Tag: data-breach
-
Krispy Kreme hack exposed sensitive data of over 160,000 people
Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/krispy-kreme-hack-exposed-sensitive-data-of-over-160-000-people
-
Oxford City Council Cyberattack Disrupts Services and Exposes Historic Election Data
The Oxford City Council is investigating a recent cybersecurity breach that disrupted various council services and potentially exposed the personal data of past election workers. The Oxford City Council cyberattack, which occurred over the weekend of June 78, was identified by the council’s automated defense systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/oxford-city-council-cyberattack/
-
Personal Data of Oxford City Council Officers Exposed
Oxford City Council revealed that attackers accessed data of individuals who worked on Council-administered elections between 2001 and 2022 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/personal-data-oxford-council/
-
16 Billion Passwords Stolen From 320 Million+ Computers Leaked Online
Tags: apple, breach, computer, credentials, cyber, cybersecurity, data, data-breach, github, google, government, identity, Internet, leak, login, password, risk, serviceA staggering 16 billion login credentials, usernames, and passwords have been exposed in what cybersecurity experts are calling the largest data breach in internet history. The leak, which impacts major platforms including Apple, Facebook, Google, Instagram, Telegram, GitHub, and even government services, has put billions of online accounts at unprecedented risk of account takeover, identity…
-
No, the 16 billion credentials leak is not a new data breach
News broke today of a “mother of all breaches,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/
-
Researchers discovered the largest data breach ever, exposing 16 billion login credentials
Researchers discovered the largest data breach ever, exposing 16 billion login credentials, likely due to multiple infostealers. Researchers announced the discovery of what appears to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed. The ongoing investigation, which began earlier this year, suggests that the credentials were collected through…
-
Unpacking the Verizon 2025 Data Breach Investigations Report
Verizon released its annual Data Breach Investigations Report a few weeks ago, and as always, it has been a pleasure to read it. Not just for the facts and statistics but also the subtle humor that makes reading a 100-plus-page document entertaining! We have all been guilty of asking our favorite chatbot to summarize long……
-
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites. This vulnerability, classified as an Insufficient Authorization to Privilege Escalation via Model Context Protocol (MCP), has a CVSS score of 8.8 (High) and has been assigned the identifier CVE-2025-5071. Affecting…
-
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.”Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT…
-
UBS employee data leaked after cyber attack on supplier
UBS and fellow Swiss bank Pictet have been affected by a cyber attack on a procurement service provider First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626166/UBS-employee-data-leaked-after-cyber-attack-on-supplier
-
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud
Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/krispy-kreme-data-breach-financial/
-
Krispy Kreme Data Breach Exposes Customer Personal Information
Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late 2024. The incident, which affected both employees and customers, has raised concerns about data security at one of the world’s most recognized doughnut chains. Discovery and Immediate Response Krispy Kreme…
-
UBS Employee Data Reportedly Exposed in Third Party Attack
Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubs-employee-data-exposed-third/
-
Krispy Kreme says November data breach impacts over 160,000 people
U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/
-
Hackers Claim Breach of Scania Financial Services, Leak Sensitive Data
A significant data breach has rocked Sweden’s Scania Financial Services, as a threat actor operating under the alias “hensi” claims to have infiltrated the subdomain insurance.scania.com, exfiltrating a trove of sensitive files and offering them for sale on underground forums. The incident, first detected in mid-June 2025, has raised concerns across the automotive and financial…
-
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/
-
Why a Layered Approach Is Essential for Cybersecurity and Zero Trust
Today’s cybersecurity landscape is complex and unforgiving. Remote work, Saas, AI Agents, cloud migration, and ever-evolving cyber threats have exposed the limitations of relying on standalone security measures. To reduce risk, CISOs and IT leaders must embrace a layered cybersecurity… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/why-a-layered-approach-is-essential-for-cybersecurity-and-zero-trust/
-
Widespread data breach reported by Zoomcar
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-data-breach-reported-by-zoomcar
-
Scania confirms insurance claim data breach in extortion attempt
Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scania-confirms-insurance-claim-data-breach-in-extortion-attempt/
-
UK watchdog fines 23andMe over 2023 data breach
The ICO said over 150,000 U.K. residents had data stolen in the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/17/uk-watchdog-fines-23andme-over-2023-data-breach/
-
Hacker steals 1 million Cock.li user records in webmail data breach
Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/
-
Critical Vulnerabilities in Sitecore Could Lead to Widespread Enterprise Attacks
A series of newly disclosed critical vulnerabilities in the Sitecore Experience Platform (XP) have raised alarm across the enterprise technology sector, with security researchers warning that unpatched systems could be exposed to devastating remote code execution (RCE) attacks. Sitecore, a widely adopted content management system (CMS) used by major enterprises”, including banks, airlines, and Fortune…
-
Hackers Manipulate Search Engines to Push Malicious Sites
A new wave of cybercrime is exploiting the very backbone of internet trust: search engines. Recent research by Netcraft has exposed a sophisticated and organized SEO poisoning operation, where hackers manipulate search engine algorithms to push malicious websites to the top of search results. At the heart of this campaign is a platform known as…
-
Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
Zoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing. First seen on hackread.com Jump to article: hackread.com/zoomcar-data-breach-exposes-8-million-users-data/
-
ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows
A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS. The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially…
-
Operation 999: Ransomware tabletop tests cyber execs’ response
Tags: access, attack, blueteam, breach, computer, conference, cyber, cyberattack, cybersecurity, data, data-breach, extortion, group, hacker, incident, incident response, infrastructure, leak, military, network, ransom, ransomware, RedTeam, resilience, risk, service, threat, tool, trainingExtortion attempts rebuffed: As the exercise moved on, the blue team refuse to pay a ransom after consulting with the authorities, legal teams, and crisis management experts. Instead of upping the ante by threatening to sabotage the water treatment algorithms or chemical pumps, potentially tainting the supply, the attackers decide to leak customer records online…
-
India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users
Zoomcar disclosed a data breach impacting 8.4M users after attackers compromised its systems and contacted the company staff. Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems. The company is investigating the security…
-
Purportedly stolen VirtualMacOSX data exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/purportedly-stolen-virtualmacosx-data-exposed
-
Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare
The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos First seen on theregister.com Jump to article: www.theregister.com/2025/06/16/extortionists_claim_freedman_healthcare_hack/