Tag: data-breach
-
Mutmaßliches InfoStealer-Datenleck legt 184 Millionen Login-Daten offen
Sicherheitsforscher Jeremiah Fowler ist im Internet auf eine frei zugängliche und ungeschützte Datenbank gestoßen. Der Fund hatte es in sich, denn dein Blick auf die Datensäte legt den Verdacht nahe, dass es sich mutmaßlich um Daten handelt, die von einer … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/24/mutmassliches-infostealer-datenleck-legt-184-million-login-daten-offen/
-
Ransomware scum leaked Nova Scotia Power customers’ info
Bank accounts, personal details all hoovered up in the attack First seen on theregister.com Jump to article: www.theregister.com/2025/05/23/novia_scotia_power_customers_info_leaked/
-
Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets
Tags: attack, cve, cyber, data-breach, dns, exploit, identity, infrastructure, vulnerability, zero-trustA new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity (NHI) secrets, and ultimately bypass zero-trust security frameworks. This research, conducted in a controlled lab environment, highlights a sophisticated attack chain targeting BIND DNS servers using a known vulnerability, CVE-2025-40775, rated as High severity with…
-
Hacker bietet 1,2 Milliarden Facebook-Nutzerdaten im Darknet ist es ein Fake?
Gab es ein neues Datenleck bei Meta-Tochter Facebook? Ein Hacker behauptet 1,2 Milliarden Facebook-Nutzerdaten über eine API abgezogen zu haben und bietet diese im Darknet zum Kauf an. Es gibt aber Zweifel, ob diese Daten neu sind. Meta meint dazu, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/23/hacker-bietet-12-milliarden-facebook-nutzerdaten-im-darknet-ist-es-ein-fake/
-
Hackers Expose 184 Million User Passwords via Open Directory
A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique logins and passwords”, totaling 47.42 GB of raw credential data. The exposed records included sensitive information such as emails, usernames, passwords, and direct URLs to login pages for a wide variety of services. These ranged…
-
Researchers Uncover Infrastructure and TTPs Behind ALCATRAZ Malware
Elastic Security Labs has recently exposed a sophisticated new malware family dubbed DOUBLELOADER, observed in conjunction with the RHADAMANTHYS infostealer. This discovery sheds light on the evolving tactics, techniques, and procedures (TTPs) of cybercriminals who leverage advanced obfuscation tools to hinder analysis. Notably, DOUBLELOADER is protected by ALCATRAZ, an open-source obfuscator first released in 2023,…
-
Volksversand: Große Versandapotheke informiert Kunden über Datenleck
Wer schon einmal bei der Versandapotheke Volksversand bestellt hat, sollte sich vor Phishing-Mails in Acht nehmen. Es sind wohl Daten abgeflossen. First seen on golem.de Jump to article: www.golem.de/news/volksversand-grosse-versandapotheke-informiert-kunden-ueber-datenleck-2505-196520.html
-
Zahlreiche Dienste betroffen: Datenbank mit 184 Millionen Zugangsdaten entdeckt
Das Datenleck umfasst Passwörter für Nutzerkonten bei Microsoft, Google, Facebook, Amazon, Apple, Nintendo, Paypal und vielen weiteren. First seen on golem.de Jump to article: www.golem.de/news/zahlreiche-dienste-betroffen-datenbank-mit-184-millionen-zugangsdaten-entdeckt-2505-196511.html
-
Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate
A massive data leak from the LockBit ransomware group, published on its hijacked leak site, has provided an unprecedented glimpse into the inner workings of one of the most notorious Ransomware-as-a-Service (RaaS) operations. The leaked data, spanning from December 19, 2024, to April 29, 2025, primarily pertains to the group’s “LockBit Lite” panel a lower-tier…
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Bribery-Led Coinbase Hack Affects 70,000 Crypto Customers
Hacker Demanded $20M Ransom to Delete Stolen Personal, Financial Information. A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company’s overseas customer support agents. First seen on govinfosecurity.com Jump to…
-
Datenschutzvorfall bei Apotheke Volksversand.de
Der Betreiber einer Online-Versandapotheke volksversand.de hat seine Kundschaft über einen Datenschutzvorfall informiert. Es sind wohl unbekannte Angreifer in das IT-System des Unternehmens eingestiegen und konnten auf Daten von Kunden zugreifen. Ein betroffener Kunde hat mich per Mail benachrichtigt. Bei der … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/23/datenschutzvorfall-bei-apotheke-volksversand-de/
-
Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims
Coca-Cola and its bottling partner CCEP targeted in separate cyber incidents, with the Everest ransomware gang and the Gehenna hacking group claiming data breaches involving sensitive employee and CRM data. First seen on hackread.com Jump to article: hackread.com/coca-cola-bottling-partner-ransomware-data-breach/
-
Following Data Breach, Multiple Stalkerware Apps Go Offline
The same easily exploitable vulnerability was found in three of the apps that led to the compromise of victims’ data. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/following-data-breach-stalkerware-apps-offline
-
How Identity Plays a Part in 5 Stages of a Cyber Attack
Tags: access, attack, authentication, breach, cloud, computer, container, control, credentials, cyber, data, data-breach, detection, endpoint, exploit, group, iam, identity, intelligence, malicious, malware, mfa, microsoft, monitoring, password, powershell, ransomware, risk, technology, threat, tool, vulnerabilityWhile credential abuse is a primary initial access vector, identity compromise plays a key role in most stages of a cyber attack. Here’s what you need to know, and how Tenable can help. Identity compromise plays a pivotal role in how attackers move laterally through an organization. Credential abuse is the top initial access vector,…
-
Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff
The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate Chinese intelligence operation, dubbed the ‘Smiao Network,’ targeting federal workers in both the United States and Taiwan. This network, linked to the Chinese technology company Smiao Intelligence, employs deceptive online recruitment schemes to extract sensitive information from high-value professionals. Initially…
-
Security Threats of Open Source AI Exposed by DeepSeek
DeepSeek’s risks must be carefully considered, and ultimately mitigated, in order to enjoy the many benefits of generative AI in a manner that is safe and secure for all organizations and users. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/security-threats-open-source-ai-deepseek
-
19-Year-Old Admits to PowerSchool Data Breach Extortion
A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60… First seen on hackread.com Jump to article: hackread.com/19-year-old-admits-powerschool-data-breach-extortion/
-
Scottish council admits ransomware crooks stole school data
Parents and teachers have personal info, ID documents leaked online, but exam season mostly unaffected First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/west_lothian_school_ransomware/
-
AI Governance So gestalten Sie die KI-Revolution sicher
Unternehmen müssen ein Governance-, Risiko- und Compliance-Rahmenwerk (GRC) speziell für KI einführen, wenn sie nicht den Risiken Künstlicher Intelligenz zum Opfer fallen wollen.Der Einsatz von Künstlicher Intelligenz (KI) in Unternehmen birgt vielfältige Risiken in den Bereichen Cybersicherheit, Datenschutz, Voreingenommenheit, Ethik und Compliance.Nur 24 Prozent der IT- und Business-Entscheidungsträger, hat allerdings bereits umfassende KI-GRC-Richtlinien implementiert, um…
-
Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks
In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society’s most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account – and how a parental control accidentally saved the day. First seen on…
-
China-linked operative exposed at U.S. university
First seen on scworld.com Jump to article: www.scworld.com/brief/china-linked-operative-exposed-at-u-s-university
-
Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand
In documents filed with regulators in Maine on Tuesday, Coinbase said the information leaked included details like photos of passports and government IDs, as well as account information such as balances and transaction history. First seen on therecord.media Jump to article: therecord.media/nearly-70000-impacted-coinbase-breach
-
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malwareA novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
-
New Scan Uncovers 150K Industrial Systems Worldwide Vulnerable to Cyberattacks
A groundbreaking study leveraging advanced application-layer scanning has exposed approximately 150,000 industrial control systems (ICS) worldwide that are directly accessible on the public internet, posing severe risks of catastrophic cyberattacks. Conducted over a year from January 2024 to January 2025, this research utilizing comprehensive IPv4 scanning data from Censys targets 17 widely used ICS protocols,…
-
US student agrees to plead guilty to hack affecting tens of millions of students
Prosecutors say the hacker stole information on 60 million students, an incident that matches the data breach at PowerSchool. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/21/us-student-agrees-to-plead-guilty-to-hack-affecting-tens-of-millions-of-students/
-
Coinbase data breach impacted 69,461 individuals
Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals. Coinbase disclosed that a data breach impacted 69,461 individuals after overseas support staff improperly accessed customer and corporate data. Coinbase recently revealed that rogue contractors stole data on under 1% of users and demanded $20M; the data breach was initially…
-
VanHelsing Ransomware Builder Exposed on Hacker Forums
The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security breach with its source code being leaked publicly. According to security researchers, this leak occurred after an internal dispute with a former developer who attempted to monetize the code before it was released freely by the ransomware operators. The leaked materials…