Tag: data-breach
-
Pi-hole discloses data breach via GiveWp WordPress plugin flaw
Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pi-hole-discloses-data-breach-via-givewp-wordpress-plugin-flaw/
-
Hackers leak purported Aeroflot data as Russia denies breach
Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights. First seen on therecord.media Jump to article: therecord.media/hackers-leak-purported-aeroflot-data
-
Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users’ data
The internet-connected sex toy maker said it fixed the vulnerabilities that exposed users’ private email addresses and accounts to takeovers, but said it was also planning to take legal action following the disclosure. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/01/sex-toy-maker-lovense-threatens-legal-action-after-fixing-security-flaws-that-exposed-users-data/
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
Search Engines Are Indexing ChatGPT Chats, Here’s What Our OSINT Found
A significant privacy breach has emerged in the artificial intelligence landscape, as ChatGPT shared conversations are being indexed by major search engines, effectively transforming private exchanges into publicly discoverable content accessible to millions of users worldwide. This discovery has exposed thousands of supposedly confidential conversations, ranging from personal mental health discussions to sensitive business information.…
-
Bug in WordPress-Plugin: Daten aller Pi-hole-Spender geleakt
Durch einen Fehler im WordPress-Plugin GiveWP konnten Namen und E-Mail-Adressen aller Unterstützer des Pi-hole-Projektes einfach ausgelesen werden. First seen on golem.de Jump to article: www.golem.de/news/bug-in-wordpress-plugin-daten-aller-pi-hole-spender-geleakt-2508-198722.html
-
Ransomware Payment Bans: Prevention Strategy or Misguided Policy?
It’s no secret that ransomware is on the rise, as this escalation is echoed across numerous industry reports. The Verizon 2025 Data Breach Investigations Report (DBIR), for instance, starkly illustrates this reality, revealing that ransomware (with or without encryption) was present in 44% of all breaches reviewed. This marks a substantial 37% increase from their…
-
Over 17,000 SharePoint Servers Found Exposed Online, 840 Vulnerable to Active 0-Day Attacks
Tags: attack, china, cve, cyber, cybersecurity, data-breach, finance, government, healthcare, Internet, microsoft, threat, vulnerability, zero-dayA significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerability, designated CVE-2025-53770 and dubbed >>ToolShell
-
Breach Roundup: Did China Have a Sneak Peek Into ToolShell?
Also: ToolShell Hits South Africa, Most Americans Are Online Fraud Victims. This week: Did China sneak a peek into ToolShell? ToolShell hacking in South Africa, Cisco flaws, an Arizona woman sentenced for aiding North Korea. Most Americans scammed online, a NASCAR data breach and a claimed data leak at France’s Naval Group. Orange telecom disrupted.…
-
Seeing Your APIs Through an Attacker’s Eyes: Introducing Salt Surface
Tags: api, attack, backdoor, breach, cloud, data-breach, endpoint, firewall, Internet, monitoring, risk, tool, vulnerability, wafYour API attack surface is larger and more exposed than you realize. In today’s complex, cloud-native environment, APIs are deployed at an astonishing rate. While this rapid pace fuels innovation, it also creates a significant visibility gap. The APIs you are aware of and manage are only the tip of the iceberg. Your actual risk…
-
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threatSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
-
Metas Achselzucken, Ihr Risiko: Wie Facebooks Datenlecks in Silicon Valley zur neuen Normalität wurden
Es begann, wie diese Geschichten es oft tun, nicht mit einem Knall, sondern mit einem Prahlen. Vor fast zwei Monaten behauptete ein Hacker in einem dunklen Forum, 1,2 Milliarden Facebook-Nutzerdaten abgesaugt zu haben Namen, E-Mail-Adressen, Telefonnummern, Geburtstage, Standorte, die digitalen Brotkrumen echter Leben. Das Forschungsteam von Cybernews machte sich daran, die Behauptung zu überprüfen…. First…
-
Ransomware gang tells Ingram Micro, ‘Pay up by August 1’
Tags: access, attack, backup, breach, cyber, cyberattack, data, data-breach, encryption, exploit, extortion, government, group, international, Internet, law, leak, organized, ransom, ransomware, technology, tool, vpn, vulnerabilityRansomware attacks increase: In a report on ransomware released this week, researchers at Zscaler ThreatLabz said the number of organizations listed on all ransomware leak sites rose 70% in the 12 month period ending in April.A growing number of ransomware operators are abandoning encryption of data in favour of just data extortion, it noted. For…
-
Smashing Security podcast #428: Red flags, leaked chats, and a final farewell
Tags: data-breachThe viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-428/
-
Global Data Breach Costs Go Down, but Not in US
AI Tools Detect Breaches Quicker but Shadow AI Causes Breaches, Too. Organizations are detecting data breaches more quickly and paying less to remediate them, says IBM’s new Cost of a Data Breach Report 2025. Some caveats apply, with U.S. organizations experiencing higher breach costs. Breach fallout from shadow AI is also rising. First seen on…
-
2 Law Group Data Theft Hacks Affect 282,100 Patients
Firm Admits Paying Ransom in Exchange of Hacker’s Promise to Delete Stolen Info. Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked…
-
U.S. Data Breach Costs Rise as Global Average Falls
Data breaches in the U.S. are getting more costly even as they’re getting cheaper in the rest of the world. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/us-data-breach-costs-rise/
-
Applying Tenable’s Risk-based Vulnerability Management to the Australian Cyber Security Centre’s Essential Eight
Tags: ai, attack, breach, business, cloud, compliance, container, control, cvss, cyber, cybersecurity, data, data-breach, defense, endpoint, finance, firewall, framework, google, government, identity, incident response, infrastructure, intelligence, Internet, microsoft, mitigation, network, ransomware, risk, service, software, strategy, technology, threat, tool, update, vpn, vulnerability, vulnerability-management, windows, zero-dayLearn how Thales Cyber Services uses Tenable to help customers navigate the maturity levels of the Essential Eight, enabling vulnerability management and staying ahead of cyber threats. In today’s fast-moving digital world, cyber threats are more advanced and relentless than ever. A single security breach can mean financial loss, reputational damage and operational chaos. That’s…
-
Average cost of a data breach in US shoots to record $10 million
The global average cost of a data breach fell from $4.88 million in 2024, a 9% decrease that now matches numbers seen in 2023. First seen on therecord.media Jump to article: therecord.media/ibm-data-breach-report-us-losses
-
Inc Ransomware Claims 1.2TB Data Breach at Dollar Tree
The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail… First seen on hackread.com Jump to article: hackread.com/inc-ransomware-1-2tb-data-breach-at-dollar-tree/
-
Researchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit Access
Cybersecurity researchers from Flashpoint have exposed the intricate tactics employed by North Korean threat actors to infiltrate global organizations through remote work vulnerabilities. These operatives, affiliated with the Democratic People’s Republic of Korea (DPRK), masquerade as legitimate freelance developers, IT specialists, and contractors, embedding themselves in corporate workflows to siphon off at least $88 million…
-
IBM Report Sees Drop in Global Data Breach Costs Except in U.S.
An annual global analysis of 113,620 data breaches published by IBM today finds the cost of the average data breach decreased by 9% year over year, thanks mainly to faster discovery and containment. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/ibm-report-sees-drop-in-global-data-breach-costs-except-in-u-s/
-
CostaBreach-Report Kosten von Datenlecks sinken in Deutschland erstmals seit fünf Jahre
IBM veröffentlichte den jährlichen weltweiten . Die Ausgabe 2025 zeigt, dass die durchschnittlichen Kosten eines Datenlecks in Deutschland auf 3,87 Millionen Euro (ca. 4,03 Millionen US-Dollar) pro Vorfall gesunken sind im Vorjahr lagen sie noch bei 4,9 Millionen Euro (ca. 5,31 Millionen US-Dollar). Weltweit sank der Durchschnittswert auf 4,44 […] First seen on netzpalaver.de Jump…
-
Data Breach Costs Fall for First Time in Five Years
IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/data-breach-costs-fall/
-
Research shows data breach costs have reached an all-time high
IBM’s yearly report finds that a data breach now costs U.S. organizations more than $10 million for recovery. First seen on cyberscoop.com Jump to article: cyberscoop.com/ibm-cost-data-breach-2025/
-
Oracle/Cerner EHR Hack: Breach Reports Still Trickling In
At Least 410,000 Patients Reported Affected, But Likely Even More Victims. Months after news first broke that a hacking incident compromised legacy patient data hosted by Cerner electronic health record servers that were set to migrate to parent company Oracle’s cloud environment, data breach reports related to the hack are still slowly trickling in to…
-
Tea App Data Breach Deepens, with 1.1 Million User Chats Exposed
The security breach of the popular women-only safe-dating app Tea widened over the weekend, when a second database storing 1.1 million DMs between members was compromised. News of the exposure came days after an initial investigation found that a database holding older data, including photos, was breached. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/tea-app-data-breach-deepens-with-1-1-million-user-chats-exposed/
-
Tea app disables DMs after second data breach exposed over a million private messages
Dating safety app Tea experienced a second data breach in as many weeks, exposing over a million sensitive messages between users. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/29/tea-apps-data-breach-gets-much-worse-exposing-over-a-million-private-messages/