Tag: data-breach
-
India-Pakistan conflict underscores your C-suite’s need to prepare for war
Tags: business, ciso, communications, conference, cyber, cyberattack, data-breach, disinformation, government, india, infrastructure, military, network, russia, service, supply-chain, ukraine, update, usa, vulnerabilityHow the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in…
-
LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack. On May 7, attackers breached and defaced the group’s dark web sites, leaking a trove of operational data and internal chats in a stunning turn of events that sent shockwaves…
-
LockBit ransomware gang hacked, victim negotiations exposed
The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/
-
xAI Secret Leak: The Story of a Disclosure
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/xai-secret-leak-the-story-of-a-disclosure/
-
ClickFunnels Investigates Breach After Hackers Leak Business Data
ClickFunnels is investigating a data breach after hackers leaked detailed business data, including emails, phone numbers, and company… First seen on hackread.com Jump to article: hackread.com/clickfunnels-investigate-breach-hackers-leak-business-data/
-
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/07/altsrus-digital-welfare-fraud/
-
Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years
Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal. First seen on wired.com Jump to article: www.wired.com/story/tulsi-gabbard-dni-weak-password/
-
Texas School District Notifies Over 47,000 People of Major Data Breach
The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/texas-school-47000-people-data/
-
Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches
It wasn’t ransomware headlines or zero-day exploits that stood out most in this year’s Verizon 2025 Data Breach Investigations Report (DBIR), it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse.According to the 2025 DBIR, third-party involvement in breaches…
-
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.”While these ‘plug-and-play’ options greatly simplify the setup process, they often prioritize ease of use over security,” Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team First…
-
Samsung Datenleck und Galaxy-Smartphones können Passwörter leaken
Ich fasse mal zwei Themen rund um Samsung und deren Smartphones zusammen. Es muss wohl ein größeres Datenleck bei Samsung durch einen Angriff bei einem Dienstleister gegeben haben, von dem deutsche Kunden betroffen sind. Und Samsung hat eingestanden, dass Galaxy … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/06/samsung-datenleck-und-galaxy-smartphones-koennen-passwoerter-leaken/
-
Signal App Used by Trump Associate Targeted in Security Breach
A major security scare has erupted in Washington after reports emerged that a Trump associate was using an unofficial version of the secure messaging platform Signal-an application that was subsequently targeted in a data breach, according to a Sunday report from tech outlet 404 Media. According to the Reuters report, the report centers on former…
-
Data breach hits online ticket resale platform
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-hits-online-ticket-resale-platform
-
Kelly Benefits December data breach impacted over 400,000 individuals
Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed. Benefits and payroll solutions firm Kelly & Associates Insurance Group, aka Kelly Benefits, announced that the impact of a recently disclosed data breach is much bigger than initially estimated. The U.S.-based company provides benefits, payroll, and…
-
California Man Will Plead Guilty to Last Year’s Disney Hack
A 25-year-old California man will plead guilty to hacking into a Disney’s personal computer and using stolen credentials to break into thousands of Disney Slack channels. Ryan Mitchell Kramer, who claimed to be a member of the Russian group NullBulge, then leaked the data when the victim didn’t respond to his emails. First seen on…
-
Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks
A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered, this flaw, tracked as CVE-2025-46762, in the parquet-avro module and publicly disclosed it on May 2. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-parquet-java-flaw-cve-2025-46762/
-
Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims
A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveragingfake helpdesk-themed domainsto impersonate legitimate businesses and steal sensitive data. This campaign, first detected in March 2025, primarily targets law firms and corporate entities. How…
-
Banking Customer Data Exposed Following Ransomware Attack on Vendor
First seen on scworld.com Jump to article: www.scworld.com/native/banking-customer-data-exposed-following-ransomware-attack-on-vendor
-
Thousands of LabHost PhaaS domains exposed by FBI
Tags: data-breachFirst seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-labhost-phaas-domains-exposed-by-fbi
-
Dating app Raw exposed users’ location data and personal information
The app claims it uses end-to-end encryption, but spilled its users’ dating preferences and granular location data to the open web. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information/
-
Erkenntnisse aus dem Verizon Data Breach Investigation Report (DBIR) 2025
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/verizon-data-breach-investigation-report-2025-erkenntnisse
-
VerizonBreach-Investigation-Report Schwachstellen sind der häufigste Einstiegspunkt für Sicherheitsverletzungen
Der aktuelle Verizon-Data-Breach-Investigation-Report, DBIR 2025, veröffentlicht am 2. Mai 2025 in München, liefert einen umfassenden Überblick über die sich wandelnde Bedrohungslandschaft in der Cybersicherheit. Der Bericht wurde durch die Expertise zahlreicher Partner insbesondere Qualys unterstützt, die entscheidend dazu beitrugen, kritische Muster und Schwachstellen aufzudecken und Unternehmen das nötige Wissen zur Abwehr aktueller und […] First…
-
Patients left in the dark months after cybercriminals leak testing lab data
It’s been almost a year since the Qilin cybercrime group breached sensitive data from U.K. pathology services company Synnovis, and its patient information page is still short on details about what was exposed and how many people were affected. First seen on therecord.media Jump to article: therecord.media/synnovis-health-data-breach-investigation-onging
-
People know password reuse is risky but keep doing it anyway
35% of Gen Z said they never or rarely update passwords after a data breach affecting one of their accounts, according to Bitwarden. Only 10% reported always updating … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/02/passwords-update-security-risks/
-
More than 100,000 impacted by December data breach at Ascension Health
Ascension Health revealed another security incident this week, warning more than 100,000 people in multiple states that their information was likely accessed by hackers late last year. First seen on therecord.media Jump to article: therecord.media/ascension-health-data-breach-impacts-over-100000
-
Breach Roundup: Surge in Edge Device Zero-Day Exploits
Also, Baltimore Public Schools Suffer Data Breach, Disney Menu Hacker Sentenced. This week, zero-day exploits surged, accused Nefilim hacker extradited, Baltimore schools breach, CISA lists Broadcom Brocade, Commvault flaws, a fake WooCommerce patch, Akira hit Hitachi Vantara, ex-Disney worker sentenced and a Darcula phishing kit upgrade. FBI published 42,000 phishing domains. First seen on govinfosecurity.com…