Tag: data-breach
-
Harrods Cyberattack Exposes 430,000 Customer Records in Latest Data Breach
Luxury department store Harrods recently disclosed a data breach, in which, hackers stole information linked to approximately 430,000 customer records. The Harrods data breach has prompted the retailer to inform affected individuals and relevant authorities while stressing that no payment details or passwords were compromised during the incident. First seen on thecyberexpress.com Jump to article:…
-
Harrods Reveals Supply Chain Breach Impacting Online Customers
Department store Harrods has notified e-commerce customers of a major data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/harrods-supply-chain-breach-online/
-
Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M
Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings. First seen on hackread.com Jump to article: hackread.com/medusa-ransomware-comcast-data-breach/
-
Cloud Posture for Lending Platforms: Misconfigurations That Leak PII
We have witnessed a surge in cloud adoption and data exposures, with a similar trajectory. A cloud security report highlights that 95% of organizations experienced cloud-related breaches in an 18-month period. Among them, 92% of breaches exposed sensitive data. It is important to note that most incidents do not germinate from exploits that fall under……
-
Meet LockBit 5.0: Faster ESXi drive encryption, better at evading detection
the Windows binary uses heavy obfuscation and packing: it loads its payload through DLL reflection while implementing anti-analysis techniques like Event Tracing for Windows (ETW) patching and terminating security services;the Linux variant maintains similar functionality with command-line options for targeting specific directories and file types;the ESXi variant specifically targets VMware virtualization environments, and is designed…
-
Salesforce Patches CRM Data Exfiltration Vulnerability
Agentforce Agentic AI Tool Was Exposed to Indirect Prompt Injection Attacks. Salesforce has patched a vulnerability involving its Agentforce agentic artificial intelligence tool, discovered by researchers, that attackers could have exploited using an indirect prompt injection attack to steal sensitive customer data and leads being stored in the CRM system. First seen on govinfosecurity.com Jump…
-
Thousands of Indian bank transfer records found spilling online after security lapse
Security researchers found the exposed Indian bank transfer records, and the data was eventually secured. Indian fintech company NuPay took responsibility for the “configuration” error. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/26/thousands-of-indian-bank-transfer-records-found-online/
-
Trust in MCP takes first inwild hit via squatted Postmark connector
Risks persist even after package removal: Koi security researchers did not hear back when they reached out to the developer (attacker) of version 1.0.16 for clarification on the added ‘Bcc:’. Instead, they noticed the package promptly removed, even before they could report it to npm.However, deleting the package won’t remove it from the machines it…
-
Trust on MCP takes first inwild hit via squatted Postmark connector
Risks persist even after package removal: Koi security researchers did not hear back when they reached out to the developer (attacker) of version 1.0.16 for clarification on the added ‘BCC’. Instead, they noticed the package promptly removed, even before they could report it to npm.However, deleting the package won’t remove it from the machines it…
-
Trust on MCP takes first inwild hit via squatted Postmark connector
Risks persist even after package removal: Koi security researchers did not hear back when they reached out to the developer (attacker) of version 1.0.16 for clarification on the added ‘BCC’. Instead, they noticed the package promptly removed, even before they could report it to npm.However, deleting the package won’t remove it from the machines it…
-
New Botnet ‘Loader-as-a-Service’ Turns Home Routers and IoT into Mirai Farms
CloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux devices, and enterprise applications. The threat actors exploit unsanitized POST parameters”, such as NTP, syslog, and hostname fields”, alongside default credentials and known CVEs in WebLogic, WordPress, and vBulletin systems…
-
Archer Health Data Leak Exposes 23GB of Medical Records
California-based Archer Health exposed 23GB of patient records, including SSNs, IDs, and medical files, after an unprotected database was found online. First seen on hackread.com Jump to article: hackread.com/archer-health-data-leak-23gb-medical-records/
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
Tags: access, ai, attack, breach, corporate, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, endpoint, government, identity, intelligence, jobs, malware, monitoring, ransomware, risk, theft, threat57% lack strong capabilities to invalidate exposed sessionsNearly two-thirds lack repeatable remediation workflowsAbout two-thirds do not have formal investigation protocolsLess than 20% can automate identity remediation across systemsOnly 19% of organizations have automated identity remediation processes in place. The rest rely on case-by-case investigation or incomplete playbooks that leave gaps attackers can exploit.”The defense mission…
-
Volvo Breach: A Closer Look at the Technical and Organizational Gaps
Volvo North America has confirmed a data breach affecting employee records, following a ransomware attack on its HR software provider, Miljödata. The breach did not originate within Volvo’s internal systems but through a third-party platform used for workforce management. The incident appears to involve data exfiltration, not just encryption, and affected other Miljödata clients beyond……
-
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
Tags: access, ai, attack, breach, corporate, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, endpoint, government, identity, intelligence, jobs, malware, monitoring, ransomware, risk, theft, threat57% lack strong capabilities to invalidate exposed sessionsNearly two-thirds lack repeatable remediation workflowsAbout two-thirds do not have formal investigation protocolsLess than 20% can automate identity remediation across systemsOnly 19% of organizations have automated identity remediation processes in place. The rest rely on case-by-case investigation or incomplete playbooks that leave gaps attackers can exploit.”The defense mission…
-
Thousands of Indian bank transfer records found online
Security researchers found the exposed Indian bank transfer records and the data was eventually secured, but nobody wants to take responsibility for the security lapse. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/25/thousands-of-indian-bank-transfer-records-found-online/
-
150,000 Records of Home Health Care Firm Exposed on Web
Researcher Finds Database of Sensitive Patient Info With No Password Protection. An unencrypted database containing nearly 150,000 patient records of a California provider of home health and palliative care services was left exposed on the internet, said a cybersecurity researcher who discovered the unsecured data cache. Why does this keep happening in the healthcare sector?…
-
Callous crims break into preschool network, publish toddlers’ data
Images of toddlers and home addresses leaked in reprehensible landmark attack First seen on theregister.com Jump to article: www.theregister.com/2025/09/25/ransomware_gang_publishes_toddlers_images/
-
Critical infrastructure operators add more insecure industrial equipment online
The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/industrial-control-systems-internet-exposed-vulnerabilities-bitsight/761122/
-
Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata
Volvo North America disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit third-party supplier Miljödata. Volvo NA disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit the third-party supplier Miljödata. The ransomware attack occurred in August and impacted at…
-
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
Cybersecurity firm Noma Security reveals ForcedLeak, a critical flaw in Salesforce Agentforce that allowed data theft. Learn what companies need to do now to secure AI agents. First seen on hackread.com Jump to article: hackread.com/forcedleak-salesforce-agentforce-ai-agent-crm-data/
-
Critical Vulnerability in Salesforce AgentForce Exposed
Critical flaw ForcedLeak in Salesforce’s AgentForce allows CRM data theft via prompt injection First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-flaw-salesforce-agentforce/
-
Co-op Cyberattack Causes £80 Million Profit Loss and Data Breach Impact
The Co-op has revealed that a malicious cyberattack earlier this year impacted its business, resulting in an £80 million hit to its operating profit. The cyberattack on Co-op forced the retailer to take emergency measures that disrupted both its grocery and funeral services, First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cyberattack-on-co-op/
-
RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor
In July 2024, Recorded Future’s Insikt Group publicly exposed TAG-100, a cyber-espionage campaign leveraging the Go-based backdoor Pantegana against high-profile government, intergovernmental and private organizations worldwide. New evidence now attributes TAG-100 to a Chinese state-sponsored threat actor, designated RedNovember. Between June 2024 and July 2025, RedNovember”, overlapping with Storm-2077″, has expanded its operations to target…
-
Thales Named a Leader in the Data Security Posture Management Market
Tags: access, ai, attack, breach, cloud, compliance, container, control, cybersecurity, data, data-breach, defense, detection, encryption, finance, GDPR, google, Hardware, identity, intelligence, law, microsoft, monitoring, network, office, privacy, regulation, resilience, risk, soc, software, strategy, technology, threat, toolThales Named a Leader in the Data Security Posture Management Market madhav Thu, 09/25/2025 – 06:15 Most breaches begin with the same blind spot: organizations don’t know precisely what data they hold, or how exposed it is. Value and risk sit side by side. Data Security Todd Moore – Global VP of Data Security Products…
-
As many as 2 million Cisco devices affected by actively exploited 0-day
Search shows 2 million vulnerable Cisco SNMP interfaces exposed to the Internet. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/as-many-as-2-million-cisco-devices-affected-by-actively-exploited-0-day/