Tag: data-breach
-
Electronics giant Avnet confirms breach, says stolen data unreadable
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/electronics-giant-avnet-confirms-breach-says-stolen-data-unreadable/
-
Security bug in India’s income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department’s e-Filing portal exposed taxpayers’ data to other users. The security researchers who found the flaw say the data leak is now fixed. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/07/security-bug-in-indias-income-tax-portal-exposed-taxpayers-sensitive-data/
-
Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
A critical Redis flaw, dubbed “RediShell,” has exposed 60,000 unprotected servers to exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/redis-servers-remote-exploitation/
-
Security bug in India’s income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department’s e-Filing portal exposed taxpayers’ data to other users. The security researchers who found the flaw say the data leak is now fixed. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/07/security-bug-in-indias-income-tax-portal-exposed-taxpayers-sensitive-data/
-
Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/07/leaked-oracle-ebs-exploit-attacks-cve-2025-61882/
-
Discord Reveals Data Breach Following Third-Party Compromise
Discord said a third-party customer services provider was compromised to access user data, with the attackers aiming to extort a financial ransom First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/discord-data-breach-third-party/
-
Discord Reveals Data Breach Following Third-Party Compromise
Discord said a third-party customer services provider was compromised to access user data, with the attackers aiming to extort a financial ransom First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/discord-data-breach-third-party/
-
Fehlkonfiguration statt Zero-Day warum saubere App-Konfiguration entscheidend ist
Wer mit Entra-ID (Azure-Active-Directory) arbeitet, kennt den ständigen Balanceakt zwischen Benutzerfreundlichkeit und Sicherheit. Einerseits sollen Anwendungen und Benutzer reibungslos auf benötigte Ressourcen zugreifen können, andererseits darf dieser Komfort nicht dazu führen, dass sensible Daten ungeschützt bleiben. Gerade in komplexeren Cloud-Setups sind saubere Konfigurationen entscheidend, denn Fehler können schnell zu einem Einfallstor oder Datenleck werden. Macht…
-
13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.”An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,…
-
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.”An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,…
-
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.”An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,…
-
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
Tags: advisory, cve, cvss, cyber, data-breach, exploit, flaw, ransomware, rce, remote-code-execution, threat, vulnerability, zero-dayA critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked as Storm-1175 have abused this issue to gain remote code execution (RCE) on exposed systems,…
-
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
Tags: advisory, attack, business, cve, cyber, data-breach, email, exploit, extortion, group, oracle, ransomware, threat, vulnerability, zero-dayThe notorious Cl0p ransomware group has beenactively exploiting a critical zero-day vulnerabilityin Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergency security advisory after reports surfaced that multiple organizations received extortion emails from the threat actors. Critical Zero-Day Vulnerability Exposed Oracle confirmed the exploitation…
-
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
Tags: advisory, attack, business, cve, cyber, data-breach, email, exploit, extortion, group, oracle, ransomware, threat, vulnerability, zero-dayThe notorious Cl0p ransomware group has beenactively exploiting a critical zero-day vulnerabilityin Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergency security advisory after reports surfaced that multiple organizations received extortion emails from the threat actors. Critical Zero-Day Vulnerability Exposed Oracle confirmed the exploitation…
-
Proofage ID leaked in Discord data breach
Video game chat platform tells users that driver’s licences and passports were among the forms of data accessed via a third-party customer service providerVideo game chat platform Discord has suffered a data breach, informing users that their personal information including identity documents of those required to prove their age were compromised.The company stated last week…
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
Discord Vendor Hack Exposes ID Data in Ransom Bid
Proliferating Age Verification Systems a Hacker Target. A vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data collection systems are becoming high-value targets amid rising legislative mandates for online age checks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/discord-vendor-hack-exposes-id-data-in-ransom-bid-a-29661
-
Discord discloses third-party breach affecting customer support data
Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams. The stolen info includes names, usernames, emails, contact and…
-
Red Hat data breach escalates as ShinyHunters joins extortion
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/red-hat-data-breach-escalates-as-shinyhunters-joins-extortion/
-
Discord users’ data stolen by hackers in third-party data breach
Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/discord-users-data-stolen-by-hackers-in-third-party-data-breach
-
Rainwalk Pet Insurance Exposes 158 GB of US Customer and Pet Data
A misconfigured database belonging to a pet insurance company, “Rainwalk Pet Insurance,” exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams. First seen on hackread.com Jump to article: hackread.com/rainwalk-pet-insurance-158-gb-customer-pet-data/
-
Hackers Allegedly Breach Huawei Technologies, Leak Source Code and Internal Tools
Cybersecurity researchers are reporting an alleged security breach involving Chinese technology giantHuawei Technologies, with hackers claiming to have accessed and leaked sensitive source code and internal development tools. The incident, which surfaced through social media channels, represents a potentially significant security compromise of one of the world’s largest telecommunications equipment manufacturers. Hacker illustrating world’s biggest…
-
Renault Informs Customers of Supply Chain Data Breach
Renault and Dacia have become the latest big-name brands to suffer a supply chain breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/renault-customers-supply-chain/
-
Gucci, Balenciaga und Alexander McQueen – 7,4 Millionen E-Mail-Adressen von Fashion-Fans geleakt
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-auf-kering-enthuellung-von-kundendaten-a-85614fc2009d374da0f16d78d6bb5e2e/
-
Gucci, Balenciaga und Alexander McQueen – 7,4 Millionen E-Mail-Adressen von Fashion-Fans geleakt
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-auf-kering-enthuellung-von-kundendaten-a-85614fc2009d374da0f16d78d6bb5e2e/
-
ParkMobile pays… $1 each for 2021 data breach that hit 22 million
ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But there’s a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. First seen on bleepingcomputer.com Jump to article:…
-
Cybervorfälle: Asahi, Bonify, Renault Dacia, Oracle, Salesforce
Ich fasse mal einige neue Informationen über Ransomware-Infektionen, Datenlecks bzw. solche Vorfälle zusammen. Der Cyberangriff auf den japanischen Bierbrauer Asahi war Ransomware. Dann sind Daten bei Bonify, Dacia und Renault abgeflossen. Oracle hatte die Clop-Ransomware in den Systemen und eine … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/05/cybervorfaelle-asahi-bonify-renault-dacia-oracle-salesforce/
-
Leaked Apple iPad Pro M5 benchmark shows massive improvements
A new leaked benchmark shows Apple’s alleged M5 chip on an iPad, and it’s almost as fast as a desktop CPU. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/leaked-apple-ipad-pro-m5-benchmark-shows-massive-improvements/
-
Leaked Apple iPad Pro M5 benchmark shows it’s faster than some laptop CPUs
A new leaked benchmark shows Apple’s alleged M5 chip on an iPad, and it’s almost as fast as a desktop CPU. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/leaked-apple-ipad-pro-m5-benchmark-shows-its-faster-than-some-laptop-cpus/
-
Leaked Apple iPad Pro M5 benchmark shows it’s faster than some laptop CPUs
A new leaked benchmark shows Apple’s alleged M5 chip on an iPad, and it’s almost as fast as a desktop CPU. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/leaked-apple-ipad-pro-m5-benchmark-shows-its-faster-than-some-laptop-cpus/