Tag: data-breach
-
Nova Scotia Power confirms hackers stole customer data in cyberattack
Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nova-scotia-power-confirms-hackers-stole-customer-data-in-cyberattack/
-
Dior Confirms Data Breach Affecting Customer Information
Dior confirmed a data breach compromising customer personal information, discovered on May 7 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dior-confirms-data-breach/
-
Coinbase data breach exposes customer info and government IDs
Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-discloses-breach-faces-up-to-400-million-in-losses/
-
Coinbase says customers’ personal information stolen in data breach
The crypto exchange giant said the hacker bribed contractors and employees in support roles to steal data. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/15/coinbase-says-customers-personal-information-stolen-in-data-breach/
-
Data on sale: Trump administration withdraws data broker oversight proposal
Tags: breach, compliance, data, data-breach, exploit, finance, framework, group, identity, infrastructure, law, military, privacy, regulation, theft, vulnerabilityPrivacy concerns escalate : Without these protections, data brokers can continue collecting and selling Americans’ sensitive personal information with minimal oversight. This data often includes Social Security numbers, financial records, location histories, and purchase patterns, leaving consumers vulnerable to identity theft and fraud. “Demographic groups already underserved by mainstream financial services”, low-income earners, elderly individuals, and racial…
-
Australian Human Rights Commission leaks docs to search engines
The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/australian-human-rights-commission-leaks-docs-to-search-engines/
-
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
Tags: blockchain, china, crime, crypto, data, data-breach, korea, marketplace, north-korea, scam, technologyA Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee.According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering…
-
How One Leaked Credential Can Expose a Threat Actor
The Power of One: From Leaked Credential to Campaign Attribution Attribution has always been the elusive prize in threat intelligence. The question every CISO wants answered after an attack: “Who did this?” Historically, attribution required heavy resources, deep visibility, and sometimes even luck. But in today’s world of digital risk intelligence, one leaked credential can……
-
Retail in the Crosshairs: The MS Data Breach and the Rising Cost of Customer Trust
Retail giant Marks & Spencer (M&S) has confirmed that customer information was compromised in a recent cyberattack involving one of its third-party service providers. According to Reuters, the breach did not impact M&S’s internal systems but still resulted in the exposure of sensitive customer data. The incident is the latest in a series of supply…
-
Fashion giant Dior discloses cyberattack, warns of data breach
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fashion-giant-dior-discloses-cyberattack-warns-of-data-breach/
-
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
Tags: access, attack, breach, cloud, cyberattack, data, data-breach, exploit, infrastructure, training, vulnerabilityOrganizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%. As attacks rise First seen on thehackernews.com Jump to…
-
North Korean IT Workers Are Being Exposed on a Massive Scale
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies”, along with photos of men allegedly involved in the schemes. First seen on wired.com Jump to article: www.wired.com/story/north-korean-it-worker-scams-exposed/
-
The Trojan Sysadmin: How I Got an AI to Build a Wolf in Sheep’s Clothing
Exploring whether an AI language model (Grok 3, built by xAI) could be induced to create a tool with potential illegal applications, despite its ethical guidelines, and how contradictions in its responses could be exposed through contextual shifts. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-trojan-sysadmin-how-i-got-an-ai-to-build-a-wolf-in-sheeps-clothing/
-
Baden-Württemberg: Persönliche Daten von Grundstückseigentümern geleakt
Tags: data-breachEine Landesbehörde von Baden-Württemberg untersucht ein Datenleck in einem Open-Geodata-Portal. Eigentümerdaten waren frei abrufbar. First seen on golem.de Jump to article: www.golem.de/news/baden-wuerttemberg-persoenliche-daten-von-grundstueckseigentuemern-geleakt-2505-196181.html
-
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
Interlock Ransomware ‘s attack on a defense contractor exposed global defense supply chain details, risking operations of top contractors and their clients. Resecurity envisions the cascading effects on the defense supply chain due to ransomware activity. In the recent incident, by attacking a defense contractor, Interlock Ransomware uncovered details about the supply chains and operations…
-
M&S forces customer password resets after data breach
M&S is instructing all its customers to change their account passwords after a significant amount of data was stolen in a DragonForce ransomware attack. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623565/MS-forces-customer-password-resets-after-data-breach
-
Marks and Spencer confirms data breach after April cyber attack
Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack that hit the company in April. In April, Marks and Spencer Group plc (M&S) announced it had been managing a cyber incident in recent days with the help of external cyber security experts. Customers report outages affecting card payments, gift…
-
PrepHero-Linked Database Exposed Data of 3M Students and Coaches
A security lapse on PrepHero, a college recruiting platform, exposed millions of unencrypted records, including sensitive personal details… First seen on hackread.com Jump to article: hackread.com/prephero-database-exposed-students-coaches-data/
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
PowerSchool data breach leads to school extortion attempts
A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/powerschool-data-breach-school-extortion-attempts/747801/
-
Marks Spencer Confirms Customer Data Breach in Recent Cyber Attack
British retail giant Marks & Spencer has officially confirmed that customer personal data was compromised during a cyber attack that began three weeks ago. The retailer revealed that the breach affects potentially millions of customers whose information has been stolen, though payment card details remain secure. The company is still struggling to restore its online…
-
Repeated Firmware Key-Management Failures Undermine Intel Boot Guard and UEFI Secure Boot
The security of fundamental technologies like Intel Boot Guard and UEFI Secure Boot has been seriously questioned due to persistent cryptographic key management issues within the UEFI firmware ecosystem, which have been exposed in a number of concerning exposes. These mechanisms, designed to ensure platform integrity by verifying firmware and bootloader signatures, are being critically…
-
The Persistence Problem: Why Exposed Credentials Remain Unfixed”, and How to Change That
Detecting leaked credentials is only half the battle. The real challenge”, and often the neglected half of the equation”, is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection,…
-
Unbefugter Zugriff bei einer County-Verwaltung in Texas, USA
Data Breach Notification First seen on maine.gov Jump to article: www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/64475513-559c-44f5-a943-058230794136.html
-
Cyber-Zwischenfall bei einer Stadtverwaltung in New York, USA
Data Breach Notification First seen on maine.gov Jump to article: www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/4a685670-536d-4c8d-a8d5-06408fac3385.html
-
Cyberangriff auf eine Rechtsanwaltskammer in Pennsylvania, USA
Data Breach Notification First seen on maine.gov Jump to article: www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/067aadcc-da34-4008-b989-5424e745174e.html
-
Security Affairs newsletter Round 523 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ascension reveals personal data of 437,329 patients exposed in cyberattack Operation Moonlander dismantled the botnet behind Anyproxy and…