Tag: data-breach
-
Hackers Exploit Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
Hackers are actively exploiting a critical vulnerability in BeyondTrust’s remote support software to deploy the VShell backdoor and SparkRAT remote access trojan, enabling full compromise of exposed systems. The vulnerability, tracked as CVE-2026-1731, is being used in real-world attacks against multiple industries across the U.S., Europe, and Asia-Pacific. BeyondTrust is an identity and access management…
-
Abu Dhabi Finance Week Exposed VIP Passport Details
Unprotected cloud data sends the wrong signal at a time when the emirate’s trying to attract investors and establish itself as a global financial center. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/abu-dhabi-finance-week-leaked-vip-passport-details
-
Bug in student admissions website exposed children’s personal information
Ravenna Hub, which lets parents apply and track the status of their kids’ applications across thousands of schools, allowed any logged-in user to access the personally identifiable data associated with any other user, including their children. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/
-
Ivanti EPMM Vulnerabilities Actively Exploited in the Wild
Ivanti EPMM flaws are being exploited to enable unauthenticated remote code execution on exposed MDM systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-epmm-vulnerabilities-actively-exploited-in-the-wild/
-
Adidas investigates alleged data breach affecting 815,000 records
Adidas confirmed it is investigating a possible data breach involving one of its third-party customer service providers. The company stated that there is no indication its IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/adidas-third-party-data-breach-investigation/
-
Researchers Uncover DoS Vulnerabilities in Socomec DIRIS M-70 IIoT Power Meter via Thread Emulation Fuzzing
Selective thread emulation and coverage-guided fuzzing have exposed six denial-of-service (DoS) vulnerabilities in the Socomec DIRIS M-70 IIoT power-monitoring gateway, all of which are now patched under Cisco’s Coordinated Disclosure Policy. The Socomec DIRIS M-70 gateway is a central communications node for energy monitoring, supporting RS485 and Ethernet plus protocols such as Modbus RTU, Modbus…
-
Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant
‘Potential data protection incident’ at an ‘independent licensing partner,’ we’re told First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/adidas_investigates_thirdparty_data_breach/
-
Figure Breach Enters New Phase After Data Leak Claims
The data breach disclosed by fintech lender Figure Technology Solutions is moving beyond a contained security incident, as reports that stolen customer information is circulating online coincide with early legal investigations. The developments mark the point where an internal breach begins to create broader consumer risk and potential liability. Latest Developments Data associated with the……
-
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
-
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
-
Betterment data breach might be worse than we thought
This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/betterment-data-breach-might-be-worse-than-we-thought/
-
XSS Bug in VS Code Extension Exposed Local Files
An XSS flaw in the VS Code Live Preview extension exposed developers’ local files and credentials through the localhost server. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/xss-bug-in-vs-code-extension-exposed-local-files/
-
Data breach at fintech giant Figure affects close to a million customers
The Figure data breach allowed hackers to steal customer names, dates of birth, physical addresses, phone numbers, and email addresses. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/data-breach-at-fintech-giant-figure-affects-close-to-a-million-customers/
-
Firebase Misconfiguration Exposes 300M Messages From Chat Ask AI Users
A technical mistake in the popular Chat Ask AI app has left 300 million private messages from 25 million users exposed online. Discover what happened and how you can protect your personal data when using AI chatbots. First seen on hackread.com Jump to article: hackread.com/firebase-misconfiguration-chat-ask-ai-users-expose/
-
Substack Breach May Have Leaked Nearly 700,000 User Details Online
Substack says hackers accessed user emails, phone numbers, and internal metadata in October 2025, with a database of 697,313 records later posted online. The post Substack Breach May Have Leaked Nearly 700,000 User Details Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-substack-data-breach-user-accounts-leaked/
-
A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft
A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited. First seen on wired.com Jump to article: www.wired.com/story/a-mega-trove-of-exposed-social-security-numbers-underscores-critical-identity-theft-risks/
-
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Tags: control, cve, cvss, cybersecurity, data-breach, flaw, phone, remote-code-execution, voip, vulnerabilityCybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow…
-
Microsoft says Office bug exposed customers’ confidential emails to Copilot AI
Microsoft said the bug meant that its Copilot AI chatbot was reading and summarizing paying customers’ confidential emails, bypassing data protection policies. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/
-
Securing OpenClaw Against”ClawHavoc”
As of February 2026, OpenClaw (formerly Clawdbot and Moltbot ) is a popular platform for autonomous AI agents. Its “sovereign” architecture, which gives AI direct access to file systems and terminals, significantly increases its attack surface”, leading to elevated risks, most notably illustrated by the ClawHavoc supply-chain campaign, which exposed thousands of deployments to potential…
-
Data breach at fintech firm Figure affects nearly 1 million accounts
Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-breach-at-fintech-firm-figure-affects-nearly-1-million-accounts/
-
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks
Tags: control, corporate, cve, cyber, data-breach, endpoint, exploit, ivanti, mobile, network, remote-code-execution, vulnerability, zero-dayTwo critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run arbitrary commands on exposed EPMM servers, effectively giving them full control of the mobile device…
-
Canada Goose says leaked customer transaction data did not come from company systems
On Saturday afternoon, the ShinyHunters cybercriminal organization claimed to have stolen more than 600,000 records from the company containing personal information. First seen on therecord.media Jump to article: therecord.media/canada-goose-says-leaked-customer-data-was-not-from-company
-
What 5 Million Apps Revealed About Secrets in JavaScript
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery – until now. Intruder’s research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here’s what we learned. First seen on bleepingcomputer.com Jump to…
-
Hobby coder accidentally creates vacuum robot army
A hobby coding experiment reportedly exposed live camera feeds, microphones, and floor plans from thousands of robot vacuums worldwide. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/hobby-coder-accidentally-creates-vacuum-robot-army/
-
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more
A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs…
-
ShinyHunters leaked 600K+ Canada Goose customer records, but the firm denies it was breached
ShinyHunters leaked 600,000+ Canada Goose customer records, though the company insists its systems were not breached. Data extortion group ShinyHunters has published over 600,000 Canada Goose customer records on its data leak site. Canada Goose is a Canadian luxury outerwear company best known for high”‘end, cold”‘weather jackets and parkas. Founded in 1957 and headquartered in…
-
Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension
A fake Meta Business Chrome extension stole 2FA secrets to hijack accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/meta-business-admins-exposed-by-2fa-harvesting-chrome-extension/