Tag: data-breach
-
Datenleck bei Pearson: Cyberangriff trifft großen Medienkonzern
Die Angreifer haben wohl auf von Pearson genutzte Clouddienste zugegriffen und allerhand Daten ausgeleitet. Millionen von Menschen sollen betroffen sein. First seen on golem.de Jump to article: www.golem.de/news/daten-abgeflossen-cyberangriff-trifft-medienkonzern-pearson-2505-196050.html
-
FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials
PIVOTcon, joint research by Validin and SentinelLABS has exposed FreeDrain, an industrial-scale cryptocurrency phishing operation that has been stealthily siphoning digital assets for years. This sophisticated campaign leverages search engine optimization (SEO) manipulation, free-tier web services, and intricate redirection techniques to target unsuspecting users of cryptocurrency wallets such as Trezor, MetaMask, and Ledger. Sophisticated Cryptocurrency…
-
LockBit ransomware gang breached, secrets exposed
Oh dear, what a shame, never mind. First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/lockbit-ransomware-gang-breached-secrets-exposed
-
LockBit hacked: What does the leaked data show?
The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/09/lockbit-hacked-data-leaked/
-
Zugangsdaten: Passwörter von Doge-Mitarbeiter per Malware erbeutet
Eine private Mail-Adresse eines Doge-Mitarbeiters soll in 51 bekannten Datenlecks enthalten sein. Zudem sind seine Zugangsdaten in mehreren Stealer-Logs aufgetaucht. First seen on golem.de Jump to article: www.golem.de/news/zugangsdaten-infostealer-malware-erbeutet-passwoerter-von-doge-mitarbeiter-2505-196043.html
-
Azure Storage Utility Vulnerability Allows Privilege Escalation to Root Access
A critical vulnerability discovered by Varonis Threat Labs has exposed users of Microsoft Azure’s AI and High-Performance Computing (HPC) workloads to a potential privilege escalation attack. The flaw, found in a utility pre-installed on select Azure Linux virtual machines, made it possible for an unprivileged local user to gain root access-a severe breach of the…
-
A timeline of South Korean telco giant SKT’s data breach
In April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users…
-
LockBit Ransomware Hacked: Database and Victim Chats Leaked
LockBit ransomware website hacked! Sensitive data leaked, including Bitcoin keys. Learn about the breach and how to secure your organization. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/lockbit-ransomware-hacked-database-and-victim-chats-leaked/
-
Data breach exposes LockBit ransomware gang
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-exposes-lockbit-ransomware-gang
-
DOGE software engineer’s computer infected by info-stealing malware
The presence of credentials in leaked “stealer logs” indicates his device was infected. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
-
The LockBit ransomware site was breached, database dump was leaked online
Lockbit ransomware group has been compromised, attackers stole and leaked data contained in the backend infrastructure of their dark web site. Hackers compromised the dark web leak site of the LockBit ransomware gang and defaced it, posting a message and a link to the dump of the MySQL database of its backend affiliate panel. >>Don’t…
-
LockBit’s Dark Web Domains Hacked, Internal Data and Wallets Leaked
LockBit’s dark web domains were hacked, exposing internal data, affiliate tools, and over 60,000 Bitcoin wallets in a… First seen on hackread.com Jump to article: hackread.com/lockbits-dark-web-domains-hacked/
-
Silence is Golden for Breach Prevention, Not Reporting
Not Just Ransomware But Verbal Disclosure of Personal Data Common, Watchdog Finds Two decades after California Senate Bill 1386 introduced the world to data breach notifications, organizations have collectively battened down their cybersecurity hatches and fixed the problem once and for all. Of course, I’m joking, with the results of recent data breach root cause…
-
IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers
A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and macOS systems to local privilege escalation attacks, enabling non-privileged users to gain root or SYSTEM-level access. Designated as CVE-2025-26168 and CVE-2025-26169, these flaws affect versions 1.4.3 and earlier of the software, posing severe risks to industrial, enterprise, and managed service…
-
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years.The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.”FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io First seen on thehackernews.com Jump to article:…
-
From Managing Vulnerabilities to Managing Exposure: The Critical Shift You Can’t Ignore
Tags: ai, attack, best-practice, breach, business, cloud, computing, control, cyber, cybersecurity, data, data-breach, endpoint, identity, infrastructure, intelligence, Internet, office, risk, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-managementVulnerability management remains core to reducing cyber risk, but as the attack surface grows, teams need a risk-driven strategy that looks beyond vulnerabilities to see the bigger picture. Discover how exposure management unifies data and prioritizes real exposures, keeping teams proactive and ahead of cyber threats. The limits of siloed security Over the years, the…
-
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users
Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in X/Twitter’s advertising display URL feature to deceive users. This attack manipulates the platform’s URL display mechanism to present a legitimate-looking link, such as “From CNN[.]com,” while redirecting unsuspecting victims to a malicious cryptocurrency scam site impersonating Apple’s brand. This campaign,…
-
Iranian Hackers Posing as Model Agency to Target Victims
Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered Registered on February 18, 2025, and hosted at IP address 64.72.205[.]32 since March 1, 2025,…
-
LockBit Ransomware Hacked, Insider Secrets Exposed
The data dump will likely shed light on LockBit’s recent activity and help law enforcement trace cryptocurrency transactions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lockbit-ransomware-hacked-insider/
-
ExternalSurface-Management mit Modulen für Social-Media und Datenlecks
Outpost24 hat seine External Attack Surface Management-Plattform um zwei wichtige Produktkomponenten im Bereich Digital Risk Protection (DRP) erweitert: die Module Social Media und Data Leakage. Mit diesen neuen DRP-Komponenten erhalten Unternehmen erweiterte Möglichkeiten, um digitale Bedrohungen frühzeitig zu erkennen, gezielt zu analysieren und wirksam zu beseitigen. Digitale Risiken entstehen heute nicht nur auf bekannten Kanälen…
-
India-Pakistan conflict underscores your C-suite’s need to prepare for war
Tags: business, ciso, communications, conference, cyber, cyberattack, data-breach, disinformation, government, india, infrastructure, military, network, russia, service, supply-chain, ukraine, update, usa, vulnerabilityHow the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in…
-
LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion rings, has itself become the victim of a major cyberattack. On May 7, attackers breached and defaced the group’s dark web sites, leaking a trove of operational data and internal chats in a stunning turn of events that sent shockwaves…
-
LockBit ransomware gang hacked, victim negotiations exposed
The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/
-
xAI Secret Leak: The Story of a Disclosure
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/xai-secret-leak-the-story-of-a-disclosure/
-
ClickFunnels Investigates Breach After Hackers Leak Business Data
ClickFunnels is investigating a data breach after hackers leaked detailed business data, including emails, phone numbers, and company… First seen on hackread.com Jump to article: hackread.com/clickfunnels-investigate-breach-hackers-leak-business-data/
-
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/07/altsrus-digital-welfare-fraud/
-
Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years
Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal. First seen on wired.com Jump to article: www.wired.com/story/tulsi-gabbard-dni-weak-password/
-
Texas School District Notifies Over 47,000 People of Major Data Breach
The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/texas-school-47000-people-data/
-
Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches
It wasn’t ransomware headlines or zero-day exploits that stood out most in this year’s Verizon 2025 Data Breach Investigations Report (DBIR), it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse.According to the 2025 DBIR, third-party involvement in breaches…