface. With the proliferation of cloud environments, remote work, and the increasing use of IoT devices, the complexity of cybersecurity threats has intensified. In this fast-evolving landscape, traditional security tools”, based on signatures and static rule-based methods”, are no longer sufficient.…
-
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Tags: control, cybersecurity, data, data-breach, flaw, google, injection, malicious, privacy, vulnerabilityCybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar’s privacy controls by hiding a dormant…
-
Broker who sold malware to the FBI set for sentencing
Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/iab_sentencing/
-
StealC malware control panel flaw leaks details on active attacker
Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly leaked and…
-
Ingram Micro says ransomware attack affected 42,000 people
Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ingram-micro-says-ransomware-attack-affected-42-000-people/
-
CIRO Confirms Data Breach Impacting 750,000 Canadian Investors
The Canadian Investment Regulatory Organization (CIRO) has officially confirmed a significant data breach affecting approximately 750,000 Canadian investors, stemming from a sophisticated phishing attack initially detected in August 2025. The organization publiclydisclosedthe incident on January 14, 2026, following a comprehensive forensic investigation spanning over 9,000 hours. CIRO traced the breach tounauthorized accessgained through a targeted…