Tag: data-breach
-
Hack at Anodot leaves over a dozen breached companies facing extortion
The data breach at Anodot, which affects customers like Rockstar Games, is the latest hack aimed at stealing data from a large number of corporate giants. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/13/hack-at-anodot-leaves-over-a-dozen-breached-companies-facing-extortion/
-
Booking.com warns reservation data may have checked out with intruders
Travel giant says names, contact details, dates, and hotel messages potentially exposed First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/bookingcom_breach/
-
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
Tags: access, advisory, ai, api, attack, authentication, breach, cloud, credentials, cve, data-breach, exploit, firewall, flaw, Internet, open-source, rce, remote-code-execution, software, theft, tool, update, vulnerabilityCredentials stolen in under three minutes: To track real-world exploitation, deployed honeypot servers running vulnerable Marimo instances across multiple cloud providers and observed the first exploitation attempt within 9 hours and 41 minutes of disclosure. No ready-made exploit tool existed at the time. The attacker had built one using only the advisory description, Sysdig researchers…
-
13th April Threat Intelligence Report
The Los Angeles Police Department has reported a data breach involving a digital storage system used by the L.A. City Attorney’s Office. The exposure included 7.7 terabytes and more than 337,000 files, […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/13th-april-threat-intelligence-report/
-
Seven IBM WebSphere Liberty flaws can be chained into full takeover
Tags: access, attack, authentication, credentials, cve, data, data-breach, encryption, flaw, ibm, passwordAdminCenter flaws allow further escalation: Beyond initial access, the research outlined critical issues within WebSphere Liberty’s administrative controls. The AdminCenter component, designed to enforce role-based access, contains multiple flaws that allow low-privileged users to access sensitive files and secrets.One issue, tracked under CVE-2025-14915, enables “reader”-level users to retrieve critical server files such as authentication keys,…
-
Basic-Fit Suffers Data Breach Affecting Millions Across Multiple Nations
European fitness operator Basic-Fit has confirmed a significant data breach affecting approximately one million members across its network. The incident heavily impacted users in the Netherlands, which accounted for 200,000 of the compromised accounts. This breach underscores the persistent targeting of consumer lifestyle platforms by threat actors seeking massive datasets. The cyber incident targeted the…
-
Booking.com warns customers of hack that exposed their data
Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt<ul><li><a href=”https://www.theguardian.com/business/live/2026/apr/13/oil-price-barrel-trump-naval-blockade-strait-of-hormuz-stock-markets-ftse-latest-news-updates”>Business live latest updates</li></ul>The accommodation reservation website Booking.com has suffered a data breach with “unauthorised parties” gaining access to customers’ details.The platform said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking…
-
The Dumbest Hack of the Year Exposed a Very Real Problem
Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were. First seen on wired.com Jump to article: www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/
-
Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure
Tags: cve, cvss, cyber, data-breach, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityA critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical CVSS score of 9.3. It allows unauthenticated attackers to gain a full interactive shell on exposed Marimo…
-
Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure
Tags: cve, cvss, cyber, data-breach, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityA critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical CVSS score of 9.3. It allows unauthenticated attackers to gain a full interactive shell on exposed Marimo…
-
What Is Identity Risk Intelligence? (And Why It’s Replacing Monitoring)
Tags: attack, credentials, cybersecurity, data-breach, identity, intelligence, monitoring, risk, toolA new category is emerging in cybersecurity For years, organizations have relied on monitoring tools to detect compromised credentials and exposed data. But as identity has become the primary attack surface, those tools are no longer enough. A new category is emerging in response: Identity Risk Intelligence This isn’t just a new label. It represents……
-
Security Affairs newsletter Round 572 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…
-
Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/12/week-in-review-windows-zero-day-exploit-leaked-patch-tuesday-forecast/
-
Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
Tags: apt, attack, automation, cisa, cyberattack, data-breach, exploit, infrastructure, Internet, iran, technology, threatCensys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…
-
Third-Party Android Vulnerability Leaves Over 50M Users Exposed
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-engagelab-sdk-android-vulnerability-malware-bridge/
-
Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastucture-plcs-iran-hacking-censys/817209/
-
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/
-
[Video] The TTP Ep. 22: The Collapse of the Patch Window
In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/video-the-ttp-ep-22-the-collapse-of-the-patch-window/
-
Nearly 4,000 industrial control devices vulnerable to Iran-linked hacking campaign
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastucture-plcs-iran-hacking-censys/817209/
-
Nearly 4,000 industrial control devices vulnerable to Iran-linked hacking campaign
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastucture-plcs-iran-hacking-censys/817209/
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
-
What Is an LLM Proxy and How Proxies Help Secure AI Models
Explore how LLM proxies secure AI models by controlling prompts, traffic, and outputs across production environments and exposed APIs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/what-is-an-llm-proxy-and-how-proxies-help-secure-ai-models/
-
UK says it exposed Russian submarine activity near undersea cables
A Russian attack submarine and vessels from the country’s Main Directorate of Deep Sea Research (GUGI) were involved in what the UK Ministry of Defence called “nefarious activity over critical undersea infrastructure elsewhere.” First seen on therecord.media Jump to article: therecord.media/uk-says-it-exposed-russian-submarine-activity
-
Alleged 10 Petabyte Data Theft From China’s Tianjin Supercomputing Hub
Hacker claims a 10 petabyte data theft from China’s Tianjin Supercomputing Center, raising concerns over exposed defense-related data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/alleged-10-petabyte-data-theft-from-chinas-tianjin-supercomputing-hub/
-
Iranian APT alert: 5,219 Rockwell PLCs exposed online
Censys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously associated with a November 2023 campaign that compromised at least 75 Unitronics PLCs in U.S. water and wastewater facilities, showing a continuing…
-
EngageLab SDK flaw opens door to private data on 50M Android devices
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…