Tag: data-breach
-
Unveiling the Lumma Password Stealer Attack: Infection Chain and Escalation Tactics Exposed
Lumma, a sophisticated C++-based information stealer, has surged in prevalence over recent years, posing significant risks to both individuals and organizations by exfiltrating sensitive data such as browser credentials, cryptocurrency wallets, and personal files. Developed since December 2022 and distributed as Malware-as-a-Service (MaaS) via Telegram channels with tiered subscriptions, Lumma relies on initial access brokers…
-
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw
Tags: access, cisco, control, cve, cyber, data-breach, exploit, flaw, identity, network, remote-code-execution, service, vulnerability, zero-daySecurity researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform and has been actively exploited in the wild. Critical Zero-Day Vulnerability Exposed The vulnerability was…
-
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app’s members. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/
-
France’s warship builder Naval Group investigates 1TB data breach
France’s state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/frances-warship-builder-naval-group-investigates-1tb-data-breach/
-
Free Autoswagger Tool Finds the API Flaws Attackers Hope You Miss
Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls”, before attackers find them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/free-tool-autoswagger-finds-the-api-flaws-attackers-hope-you-miss/
-
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a “legacy data storage system” that exposed photos of users, including images of driver’s licenses. First seen on therecord.media Jump to article: therecord.media/tea-app-data-breach-stolen-ids-leaked
-
Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss
Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls”, before attackers find them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/free-tool-autoswagger-finds-the-api-flaws-attackers-hope-you-miss/
-
400,000 WordPress Websites Exposed by Post SMTP Plugin Vulnerability
A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below of the plugin, allowing even low-privileged users to access sensitive email data and ultimately gain administrative control of affected websites as…
-
Women’s Dating App “Tea” Data Leak Exposes 13,000 User Selfies
Tea, a women-only dating safety app that allows users to review and share information about men they’ve dated anonymously, has suffered a significant data breach that exposed approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted during account verification. The breach was discovered at 6:44 AM PST on Friday, July 25th,…
-
Leak Zone Dark Web Forum Breach Exposes 22 Million User IPs and Locations
A significant data breach has exposed sensitive information about users of Leakzone, a prominent dark web forum known for trading hacking tools and compromised accounts. Security firm UpGuard discovered an unprotected Elasticsearch database containing approximately 22 million web request records, revealing user IP addresses, geographical locations, and internet service provider details from visitors to the…
-
Unbefugter Zugriff bei einer Universität in Utah, USA
Data Breach Notification First seen on maine.gov Jump to article: www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5640d3c6-3ac7-408b-a7fa-7f6a76d1ad42.html
-
Cyber-Zwischenfall bei einem US-Motorsportverband
Data Breach Notification First seen on maine.gov Jump to article: www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/dff3c2fa-cf00-4967-9715-22dbe34996a1.html
-
Cyberangriff auf eine Stadtverwaltung in Rhode Island, USA
Data Breach Notification First seen on maine.gov Jump to article: www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/bbadd348-a631-4500-b7b7-39c45eb0bb92.html
-
Political parties hold vast amounts of data about Australians. Experts say it’s a growing risk
Ransomware attack puts focus on privacy risks for political parties, which are exempt from many data protection obligations<ul><li><a href=”https://www.theguardian.com/australia-news/live/2025/jul/27/australia-news-live-anthony-albanese-richard-marles-aukus-defence-talisman-sabre-israel-gaza-ntwnfb”>Follow our Australia news live blog for latest updates</li><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>More than two years before the data breach of Clive Palmer’s Trumpet of Patriots and United…
-
Unberechtigte Abbuchungen auf Debit-Karte: Datenabfluss bei Commerzbank?
Tags: data-breachKommen wir in Teil 2 zum Fall der Commerzbank, auf den mich ein Leser über eine persönliche Nachricht über Facebook hingewiesen hat. Auch dort stellt sich die Frage nach einem Datenleck, nachdem über eine Debit-Karte unberechtigte Abbuchungen erfolgten. In Teil … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/27/unberechtigte-abbuchungen-auf-debit-karte-datenabfluss-bei-commerzbank/
-
Political parities hold vast amounts of data about Australians. Experts say it’s a growing risk
Ransomware attack puts focus on privacy risks for political parties, which are exempt from many data protection obligations<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>More than two years before the data breach of Clive Palmer’s Trumpet of Patriots and United Australia parties, the federal government was warned that there…
-
Trumpet of Patriots hack: calls for political parties to be forced to report data breaches
Ransomware attack puts focus on privacy risks for political parties, which are exempt from many data protection obligations<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>More than two years before the data breach of Clive Palmer’s Trumpet of Patriots and United Australia parties, the federal government was warned that there…
-
Allianz Life confirms data breach impacts majority of 1.4 million customers
Insurance company Allianz Life has confirmed that the personal information for the “majority” of its 1.4 million customers was exposed in a data breach that occurred earlier this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/
-
Dating safety app Tea breached, exposing 72,000 user images
Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/26/dating-safety-app-tea-breached-exposing-72000-user-images/
-
Microsoft untersucht, ob SharePoint 0-day vorab an Hacker geleakt wurde
Konnten mutmaßlich chinesische Hacker vorab auf interne Beschreibungen von 0-Day-Schwachstellen in Microsoft SharePoint Server zugreifen, bevor diese am vorigen Wochenende ausgenutzt wurden? Microsoft untersucht jedenfalls, ob es ein Leak in internen Systemen gab, wo solche Informationen gespeichert sind. Angriff auf … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/26/microsoft-untersucht-ob-sharepoint-0-day-vorab-an-hacker-geleakt-wurde/
-
NASCAR confirms data breach after March cyberattack
NASCAR warned that a cyberattack that began in March exposed Social Security numbers. First seen on therecord.media Jump to article: therecord.media/nascar-confirms-data-breach
-
Philadelphia Indemnity Insurance discloses June data breach
The regulatory filing follows a wave of hacks against the industry that researchers have linked to Scattered Spider. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/philadelphia–insurance-june-data-breach/754091/
-
NASCAR Confirms Medusa Ransomware Breach After $4M Demand
Medusa Ransomware breached NASCAR, demanded $4 million, leaked sensitive data including maps and staff info, exposing major security failures. The incident was exclusively reported by Hackread.com. First seen on hackread.com Jump to article: hackread.com/nascar-ransomware-confirm-medusa-ransomware-data-breach/