Tag: data-breach
-
Datenleck: 500.000 Rechnungen und Ausweise von Hotelgästen geleakt
CCC-Sprecher Matthias Marx hat ein Datenleck bei der Hotelkette Numa aufgedeckt. Er konnte auf Rechnungen und Ausweise fremder Personen zugreifen. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-numa-ausweisdaten-von-hotelgaesten-frei-zugaenglich-im-netz-2506-197067.html
-
40,000 security cameras exposed, raises espionage concerns
First seen on scworld.com Jump to article: www.scworld.com/news/40000-security-cameras-exposed-raises-espionage-concerns
-
OneLogin AD Connector Vulnerabilities Expose Authentication Credentials
Tags: access, authentication, credentials, cyber, data-breach, flaw, identity, malicious, risk, service, vulnerabilityA critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, impersonate users, and access sensitive applications through OneLogin’s platform. OneLogin, a prominent identity and access management (IAM) solution, integrates with popular…
-
137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor
SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases involving suspects Yuasa and Kimata. This historical incident demonstrates the scale of data security challenges telecommunications companies face. Current Data Protection Framework SoftBank has established comprehensive data protection policies following…
-
Google Bug Allowed Brute-Forcing of Any User Phone Number
The weakness in Google’s password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-bug-brute-forcing-phone-number
-
AI is Redefining Cyber Risk Quantification: Here’s What Every CISO Needs to Know
For years, security leaders have been stuck in a reporting loop: patch volumes, CVSS scores, and red-yellow-green dashboards. These are useful”¦ until they hit the boardroom. That’s when things fall apart. “What does a CVSS score of 9.8 mean for our revenue?” “How exposed are we to real-world loss?” “How much should we budget for……
-
AI is Redefining Cyber Risk Quantification: Here’s What Every CISO Needs to Know
For years, security leaders have been stuck in a reporting loop: patch volumes, CVSS scores, and red-yellow-green dashboards. These are useful”¦ until they hit the boardroom. That’s when things fall apart. “What does a CVSS score of 9.8 mean for our revenue?” “How exposed are we to real-world loss?” “How much should we budget for……
-
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Threat intelligence firm GreyNoise has warned of a “coordinated brute-force activity” targeting Apache Tomcat Manager interfaces.The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to “identify and access exposed Tomcat services at scale.”To that end, 295 unique IP addresses have…
-
Brute-force attacks target Apache Tomcat management panels
A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/
-
Half of Mobile Users Now Face Daily Scams
Malwarebytes claims 44% of mobile users are exposed to scams every day First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/half-of-mobile-users-now-face/
-
DanaBot malware operators exposed via C2 bug added in 2022
A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/danabot-malware-operators-exposed-via-c2-bug-added-in-2022/
-
300K Crash Reports Stolen in Texas DOT Hack
Crash Records and Driver Data Exposed in Texas Transportation Hack. Hackers accessed the Texas Department of Transportation’s crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals. First seen on govinfosecurity.com Jump to article:…
-
Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports
Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash Records Information System (CRIS). Threat actors compromised the Crash Records Information System (CRIS) from the Texas Department of Transportation (TxDOT) and stole 300,000 Crash Reports. The Texas Department of Transportation is a state agency that manages Texas’s transportation systems. It…
-
Ticketmaster data obtained from Snowflake hack momentarily leaked
First seen on scworld.com Jump to article: www.scworld.com/brief/ticketmaster-data-obtained-from-snowflake-hack-momentarily-leaked
-
Sensata warns of ransomware-related data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/sensata-warns-of-ransomware-related-data-breach
-
Texas Dept. of Transportation breached, 300k crash records stolen
The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-dept-of-transportation-breached-300k-crash-records-stolen/
-
AI is a data-breach time bomb, reveals new report
AI acts like Pac-Man”, devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/
-
Mastery Schools Notifies 37,031 of Major Data Breach
A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mastery-schools-data-breach/
-
Over 84,000 Roundcube Webmail Installations Exposed to Remote Code Vulnerabilities
Security researchers have identified a critical vulnerability in Roundcube Webmail that affects over 84,000 unpatched installations worldwide, according to data from The Shadowserver Foundation. The vulnerability, designated CVE-2025-49113, enables authenticated attackers to execute arbitrary code remotely and has already been exploited in targeted attacks potentially conducted by state actors. The vulnerability affects all Roundcube versions…
-
AI threats leave SecOps teams burned out and exposed
Security teams are leaning hard into AI, and fast. A recent survey of 500 senior cybersecurity pros at big U.S. companies found that 86% have ramped up their AI use in the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/10/ai-powered-attacks-secops-teams/
-
Connected and exposed: Building a cyber future America can trust
First seen on scworld.com Jump to article: www.scworld.com/perspective/connected-and-exposed-building-a-cyber-future-america-can-trust
-
Data breach impacts Pennsylvanian law firm CML
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-impacts-pennsylvanian-law-firm-cml
-
Optima Tax Relief data exposed by Chaos ransomware
First seen on scworld.com Jump to article: www.scworld.com/brief/optima-tax-relief-data-exposed-by-chaos-ransomware
-
Can Online Casino Accounts Be Hacked?
Online casino platforms are not immune to compromise, but the most successful breaches don’t happen through the front door. They happen when users bring bad habits to high-risk environments. For hackers, it’s rarely about breaking encryption, it’s about exploiting behavior. Exposed Credentials Still Drive Most Attacks The majority of online casino account breaches don’t start…
-
Limited Canva Creator Data Exposed Via AI Chatbot Database
A Chroma database operated by Russian AI chatbot startup My Jedai was found exposed online, leaking survey responses… First seen on hackread.com Jump to article: hackread.com/limited-canva-creator-data-expose-ai-chatbot-database/
-
Boards Leave CISOs Exposed to Legal Risks
Attorney Jonathan Armstrong Says Board Diversity Must Include Cybersecurity Skills. Many boards lack cybersecurity expertise, leaving CISOs exposed to legal risks. New fraud laws and AI regulations compound the challenge as security leaders struggle for boardroom support, said Jonathan Armstrong, partner at Punter Southall Law. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/boards-leave-cisos-exposed-to-legal-risks-a-28621
-
Sensata Technologies says personal data stolen by ransomware gang
Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sensata-technologies-says-personal-data-stolen-by-ransomware-gang/
-
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Extension code uses hardcoded credentials: Guo added that hardcoded credentials, such as API keys, secrets, and tokens, are exposed within popular extensions’ JavaScript, making them accessible to anyone who inspects the extension’s source code. For instance, Avast Online Security and Privacy and AVG Online Security extensions, aimed at browsing privacy and security, both contain hardcoded Google…
-
Cloud assets have 115 vulnerabilities on average, some several years old
Tags: access, ai, api, attack, cloud, credentials, data, data-breach, github, gitlab, iam, infrastructure, risk, service, strategy, threat, vulnerabilityIsolated risks lead to bigger issues: Orca also warns that half of organizations have assets exposing attack paths that can lead to sensitive data exposure, as well as 23% with paths that lead to broad permission access and compromised hosts. Attack paths are the combination of risks that appear isolated but can be combined to…
-
Ein pragmatischer Ansatz – Bereit sein fürs Worst-Case-Szenario bei sensiblen Datenlecks
Tags: data-breachFirst seen on security-insider.de Jump to article: www.security-insider.de/datenlecks-worst-case-a-b9140657beda574ae166803d67adf036/