Tag: data-breach
-
Seychelles Commercial Bank Confirms Customer Data Breach
Hacker Claims to Have Exploited Flaw in Oracle WebLogic Server, Sold Stolen Data. Seychelles Commercial Bank is warning customers that a hacker stole their personal information – but no money – from their accounts after breaching its systems. The hacker involved claims to have stolen and sold two gigabytes of customer data from the bank,…
-
Lessons Learned From McDonald’s Big AI Flub
McDonald’s hiring platform was using its original default credentials and inadvertently exposed information belonging to approximately 64 million job applicants. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-learned-mcdonalds-ai-flub
-
DragonForce hackers claim responsibility for Belk data breach
The North Carolina-based retailer is the latest known victim in a spree of attacks in the U.K. and U.S. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/dragonforce–claim-belk-data-breach/753067/
-
DOGE staffer with access to Americans’ personal data leaked private xAI API key
The researcher who found the exposed key said it “raises questions” about how DOGE handles sensitive data. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/15/doge-staffer-with-access-to-americans-personal-data-leaked-private-xai-api-key/
-
UK Pet Owners Targeted by Fake Microchip Renewal Scams
Microchip renewal scam targets UK pet owners using leaked data from insecure registries. Emails appear legit but aim to steal money and personal info. First seen on hackread.com Jump to article: hackread.com/uk-pet-owners-targeted-fake-microchip-renewal-scams/
-
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies
Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threatCybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
The Unusual Suspect: Git Repos
While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systemsGit is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping First…
-
IoT Devices at Risk Due to eSIM Flaw in Kigen eUICC Cards
A vulnerability in Kigen eUICC cards has exposed billions of IoT devices via flawed eSIM profile management First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iot-risk-esim-flaw-kigens-euicc/
-
Global Louis Vuitton data breach impacts UK, South Korea, and Turkey
Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on July 2nd, 2025, and exposed customer…
-
Louis Vuitton UK Latest Retailer Hit by Data Breach
Louis Vuitton’s UK business has notified customers of a personal data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/louis-vuitton-uk-retailer-data/
-
Putting AI-assisted ‘vibe hacking’ to the test
Tags: access, ai, attack, chatgpt, cyber, cybercrime, cybersecurity, data-breach, defense, exploit, hacking, least-privilege, LLM, network, open-source, strategy, threat, tool, vulnerability, zero-trustUnderwhelming results: For each LLM test, the researchers repeated each task prompt five times to account for variability in responses. For exploit development tasks, models that failed the first task were not allowed to progress to the second, more complex one. The team tested 16 open-source models from Hugging Face that claimed to have been…
-
Wing FTP Server flaw actively exploited shortly after technical details were made public
Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat actors are exploiting a critical flaw, tracked as CVE-2025-47812 (CVSS score of 10), in Wing FTP Server that allows remote code execution with root/system privileges. Wing FTP Server is a secure and flexible file…
-
McDonald’s job app exposes data of 64 Million applicants
Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabilities in the McDonald’s chatbot recruitment platform McHire that exposed the personal information of over 64 million job applicants. The security duo found that McDonald’s hiring bot, built by…
-
‘123456’ password exposed chats for 64 million McDonald’s job chatbot applications
Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/123456-password-exposed-chats-for-64-million-mcdonalds-job-chatbot-applications/
-
‘123456’ password exposed chats for 64 million McDonald’s job applications
Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/123456-password-exposed-chats-for-64-million-mcdonalds-job-applications/
-
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications.”Laravel’s APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub),” GitGuardian said. “If attackers get access to this key, they can exploit a deserialization flaw to…
-
McDonald’s AI Hiring Tool McHire Security Flaw Exposed Candidate Chat Data
McHire’s AI system vulnerability briefly exposed limited candidate chat information. Learn how Paradox promptly fixed the issue, confirming… First seen on hackread.com Jump to article: hackread.com/mcdonalds-ai-hiring-tool-mchire-leaked-job-seekers-data/
-
Leaked Shellter Elite Tool Now Fueling Infostealer Attacks Worldwide
A new report details how the advanced hacking tool Shellter Elite was leaked and is now being used… First seen on hackread.com Jump to article: hackread.com/leaked-shellter-elite-tool-infostealer-attacks-worldwide/
-
‘123456’ password exposed chats for 64 million McDonald’s job applicants
Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/123456-password-exposed-chats-for-64-million-mcdonalds-job-applicants/
-
‘123456’ password exposed info for 64 million McDonald’s job applicants
Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the personal information of more than 64 million job applicants across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/123456-password-exposed-info-for-64-million-mcdonalds-job-applicants/
-
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE
Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called PerfektBlue. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/350m-cars-1b-devices-1-click-bluetooth-rce
-
Rockerbox Data Breach Exposes 245,949 Users’ SSNs and Driver’s Licenses
Jeremiah Fowler, an ethical researcher, discovered an unsecured database with 245,949 entries totaling 286.9 GB in a huge cybersecurity issue. The database was assumed to be owned by Rockerbox, a tax credit consulting organization situated in Texas. The exposed repository, lacking encryption and password protection, housed a trove of personally identifiable information (PII), including full…
-
Paddy Power and BetFair have suffered a data breach
Paddy Power and BetFair have warned customers that “an unauthorised third party” gained access to “limited betting account information” relating to up to 800,000 of their customers. First seen on grahamcluley.com Jump to article: grahamcluley.com/paddy-power-and-betfair-have-suffered-a-data-breach/
-
Laravel APP_KEY Flaw Exploited to Trigger Remote Code Execution on Hundreds of Apps
Tags: credentials, cyber, data, data-breach, exploit, flaw, framework, remote-code-execution, vulnerabilitySecurity researchers have uncovered a critical vulnerability in Laravel applications where exposed APP_KEY credentials are being actively exploited to achieve remote code execution (RCE) on hundreds of production systems. This widespread security flaw stems from Laravel’s automatic deserialization of decrypted data, combined with the framework’s numerous documented gadget chains that enable arbitrary command execution. Critical…
-
McDonald’s AI Hiring Tool McHire Leaked Data of 64 Million Job Seekers
Major security flaw in McDonald’s AI hiring tool McHire exposed 64M job applications. Discover how an IDOR vulnerability… First seen on hackread.com Jump to article: hackread.com/mcdonalds-ai-hiring-tool-mchire-leaked-job-seekers-data/
-
Customer, Employee Data Exposed in Nippon Steel Breach
Information from the company’s NS Solutions subsidiary has yet to show up on any Dark Web sites, but it doesn’t rule out the possibility that the data may have been stolen. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/customer-employee-data-nippon-steel-breach
-
McDonald’s McHire Vulnerability Leaked Data of 64 Million Job Seekers
Major security flaw in McDonald’s McHire platform exposed 64M job applications. Discover how an IDOR vulnerability and weak… First seen on hackread.com Jump to article: hackread.com/mcdonalds-mchire-vulnerability-job-seekers-data-leak/