Tag: data-breach
-
8.4 million people affected by data breach at Indian car share company Zoomcar
The Bengaluru-based company told investors that it initially became aware of the breach on June 9. First seen on therecord.media Jump to article: therecord.media/8-million-affected-zoomcar-data-breach
-
Zoomcar discloses security breach impacting 8.4 million users
Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zoomcar-discloses-security-breach-impacting-84-million-users/
-
Zoomcar Data Breach Exposes Sensitive Details of 8.4 Million Users
Zoomcar Holdings, Inc., the prominent car-sharing platform, has confirmed a significant data breach that has compromised the personal information of approximately 8.4 million users. The incident, which was first detected on June 9, 2025, was disclosed in a recent filing with the U.S. Securities and Exchange Commission (SEC), raising concerns about data security and privacy…
-
Over a Third of Grafana Instances Exposed to XSS Flaw
Some 36% of Grafana instances are vulnerable to account takeover bug, putting DevOps teams at risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/over-third-grafana-instances/
-
Vier Milliarden Datensätze – Größtes Datenleck in China aller Zeiten entdeckt
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsleck-vier-milliarden-datensaetze-chinesischer-buerger-a-d4ae87c81c77dfe91b0f9b23e15e6ded/
-
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug/
-
Data breach purportedly pilfers over 64M T-Mobile records
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-purportedly-pilfers-over-64m-t-mobile-records
-
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web. Resecurity has identified 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens leaked on the dark web today. Last week, cybercriminals have offered information about all citizens of Paraguay for sale, demanding $7.4 million in…
-
Identiverse 2025: Trust, Delegation, and the Era of Continuous Identity
Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/identiverse-2025-trust-delegation-and-the-era-of-continuous-identity/
-
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service. Acer has released patched versions (4.00.3058+) to address…
-
Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
Tags: attack, breach, cyber, cybercrime, cybersecurity, data, data-breach, finance, hacker, monitoring, network, open-source, penetration-testing, ransomware, software, tactics, toolFog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedented blend of tactics has targeted major financial institutions, raising alarms among cybersecurity professionals. Unprecedented Toolset in a…
-
TokenBreak Exploit Tricks AI Models Using Minimal Input Changes
HiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI text classification models by exploiting tokenization strategies. This vulnerability affects models designed to detect malicious inputs like prompt injection, spam, and toxic content, leaving protected systems exposed to attacks they were meant to prevent. Technical Breakdown of TokenBreak According to the…
-
Datenleck: 500.000 Rechnungen und Ausweise von Hotelgästen geleakt
CCC-Sprecher Matthias Marx hat ein Datenleck bei der Hotelkette Numa aufgedeckt. Er konnte auf Rechnungen und Ausweise fremder Personen zugreifen. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-numa-ausweisdaten-von-hotelgaesten-frei-zugaenglich-im-netz-2506-197067.html
-
40,000 security cameras exposed, raises espionage concerns
First seen on scworld.com Jump to article: www.scworld.com/news/40000-security-cameras-exposed-raises-espionage-concerns
-
OneLogin AD Connector Vulnerabilities Expose Authentication Credentials
Tags: access, authentication, credentials, cyber, data-breach, flaw, identity, malicious, risk, service, vulnerabilityA critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, impersonate users, and access sensitive applications through OneLogin’s platform. OneLogin, a prominent identity and access management (IAM) solution, integrates with popular…
-
137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor
SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases involving suspects Yuasa and Kimata. This historical incident demonstrates the scale of data security challenges telecommunications companies face. Current Data Protection Framework SoftBank has established comprehensive data protection policies following…
-
Google Bug Allowed Brute-Forcing of Any User Phone Number
The weakness in Google’s password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-bug-brute-forcing-phone-number
-
AI is Redefining Cyber Risk Quantification: Here’s What Every CISO Needs to Know
For years, security leaders have been stuck in a reporting loop: patch volumes, CVSS scores, and red-yellow-green dashboards. These are useful”¦ until they hit the boardroom. That’s when things fall apart. “What does a CVSS score of 9.8 mean for our revenue?” “How exposed are we to real-world loss?” “How much should we budget for……
-
AI is Redefining Cyber Risk Quantification: Here’s What Every CISO Needs to Know
For years, security leaders have been stuck in a reporting loop: patch volumes, CVSS scores, and red-yellow-green dashboards. These are useful”¦ until they hit the boardroom. That’s when things fall apart. “What does a CVSS score of 9.8 mean for our revenue?” “How exposed are we to real-world loss?” “How much should we budget for……
-
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Threat intelligence firm GreyNoise has warned of a “coordinated brute-force activity” targeting Apache Tomcat Manager interfaces.The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to “identify and access exposed Tomcat services at scale.”To that end, 295 unique IP addresses have…
-
Brute-force attacks target Apache Tomcat management panels
A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/
-
Half of Mobile Users Now Face Daily Scams
Malwarebytes claims 44% of mobile users are exposed to scams every day First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/half-of-mobile-users-now-face/
-
DanaBot malware operators exposed via C2 bug added in 2022
A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/danabot-malware-operators-exposed-via-c2-bug-added-in-2022/
-
300K Crash Reports Stolen in Texas DOT Hack
Crash Records and Driver Data Exposed in Texas Transportation Hack. Hackers accessed the Texas Department of Transportation’s crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals. First seen on govinfosecurity.com Jump to article:…
-
Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports
Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash Records Information System (CRIS). Threat actors compromised the Crash Records Information System (CRIS) from the Texas Department of Transportation (TxDOT) and stole 300,000 Crash Reports. The Texas Department of Transportation is a state agency that manages Texas’s transportation systems. It…
-
Ticketmaster data obtained from Snowflake hack momentarily leaked
First seen on scworld.com Jump to article: www.scworld.com/brief/ticketmaster-data-obtained-from-snowflake-hack-momentarily-leaked
-
Sensata warns of ransomware-related data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/sensata-warns-of-ransomware-related-data-breach
-
Texas Dept. of Transportation breached, 300k crash records stolen
The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-dept-of-transportation-breached-300k-crash-records-stolen/
-
AI is a data-breach time bomb, reveals new report
AI acts like Pac-Man”, devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/
-
Mastery Schools Notifies 37,031 of Major Data Breach
A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mastery-schools-data-breach/