Tag: data-breach
-
Pakistan Launches Probe After Massive SIM Data Leak Hits Millions
The Pakistani government has launched an urgent investigation following reports of a massive data leak involving SIM holders’ personal information, including that of Interior Minister Mohsin Naqvi. The leaked SIM data, reportedly being sold openly online, has sparked national concern over digital security and privacy. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/pakistan-probes-sim-data/
-
Argo CD Security Flaw Rated 9.8 Leaves GitOps Repositories Exposed
Tags: api, cloud, credentials, cve, cvss, data-breach, flaw, kubernetes, open-source, password, tool, vulnerabilityA security flaw in Argo CD, the popular open-source GitOps tool for Kubernetes, has been targeted at the DevOps and cloud-native communities. Tracked as CVE-2025-55190, the vulnerability has been rated critical with a CVSS score of 9.8 out of 10, as it allows attackers to retrieve sensitive repository credentials, including usernames and passwords, through a…
-
Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach
In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. The hosts discuss……
-
Tenable Data Breach Confirmed -Customer Contact Details Compromised
Tenable, a well-known cybersecurity company, has confirmed that it was affected by a recent large-scale data theft campaign. The attack targeted Salesforce and Salesloft Drift integrations, and Tenable was one of the organizations caught up in the incident. The company stressed that while customer contact details were accessed, Tenable products and the data inside those…
-
Wealthsimple Data Breach User Information Leaked Online
Canadian financial technology company Wealthsimple disclosed a data security incident on September 5, 2025, revealing that personal information belonging to less than one percent of its clients was accessed without authorization. The breach, which was detected on August 30, has prompted the company to implement enhanced security measures and offer comprehensive support to affected customers.…
-
Security Affairs newsletter Round 540 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qantas cuts executive bonuses by 15% after a July data breach MeetC2 A serverless C2 […]…
-
Qantas cuts executive bonuses by 15% after a July data breach
Qantas cuts executive bonuses by 15% after a July cyberattack exposed data of 5.7M people, despite reporting $1.5B profit last fiscal year. Qantas cuts executive bonuses by 15% after a July cyberattack that exposed data of 5.7M people, despite posting $1.5B profit in the last fiscal year. This case study demonstrates that a security breach…
-
Qantas penalizes executives for July cyberattack
Australian airline Qantas reduced bonuses for its corporate leaders in response to a breach that exposed the data of 5.7 million people earlier this year. First seen on therecord.media Jump to article: therecord.media/qantas-airline-reduces-bonuses-executives-data-breach
-
Chess.com Hit by Limited Data Breach Linked to 3rd-Party File Transfer Tool
Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No… First seen on hackread.com Jump to article: hackread.com/chess-com-data-breach-3rd-party-file-transfer-tool/
-
Financial services firm Wealthsimple discloses data breach
Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/financial-services-firm-wealthsimple-discloses-data-breach/
-
Chess.com Hit by Limited Data Breach Linked to 3rd-Party File Transfer Tool
Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No… First seen on hackread.com Jump to article: hackread.com/chess-com-data-breach-3rd-party-file-transfer-tool/
-
Critical SAP S/4HANA vulnerability now exploited in attacks
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-sap-s-4hana-vulnerability-now-exploited-in-attacks/
-
South Carolina School District Data Breach Affects 31,000 People
An investigation has revealed that files were stolen in a data breach affecting a South Carolina school district First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/south-carolina-school-district/
-
North Korean Hackers Expose Their Playbook for Swapping Infrastructure
Tags: cyber, cybersecurity, data-breach, hacker, infrastructure, intelligence, malicious, north-korea, threatA sophisticated North Korean cyber operation has been exposed, revealing how state-sponsored hackers systematically monitor cybersecurity intelligence platforms to detect when their malicious infrastructure is discovered and rapidly deploy replacement assets to maintain operations. The analysis, conducted by SentinelLABS in collaboration with Validin, provides unprecedented insight into the operational practices of threat actors behind the…
-
Chess.com Confirms Data Breach After Hackers Exploit External System
Chess.com, the world’s leading online chess platform, has confirmed a significant data breach that compromised personal information of thousands of users after hackers successfully exploited an external system connected to their network. The Orem, Utah-based company disclosed that the security incident affected4,541 individualsacross the United States, including one Maine resident. The breach occurred onJune 5,…
-
Sitecore zero-day configuration flaw under active exploitation
__VIEWSTATE and can be signed and encrypted with keys, called ValidationKey and DecryptionKey, stored in the application configuration file.If these keys are stolen or leaked, attackers can use them to craft malicious ViewState payloads inside POST requests that the server will then decrypt, validate, and execute by loading them into the memory of its worker…
-
Sitecore Zero-Day Sparks New Round of ViewState Threats
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sitecore-zero-day-viewstate-threats
-
Chess.com says 4,500 people had data stolen during June breach
In breach notifications submitted to regulators in Maine and Vermont, Chess.com explained that 4,541 people had personal information exposed to hackers who breached an unnamed file transfer application between June 5 and June 18. First seen on therecord.media Jump to article: therecord.media/chess-platform-data-breach-file-transfer-tool
-
Sitecore zero-day vulnerability springs up from exposed machine key
The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices. First seen on cyberscoop.com Jump to article: cyberscoop.com/sitecore-zero-day-vulnerability/
-
Texas sues PowerSchool over breach exposing 62M students, 880k Texans
Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-sues-powerschool-after-massive-data-breach-hit-62-million-students/
-
Researchers warn of zero-day vulnerability in SiteCore products
Mandiant said it was able to disarm a ViewState deserialization attack leveraging exposed ASP.NET keys. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/researchers-warn-zero-day-vulnerability-sitecore/759269/
-
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/sitecore-zero-day-vulnerability-cve-2025-53690-exploited/
-
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/sitecore-zero-day-vulnerability-cve-2025-53690-exploited/
-
Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident
Palo Alto Networks hit by Drift-linked supply-chain attack, exposing Salesforce customer data and support cases via stolen OAuth tokens. Palo Alto Networks is another victim of the Salesloft Drift incident, which allowed attackers to access its Salesforce account, as per BleepingComputer. The company discloses a breach after attackers used stolen OAuth tokens from Salesloft Drift,…
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
Extensive IPTV Network Spanning 1,000+ Domains and 10,000+ IP Addresses
Cybersecurity firm Silent Push has exposed a colossal illegal Internet Protocol Television (IPTV) network, revealing a sophisticated piracy operation that has been active for years across more than 1,000 domains and over 10,000 unique IP addresses. The findings highlight the immense scale and profitability of modern digital piracy. The network illegally streams premium content from…
-
Cloudflare Joins List of Salesloft Drift Breach Victims
Full Breach Scope Remains Unclear; Hundreds of Organizations Reportedly Affected. The scope of the Salesloft Drift data breach continues to expand, now counting Cloudflare, Zscaler, Palo Alto Networks as victims and what investigators say are many hundreds more organizations that connected their Salesforce, Google Workspace or other tools to Salesloft’s AI chatbot. First seen on…