Tag: data-breach

Lemonade says applicant driver’s license numbers exposed

Apr 18, 2025 5:28 PM

Tags: data-breach, insurance

The company is notifying about 190,000 people after certain information used for car insurance quotes was left unencrypted. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/lemonade-drivers-license-exposed/745762/
U.S DOGE Allegedly Breached Whistleblower Leaked Most Sensitive Documents

Apr 18, 2025 5:28 PM

Tags: breach, cyber, cybersecurity, data, data-breach, government, login, russia, unauthorized

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a major cybersecurity breach at the National Labor Relations Board (NLRB), involving unauthorized data extraction, disabled security protocols, and attempted logins from a Russian IP address. The whistleblower, a senior DevSecOps architect at the NLRB, has submitted a detailed affidavit to Congress…
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools

Apr 18, 2025 2:28 PM

Tags: cyber, cybersecurity, data-breach, exploit, firewall, fortinet, group, leak, malware, tactics, threat, tool, vpn

Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked to the KeyPlug malware, associated with the threat group RedGolf, also known as APT41. The server, which was inadvertently exposed for less than 24 hours, provided an unprecedented glimpse into the sophisticated tactics, techniques, and procedures (TTPs) employed by this advanced…
Bubble.io 0-Day Flaw Lets Attackers Run Arbitrary Queries on Elasticsearch

Apr 18, 2025 12:28 PM

Tags: control, cyber, data, data-breach, flaw, vulnerability, zero-day

A vulnerability in Bubble.io, a leading no-code development platform, has exposed thousands of applications to data breaches. The flaw allows attackers to bypass security controls and execute arbitrary queries on Elasticsearch databases, potentially compromising sensitive user information. Security researchers reverse-engineered Bubble.io’s JavaScript code and HTTP headers to uncover flaws in how the platform encrypts and…
Entertainment venue management firm Legends International disclosed a data breach

Apr 18, 2025 10:28 AM

Tags: breach, data, data-breach, international, service

Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions. The company offers a 360-degree service platform that includes strategic planning, sales, partnerships, hospitality, merchandise,…
Canada Warns Cyberdefenders to Buttress Edge Devices

Apr 17, 2025 11:28 PM

Tags: attack, china, cyber, cybersecurity, data-breach, group, hacker, malicious, risk

Canadian Cyber Agency Warns of Rising Chinese Cyberthreats.. The Canadian Center for Cybersecurity on Tuesday said it has observed increasing levels of malicious cyberactivity from China-linked hackers, including the group tracked Salt Typhoon. Exposed edge devices are at risk of attacks can be detected through mass scanning. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/canada-warns-cyberdefenders-to-buttress-edge-devices-a-28033
Entertainment services giant Legends International discloses data breach

Apr 17, 2025 11:28 PM

Tags: breach, data, data-breach, international, service

Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/entertainment-services-giant-legends-international-discloses-data-breach/
Extensive Oregon agency data breach admitted by Rhysida ransomware gang

Apr 17, 2025 10:28 PM

Tags: breach, data, data-breach, ransomware

First seen on scworld.com Jump to article: www.scworld.com/brief/extensive-oregon-agency-data-breach-admitted-by-rhysida-ransomware-gang
Over 900K pilfered credit card records leaked by BidenCash

Apr 17, 2025 10:28 PM

Tags: credit-card, data-breach

First seen on scworld.com Jump to article: www.scworld.com/brief/over-900k-pilfered-credit-card-records-leaked-by-bidencash
Airport retailer agrees to $6.9 million settlement over ransomware data breach

Apr 17, 2025 8:29 PM

Tags: breach, cybercrime, data, data-breach, ransomware

According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops. First seen on therecord.media Jump to article: therecord.media/airport-retailer-agrees-to-settlement-ransomware-data-breach
Your Network Is Showing Time to Go Stealth

Apr 17, 2025 6:28 PM

Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day
CISA warns companies to secure credentials amid claims of Oracle Cloud data breach

Apr 17, 2025 4:28 PM

Tags: breach, cisa, cloud, credentials, data, data-breach, oracle

The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-secure-credentials-oracle-cloud-data/745613/
The FTC Is Watching: GoDaddy’s Settlement Sends a Clear Message on API Security

Apr 17, 2025 3:28 PM

Tags: access, api, attack, authentication, breach, business, communications, compliance, control, credentials, data, data-breach, detection, encryption, exploit, finance, framework, fraud, governance, government, incident response, law, mfa, monitoring, password, privacy, risk, service, theft, threat, tool, unauthorized, vulnerability, vulnerability-management

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission’s (FTC) recent settlement with GoDaddy. This settlement serves as a stark reminder that strong API security is no…
Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems

Apr 17, 2025 3:28 PM

Tags: ai, attack, cyber, data, data-breach, exploit, flaw, ransomware, risk, theft, tool, unauthorized, vulnerability

A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed organizations to risks of data theft, ransomware, and unauthorized access. Security researchers demonstrated two proof-of-concept (PoC) attacks exploiting the flaw, raising alarms about emerging GenAI security challenges. What is MCP?…
CISOs no closer to containing shadow AI’s skyrocketing data risks

Apr 17, 2025 10:28 AM

Tags: access, ai, authentication, awareness, best-practice, breach, business, ceo, chatgpt, ciso, compliance, computer, control, cybersecurity, data, data-breach, detection, finance, framework, github, google, governance, group, jobs, law, leak, LLM, mitigation, monitoring, privacy, RedTeam, regulation, risk, risk-management, service, software, technology, theft, tool, training, unauthorized, vulnerability

While most organizations (90%) offer sanctioned generative AI apps and even more (98%) offer their users apps that incorporate gen AI features, unauthorized use of AI services is skyrocketing in business, according to a study by Netskope.Most gen AI use in the enterprise (72%) is shadow IT, driven by individuals using personal accounts to access…
Hacker Leaks 33,000 Employee Records in Third-Party API Breach

Apr 17, 2025 9:28 AM

Tags: api, breach, cyber, cybersecurity, data-breach, endpoint, hacker, leak, service, technology

A hacker has exposed the personal records of over 33,000 employees after discovering unrestricted endpoints belonging to a major technology service provider. The breach, first reported by cybersecurity platform CloudSEK’s BeVigil, highlights alarming gaps in API security that could have far-reaching consequences for both the affected organization and its clients. CloudSEK’s BeVigil, a platform specializing…
Anonymous Releases 10TB of Leaked Data Targeting Russia

Apr 17, 2025 5:28 AM

Tags: cyberattack, data, data-breach, russia

Recently, the hacktivist collective Anonymous has claimed responsibility for a sweeping cyberattack against Russia, releasing a staggering 10 First seen on securityonline.info Jump to article: securityonline.info/anonymous-releases-10tb-of-leaked-data-targeting-russia/
Over 16,000 Fortinet devices compromised with symlink backdoor

Apr 16, 2025 11:28 PM

Tags: access, backdoor, data-breach, fortinet, Internet

Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
UK Fines Law Firm 60,000 Pounds for Ransomware Data Breach

Apr 16, 2025 8:28 PM

Tags: breach, data, data-breach, GDPR, law, leak, office, ransomware

Firm Failed to Close Outdated User Account, Waited 43 Days to Notify Regulators. The U.K. Information Commissioner’s Office imposed a fine of 60,000 pounds against Liverpool-based law firm DDP Law for GDPR violations relating to a 2022 ransomware hack and data leak that exposed sensitive information including the details of its clients’ cases. First seen…
More than 100,000 had information stolen from Hertz through Cleo file share tool

Apr 16, 2025 7:28 PM

Tags: breach, data, data-breach, tool

Car rental giant Hertz has been notifying state regulators of a data breach that occurred through third-party file sharing software. Tens of thousands of people are affected, but the company hasn’t specified a total number. First seen on therecord.media Jump to article: therecord.media/hertz-data-breach-notifications-cleo-vulnerability
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack

Apr 16, 2025 5:28 PM

Tags: attack, breach, communications, data, data-breach, software, zero-day

Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hertz-data-breach-exposes-customer/
Hertz Confirms Data Breach After Hackers Stole Customer PII

Apr 16, 2025 3:28 PM

Tags: breach, data, data-breach, group, hacker, ransomware, software

Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s… First seen on hackread.com Jump to article: hackread.com/hertz-confirms-data-breach-hackers-stole-customer-pii/
American Sigh

Apr 16, 2025 1:28 PM

Tags: cve, data-breach, update

A long, long time ago I can still remember How those CVEs would make me smile And I knew if I had my chance To patch a vuln or take a stance Maybe we’d be secure for a while But April ides made me shiver With each leaked memo and press release delivered Bad news……
Erneuter Datenabfluss bei Melting Mind?

Apr 16, 2025 1:28 PM

Tags: cyberattack, data-breach, sql

Es gibt Hinweise auf ein neues Datenleck bei Melting Mind.Noch am Dienstag (15. April) berichtete der Norddeutsche Rundfunk NDR, dass Melting Mind bei dem Cyberangriff im vergangenen Jahr größeren Schaden abwenden konnte. Laut einem Bericht von heise online hat das Unternehmen jedoch weiterhin Sicherheitsprobleme.So habe eine Suchanfrage am selben Tag in der Schwachstellensuchmaschine Leakix eine…
Insurance firm Lemonade warns of breach of thousands of driving license numbers

Apr 16, 2025 12:28 PM

Tags: breach, data, data-breach, insurance

A data breach at insurance firm Lemonade left the details of thousands of drivers’ licenses exposed for 17 months. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/insurance-firm-lemonade-warns-of-breach-of-thousands-of-driving-license-numbers
Government contractor Conduent disclosed a data breach

Apr 16, 2025 11:28 AM

Tags: breach, business, cyberattack, data, data-breach, government, service

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack. In January, Conduent confirmed a cyberattack caused service disruptions after agencies in multiple US…
Quellcode und Daten geleakt: 4chan nach mutmaßlichem Hackerangriff offline

Apr 16, 2025 11:28 AM

Tags: cyberattack, data-breach, mail, tool

4chan hat offenbar den Unmut einer Konkurrenzplattform auf sich gezogen. Dort kursieren Screenshots von internen Tools, Datenbanken, E-Mail-Listen und mehr. First seen on golem.de Jump to article: www.golem.de/news/quellcode-und-daten-geleakt-4chan-nach-mutmasslichem-hackerangriff-offline-2504-195407.html
Datenleck bei Autovermietung: Prominente Hacker erbeuten Kundendaten von Hertz

Apr 16, 2025 10:28 AM

Tags: data-breach, hacker

Unter anderem von Hertz erfasste Führerscheindaten, Zahlungsinformationen und Angaben über Unfallverletzungen sind in die Hände von Hackern gelangt. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-autovermietung-prominente-hacker-erbeuten-kundendaten-von-hertz-2504-195401.html
MITRE Ends CVE Program Support Leaked Internal Memo Confirms Departure

Apr 16, 2025 8:28 AM

Tags: cve, cyber, cybersecurity, data-breach, mitre, vulnerability

A leaked internal memo dated April 15, 2025, has sent shockwaves through the cybersecurity community, revealing that MITRE’s contract to operate the Common Vulnerabilities and Exposures (CVE) program is set to expire today, April 16, 2025. The letter, reportedly obtained from a reliable source and addressed to CVE Board Members, is signed by Yosry Barsoum,…
ICICI Bank Ransomware Breach: A Stark Reminder of Supply Chain Risk and the Need for Real-Time Cyber Vigilance

Apr 16, 2025 1:28 AM

Tags: breach, cyber, dark-web, data, data-breach, finance, lockbit, ransomware, risk, supply-chain

The recent ransomware breach tied to ICICI Bank”, claimed by the LockBit group”, has raised fresh concerns about the fragility of digital ecosystems and third-party risk. While official confirmations remain limited, leaked files and dark web chatter suggest that attackers accessed systems through a vendor relationship and exfiltrated over 3 TB of sensitive data, including…