Tag: data-breach
-
Krispy Kreme Data Breach Exposes Customer Personal Information
Krispy Kreme Doughnut Corporation has confirmed a significant data breach that exposed the personal information of over 160,000 individuals following a ransomware attack in late 2024. The incident, which affected both employees and customers, has raised concerns about data security at one of the world’s most recognized doughnut chains. Discovery and Immediate Response Krispy Kreme…
-
UBS Employee Data Reportedly Exposed in Third Party Attack
Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ubs-employee-data-exposed-third/
-
Krispy Kreme says November data breach impacts over 160,000 people
U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/
-
Hackers Claim Breach of Scania Financial Services, Leak Sensitive Data
A significant data breach has rocked Sweden’s Scania Financial Services, as a threat actor operating under the alias “hensi” claims to have infiltrated the subdomain insurance.scania.com, exfiltrating a trove of sensitive files and offering them for sale on underground forums. The incident, first detected in mid-June 2025, has raised concerns across the automotive and financial…
-
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/
-
Why a Layered Approach Is Essential for Cybersecurity and Zero Trust
Today’s cybersecurity landscape is complex and unforgiving. Remote work, Saas, AI Agents, cloud migration, and ever-evolving cyber threats have exposed the limitations of relying on standalone security measures. To reduce risk, CISOs and IT leaders must embrace a layered cybersecurity… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/why-a-layered-approach-is-essential-for-cybersecurity-and-zero-trust/
-
Widespread data breach reported by Zoomcar
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-data-breach-reported-by-zoomcar
-
Scania confirms insurance claim data breach in extortion attempt
Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scania-confirms-insurance-claim-data-breach-in-extortion-attempt/
-
UK watchdog fines 23andMe over 2023 data breach
The ICO said over 150,000 U.K. residents had data stolen in the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/17/uk-watchdog-fines-23andme-over-2023-data-breach/
-
Hacker steals 1 million Cock.li user records in webmail data breach
Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/
-
Critical Vulnerabilities in Sitecore Could Lead to Widespread Enterprise Attacks
A series of newly disclosed critical vulnerabilities in the Sitecore Experience Platform (XP) have raised alarm across the enterprise technology sector, with security researchers warning that unpatched systems could be exposed to devastating remote code execution (RCE) attacks. Sitecore, a widely adopted content management system (CMS) used by major enterprises”, including banks, airlines, and Fortune…
-
Hackers Manipulate Search Engines to Push Malicious Sites
A new wave of cybercrime is exploiting the very backbone of internet trust: search engines. Recent research by Netcraft has exposed a sophisticated and organized SEO poisoning operation, where hackers manipulate search engine algorithms to push malicious websites to the top of search results. At the heart of this campaign is a platform known as…
-
Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
Zoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing. First seen on hackread.com Jump to article: hackread.com/zoomcar-data-breach-exposes-8-million-users-data/
-
ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows
A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS. The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially…
-
Operation 999: Ransomware tabletop tests cyber execs’ response
Tags: access, attack, blueteam, breach, computer, conference, cyber, cyberattack, cybersecurity, data, data-breach, extortion, group, hacker, incident, incident response, infrastructure, leak, military, network, ransom, ransomware, RedTeam, resilience, risk, service, threat, tool, trainingExtortion attempts rebuffed: As the exercise moved on, the blue team refuse to pay a ransom after consulting with the authorities, legal teams, and crisis management experts. Instead of upping the ante by threatening to sabotage the water treatment algorithms or chemical pumps, potentially tainting the supply, the attackers decide to leak customer records online…
-
India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users
Zoomcar disclosed a data breach impacting 8.4M users after attackers compromised its systems and contacted the company staff. Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems. The company is investigating the security…
-
Purportedly stolen VirtualMacOSX data exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/purportedly-stolen-virtualmacosx-data-exposed
-
Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare
The group has previously threatened to SWAT cancer patients and leaked pre-op plastic surgery photos First seen on theregister.com Jump to article: www.theregister.com/2025/06/16/extortionists_claim_freedman_healthcare_hack/
-
8.4 million people affected by data breach at Indian car share company Zoomcar
The Bengaluru-based company told investors that it initially became aware of the breach on June 9. First seen on therecord.media Jump to article: therecord.media/8-million-affected-zoomcar-data-breach
-
Zoomcar discloses security breach impacting 8.4 million users
Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zoomcar-discloses-security-breach-impacting-84-million-users/
-
Zoomcar Data Breach Exposes Sensitive Details of 8.4 Million Users
Zoomcar Holdings, Inc., the prominent car-sharing platform, has confirmed a significant data breach that has compromised the personal information of approximately 8.4 million users. The incident, which was first detected on June 9, 2025, was disclosed in a recent filing with the U.S. Securities and Exchange Commission (SEC), raising concerns about data security and privacy…
-
Over a Third of Grafana Instances Exposed to XSS Flaw
Some 36% of Grafana instances are vulnerable to account takeover bug, putting DevOps teams at risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/over-third-grafana-instances/
-
Vier Milliarden Datensätze – Größtes Datenleck in China aller Zeiten entdeckt
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsleck-vier-milliarden-datensaetze-chinesischer-buerger-a-d4ae87c81c77dfe91b0f9b23e15e6ded/
-
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug/
-
Data breach purportedly pilfers over 64M T-Mobile records
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-purportedly-pilfers-over-64m-t-mobile-records
-
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web. Resecurity has identified 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens leaked on the dark web today. Last week, cybercriminals have offered information about all citizens of Paraguay for sale, demanding $7.4 million in…
-
Identiverse 2025: Trust, Delegation, and the Era of Continuous Identity
Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/identiverse-2025-trust-delegation-and-the-era-of-continuous-identity/
-
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service. Acer has released patched versions (4.00.3058+) to address…
-
Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
Tags: attack, breach, cyber, cybercrime, cybersecurity, data, data-breach, finance, hacker, monitoring, network, open-source, penetration-testing, ransomware, software, tactics, toolFog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedented blend of tactics has targeted major financial institutions, raising alarms among cybersecurity professionals. Unprecedented Toolset in a…
-
TokenBreak Exploit Tricks AI Models Using Minimal Input Changes
HiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI text classification models by exploiting tokenization strategies. This vulnerability affects models designed to detect malicious inputs like prompt injection, spam, and toxic content, leaving protected systems exposed to attacks they were meant to prevent. Technical Breakdown of TokenBreak According to the…