Tag: data-breach
-
Food Retail Giant’s Breach: 2.2 Million Employees Affected
Personal Data Stolen in Ransomware Hit, Says Dutch Owner of Stop & Shop, Giant Food. Food retail giant Ahold Delhaize USA is notifying 2.2 million current and former employees, as well as an unspecified number of employees in the Netherlands, that a November 2024 data breach exposed their personally identifiable information, including Social Security numbers…
-
Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains
The Dutch conglomerate behind Hannaford, Stop & Shop and other major grocery brands informed state regulators of the scope of a November cyberattack that hampered online orders and leaked sensitive data. First seen on therecord.media Jump to article: therecord.media/hackers-cyberattack-grocery-chain
-
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks
Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-managementThe current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
-
Frequently Asked Questions About Iranian Cyber Operations
Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windowsTenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
-
Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected
A newly disclosed critical vulnerability in Hunt Electronics’ hybrid DVRs has left thousands of surveillance systems dangerously exposed, with administrator credentials accessible in plaintext to anyone on the internet. Security researchers have assigned this flaw the identifier CVE-2025-6561, and it carries a maximum CVSS severity score of 9.8, underscoring the urgent need for immediate action…
-
Retail giant Ahold Delhaize says data breach affects 2.2 million people
Ahold Delhaize, one of the world’s largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/retail-giant-ahold-delhaize-says-data-breach-affects-22-million-people/
-
Confidential Computing für sichere KI-Nutzung – Datenlecks sind ein zentrales Problem der generativen KI
First seen on security-insider.de Jump to article: www.security-insider.de/ki-datenschutz-confidential-computing-loesung-a-d9a2b450d9f1d1cc409becff0975ccfe/
-
Nationwide Recovery Service Hack Grows to 500,000 Victims
Debt Collector’s 2024 Data Breach Affected Multiple Hospitals and Medical Practices. The list of healthcare sector clients reporting large health data breaches from the 2024 hack on debt collection firm Nationwide Recovery Service continues to grow, as does the vast number of affected patients. So far, the hack has affected at least 500,000 patients. First…
-
Microsoft Entra SaaS apps remain exposed to nOAuth flaw
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-entra-saas-apps-remain-exposed-to-noauth-flaw
-
Threat hunting gaps leave firms exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/threat-hunting-gaps-leave-firms-exposed
-
Infostealer behind extensive Paraguayan data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/infostealer-behind-extensive-paraguayan-data-breach
-
The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb
Tags: access, attack, breach, business, cloud, container, credentials, cve, data, data-breach, detection, exploit, group, iam, identity, infrastructure, Internet, least-privilege, mitigation, monitoring, network, remote-code-execution, risk, service, vulnerabilityDon’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help. In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous, but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that…
-
BreachForums: ShinyHunters Members Arrested, IntelBroker Identified as Kai West
Four alleged ShinyHunters members arrested, IntelBroker exposed as British national Kai West in global crackdown linked to BreachForums and major data breaches. First seen on hackread.com Jump to article: hackread.com/breachforums-shinyhunters-arrested-intelbroker-kai-west/
-
Cybercriminals Use TeamFiltration Pentesting Framework to Breach Microsoft Teams, OneDrive, Outlook, and More
Tags: breach, cyber, cybercrime, data-breach, exploit, framework, malicious, microsoft, penetration-testing, threat, toolProofpoint threat researchers have exposed an active account takeover (ATO) campaign, dubbed UNK_SneakyStrike, exploiting the TeamFiltration pentesting framework to target Microsoft Entra ID user accounts. Since December 2024, this malicious operation has impacted over 80,000 user accounts across hundreds of organizations, achieving several successful breaches. UNK_SneakyStrike Campaign The attackers have weaponized TeamFiltration a tool originally…
-
Seit Jahresbeginn – 16 Milliarden Zugangsdaten aus mehreren Datenlecks aufgetaucht
Tags: data-breachFirst seen on security-insider.de Jump to article: www.security-insider.de/infostealer-16-milliarden-ungeschuetzte-zugangsdaten-entdeckt-a-ddd340786754b7ddf5f747e766e58495/
-
Misconfigured MCP servers expose AI agent systems to compromise
Tags: access, ai, api, attack, authentication, control, credentials, data, data-breach, exploit, firewall, injection, Internet, leak, LLM, login, malicious, network, openai, risk, risk-assessment, service, tool, vulnerability‘NeighborJack’: Opening MCP servers to the internet: Many MCP servers lack strong authentication by default. Deployed locally on a system, anyone with access to their communication interface can potentially issue commands through the protocol to access their functionality. This is not necessarily a problem when the MCP server listens only to the local address 127.0.0.1,…
-
North Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm Packages
A new cyber campaign orchestrated by North Korean threat actors has been exposed by the Socket Threat Research Team, revealing a sophisticated supply chain attack targeting software developers through the npm registry. Linked to the Contagious Interview operation, these adversaries have published 35 malicious npm packages across 24 accounts, with six still active on the…
-
Judge approves AT&T’s $177M data breach settlement
The settlement, which has received preliminary clearance, now awaits a December hearing for final approval. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/judge-att-177m-settlement-data-breach/751486/
-
BreachForums hacking forum operators reportedly arrested in France
The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/
-
Mainline Health Systems data breach impacted over 100,000 individuals
Mainline Health Systems disclosed a data breach that impacted over 100,000 individuals. Mainline Health Systems is a nonprofit Federally Qualified Health Center founded in 1978 in Portland, Arkansas, serving Southeast Arkansas . With over 30 locations across multiple counties”, including in-school clinics and community centers”, it provides comprehensive primary medical, dental, and behavioral health services.…
-
APT Attackers Leverage Microsoft ClickOnce to Run Malware as Trusted Applications
The Trellix Advanced Research Center has exposed a highly sophisticated Advanced Persistent Threat (APT) malware campaign dubbed >>OneClik,
-
A Guide to Secret Remediation Best Practices
6 min readWith the increasing complexity of cloud environments and the proliferation of APIs, exposed secrets have become a widespread concern. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/a-guide-to-secret-remediation-best-practices/
-
What Water Utilities Need to Know About HMI Security and AI Solutions
Water and Wastewater Systems are increasingly becoming soft targets for sophisticated cyber attackers. A new joint fact sheet from the EPA and CISA puts this threat front and center, warning utilities about the growing risk of internet-exposed Human Machine Interfaces (HMIs). These essential components of water system operations are now being exploited”, especially by state-sponsored…
-
Purportedly stolen Saudi Games data leaked by Iranian hacktivists
First seen on scworld.com Jump to article: www.scworld.com/brief/purportedly-stolen-saudi-games-data-leaked-by-iranian-hacktivists
-
Lessons from Helsinki: NCSC-FI’s Role in Mitigating a Major Data Breach
A representative of NCSC-FI shared some lessons learned from a 2024 data breach affecting the Finnish capital First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/helsinki-ncscfi-major-data-breach/
-
Mclaren Health Care Data Breach Impacts Over 743,000 Patients
Data breach at McLaren Health Care affecting over 743,000 individuals has been linked to a ransomware attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mclaren-health-care-data-breach/
-
Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials.Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page -Those that save collected data to…
-
Aflac, one of the USA’s largest insurers, is the latest to fall >>under siege<< to hackers
The Wall Street Journal reports that Aflac is investigating a breach that may have exposed claims information, health details, Social Security numbers, and other personal data. First seen on grahamcluley.com Jump to article: grahamcluley.com/aflac-one-of-the-usas-largest-insurers-is-the-latest-to-fall-under-siege-to-hackers/
-
Steelmaker Nucor restores operations, confirms limited data breach
The steel products giant said it does not expect the cyberattack to have a material impact on its operations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/steelmaker-nucor-restores-operations-data-breach/751429/