Tag: data-breach
-
MainStreet Bank reports vendor cyber incident that leaked customer info
In regulatory filings with the Securities and Exchange Commission, MainStreet Bank’s holding company said a cyber incident connected to a third-party vendor had exposed information. First seen on therecord.media Jump to article: therecord.media/Main-street-cyber-incident-bank
-
Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trickbot-conti-ransomware-operator-unmasked
-
Vanta bug exposed customers’ data to other customers
The compliance company said the customer data exposure was caused by a product change. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/02/vanta-bug-exposed-customers-data-to-other-customers/
-
New Tools and Initiatives in Data Breach Monitoring and Healthcare AI
Latest updates on cyber security, AI health initiatives, and pandemic preparedness. Stay informed and take action today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/new-tools-and-initiatives-in-data-breach-monitoring-and-healthcare-ai/
-
Unimed in Brasilien: Cybernews warnt vor großem Datenleck
Tags: data-breachFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/unimed-brasilien-cybernews-warnung-datenleck
-
Chaos Computer Club legt Corplife-Datenleck offen
Bei Corplife, einem Dienstleister für “Mitarbeiterbindung” gab es ein Datenleck in Form von öffentlich abrufbaren Dateien. Der Entdecker wandte sich an den Chaos Computer Club (CCC), der dann den Betreiber informierte. Die Dateien wurden im Februar 2025 offline genommen. Ob … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/31/chaos-computer-club-legt-corplife-schwachstelle-offen/
-
‘Earth Lamia’ Exploits Known SQL, RCE Bugs Across Asia
A highly active Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/earth-lamia-exploits-sql-rce-bugs-asia
-
A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign
Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more. First seen on wired.com Jump to article: www.wired.com/story/trump-chief-staff-susie-wiles-hacker-phishing-impersonation/
-
US military IT specialist arrested for allegedly trying to leak secrets to foreign government
A 28-year-old civilian IT worker at the Defense Intelligence Agency has been arrested in Northern Virginia on suspicion that he leaked secrets to a foreign government. First seen on therecord.media Jump to article: therecord.media/defense-intelligence-agency-it-specialist-suspected-leak-foreign-government
-
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
Tags: attack, authentication, cloud, credentials, cyber, data-breach, email, microsoft, phishing, threatMicrosoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are adapting with advanced methods to steal credentials, especially targeting enterprise cloud environments. AiTM attacks, often…
-
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
Tags: access, advisory, attack, credentials, cve, cyber, data-breach, flaw, network, risk, vulnerabilityIn a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws”, CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047″, allow attackers to gain root-level access through a chain of authenticated attacks, with default credentials and sensitive information exposed in cleartext. Despite the risks, the vendor…
-
Nach Datenleck – Auf Adidas-Kunden kommen Spam und Phishing zu
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-adidas-informationen-betroffene-kunden-a-7c65a098de97739d8a87b195ea9f6858/
-
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias >>cappership.
-
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR
A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid on a suspected laptop farm, showcases a chilling trend where adversaries leverage legitimate software and low-level network protocols to evade traditional Endpoint Detection and Response (EDR)…
-
19 Billion Passwords Leaked: Protect Yourself from Cyber Threats
Discover the implications of the 19 billion passwords leaked in the RockYou2024 breach. Learn essential actions to secure your accounts now! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/19-billion-passwords-leaked-protect-yourself-from-cyber-threats/
-
Most LLMs don’t pass the security sniff test
Advice to CSOs: Lee said that CSOs should consider the following before approving any LLM:Training data: figure out where the model got its info. Random web grabs expose your secrets;Prompt history: if your questions stick around on their servers, they’ll turn up in the next breach bulletin;Credentials: stolen API keys and weak passwords keep attackers…
-
New PumaBot Hijacks IoT Devices via SSH Brute-Force for Persistent Access
Tags: access, botnet, cyber, cybersecurity, data-breach, exploit, Internet, iot, malicious, malware, software, threat, vulnerabilityA sophisticated new malware, dubbed PumaBot, has emerged as a significant threat to Internet of Things (IoT) devices worldwide. Cybersecurity researchers have identified this malicious software as a highly advanced botnet that exploits weak security configurations in IoT ecosystems, particularly targeting devices with exposed SSH (Secure Shell) ports. Emerging Threat Targets Vulnerable IoT Ecosystems By…
-
Data broker LexisNexis discloses data breach affecting 364,000 people
Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-broker-lexisnexis-discloses-data-breach-affecting-364-000-people/
-
Risk assessment vital when choosing an AI model, say experts
Advice to CSOs: Lee said that CSOs should consider the following before approving any LLM:Training data: figure out where the model got its info. Random web grabs expose your secrets;Prompt history: if your questions stick around on their servers, they’ll turn up in the next breach bulletin;Credentials: stolen API keys and weak passwords keep attackers…
-
New Cyber Threat: UTG015 Exploits 0-Days for Espionage in Asia
In a threat intelligence report, the Qi’anxin Threat Intelligence Center has exposed a series of highly targeted attacks First seen on securityonline.info Jump to article: securityonline.info/new-cyber-threat-utg-q-015-exploits-0-days-for-espionage-in-asia/
-
A Peek Behind the Claude Curtain
Researcher Analyzes System Prompts to Show How New Claude Models Work. System-level instructions guiding Anthropic’s new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models. First…
-
Revenue Cycle Management Firm’s Data Breach Total Soars
ALN Medical Management Now Says 1.82 Million Affected in 2024 Hacking Incident. The number of people affected by a March 2024 hack on a healthcare revenue cycle management and billing services provider has soared in recent weeks to more than 1.82 million, as the company continues to file updated breach reports to state and federal…
-
Ivanti Vulnerability Exploit Could Expose UK NHS Data
Two NHS England trusts could see highly sensitive patient records exposed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ivanti-vulnerability-exploit-could/
-
Adidas Data Breach Highlights Third-Party Risks: Why AI-Based Cybersecurity Solutions Are Essential
On May 23, Adidas disclosed a data breach resulting from a cyberattack on a third-party customer service provider, exposing sensitive customer information in multiple regions, including the U.S. and Europe. While Adidas did not name the vendor involved, the company emphasized that the breach impacted “a few million individuals,” and included data such as contact…
-
Estonia issues arrest warrant for Moroccan wanted for major pharmacy data breach
Estonia said a man is suspected of unlawfully accessing a customer card database managed by Allium UPI, the parent company of the Apotheka pharmacy chain, in February 2024. First seen on therecord.media Jump to article: therecord.media/estonia-arrest-warrant-pharmacy-data-breach
-
Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
The data collector said the stolen data includes Social Security numbers. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/28/data-broker-giant-lexisnexis-says-breach-exposed-personal-information-of-over-364000-people/