Tag: data-breach
-
South African telecom provider Cell C disclosed a data breach following a cyberattack
Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and…
-
The quiet data breach hiding in AI workflows
As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/14/quiet-data-breach-ai-workflows/
-
Oracle admits breach of ‘obsolete servers,’ denies main cloud platform affected
Doubts emerge: So far so good regarding Oracle’s denials, except that the hacker subsequently shared data showing their access to login.us2.oraclecloud.com, a service that is part of the Oracle Access Manager, the company’s IAM system used to control access to Oracle-hosted systems.It also emerged that some of the leaked data appeared to be from 2024…
-
Extensive WooCommerce data breach claimed
First seen on scworld.com Jump to article: www.scworld.com/brief/extensive-woocommerce-data-breach-claimed
-
Rogue Account”‘Creation Flaw Leaves 100″¯K WordPress Sites Exposed
A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher mikemyers, allows attackers to create rogue administrative users on sites where the plugin is not properly configured. Vulnerability Details This critical flaw, registered as CVE-2025-3102, is rooted in the plugin’s…
-
A Seven”‘Year”‘Old Cisco Flaw Now Lets Hackers Execute Code Remotely on Network Gear
Tags: cisco, credentials, cyber, data-breach, exploit, firmware, flaw, hacker, infrastructure, network, router, service, theft, threatA Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches and routers via exposed Smart Install Client services, enabling configuration theft, credential harvesting, and firmware…
-
South African telecom provider serving 7.7 million confirms data leak following cyberattack
South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyberattack last year. First seen on therecord.media Jump to article: therecord.media/south-african-telecom-provider-discloses-data-breach-ransomware
-
Targeted phishing gets a new hook with real-time email validation
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records
A hacker operating under the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, a leading e-commerce platform used globally to power online stores. The breach, allegedly carried out on April 6, 2025, has reportedly compromised sensitive data of over 4.4 million users. The claim surfaced on Breach Forums, a notorious hub…
-
Tausend gute Gründe, warum Sie Ihre Identität schützen sollten
Datenlecks in Unternehmen sind der häufigste Grund für Identitätsbetrug, aber lange nicht der Einzige. In diesem Blogpost erklären wir, wie Hacker an persönliche Daten gelangen und wie Nutzer dies verhindern können. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/scams/1-milliarde-grunde-um-ihre-identitat-online-zu-schutzen/
-
Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected
Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud systems or customer data were affected. Oracle confirmed a hacker stole and leaked credentials from two obsolete servers, but said no Oracle Cloud systems or customer data were affected. The threat actor accessed usernames from two outdated, non-Oracle Cloud Infrastructure…
-
Precision-validated phishing: The rise of sophisticated credential theft
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, theft, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing
QR codes are being weaponised by scammers, so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider. First seen on grahamcluley.com Jump to article:…
-
Hacker Claims WooCommerce Data Breach, Selling 4m User Records
A hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on… First seen on hackread.com Jump to article: hackread.com/hacker-claims-woocommerce-data-breach-selling-records/
-
Oracle says “obsolete servers” hacked, denies cloud breach
Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as “two obsolete servers.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/
-
Cybercriminals Attacked National Social Security Fund of Morocco – Millions of Digital Identities at Risk of Data Breach
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attacked-national-social-security-fund-of-morocco-millions-of-digital-identities-at-risk-of-data-breach
-
National Social Security Fund of Morocco Suffers Data Breach
Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data. Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of sensitive data relating to citizens. The actor using the alias ‘Jabaroot’ released claims about the…
-
Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users
Another day, another data breach claim involving a high-profile company! First seen on hackread.com Jump to article: hackread.com/hackers-magento-breach-3rd-party-crm-data-leak/
-
Samsung-Datenleck: Was Betroffene jetzt tun können
Samsung Deutschland wurde Ziel eines groß angelegten Hackerangriffs. Unbekannte verschafften sich Zugriff auf interne Supportsysteme und entwendeten rund 270.000 sensible Kundendatensätze, die nun im Darknet angeboten werden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/samsung-datenleck-was-betroffene-jetzt-tun-koennen
-
Verbraucher sollten aktiv werden: Nach Datenleck bei Samsung Anspruch auf Schadensersatz prüfen
Tags: data-breachFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/verbraucher-datenleck-samsung-pruefung-anspruch-schadensersatz
-
WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw
The Michigan-based breakfast cereal company confirmed it used Cleo as a vendor for human resources data. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/wk-kellogg-employee-data-breach-cleo/744739/
-
Over 5,000 Ivanti Connect Secure Devices Exposed to RCE Vulnerabilities
Over 5,000 Ivanti Connect Secure devices remain vulnerable to a critical remote code execution (RCE) flaw, according to data from the Shadowserver Foundation. The vulnerability, tracked as CVE-2025-22457, stems from a stack-based buffer overflow issue, enabling unauthenticated attackers to execute arbitrary code remotely. The flaw has already been exploited in the wild, raising alarms across the…
-
Google to Patch 23-Year-Old Chrome Bug That Leaked Browsing History
Google has announced a groundbreaking update to its Chrome browser that addresses a vulnerability in the web browser’s code, which has been leaking users’ browsing history for over two decades. This long-standing issue stems from the CSS:visitedselector”, a web design feature that allows websites to stylize previously visited links. While originally designed to improve user…
-
Threat Actor Leaks Data from Major Bulletproof Hosting Provider Medialand
Tags: breach, control, cyber, cybercrime, data, data-breach, infrastructure, leak, malware, phishing, ransomware, threatA threat actor disclosed internal data from Medialand, a prominent bulletproof hosting (BPH) provider long associated with Yalishanda, a cybercriminal organization tracked as LARVA-34. The breach has exposed the backend systems and operational infrastructure of Medialand, which has historically facilitated a wide array of illicit cyber activities, including ransomware operations, malware control-and-command systems, phishing campaigns,…
-
Kellogg’s Servers Breached, Hackers Steal Sensitive Data
WK Kellogg Co., one of the world’s leading cereal and snack manufacturers, has fallen victim to a significant data breach, exposing the sensitive information of an undisclosed number of individuals. The breach, which occurred on December 7, 2024, was only discovered nearly three months later on February 27, 2025, according to a notification submitted by…
-
Why DEI is key for a cyber safe future
Tags: access, ai, country, cyber, cyberattack, cybersecurity, data-breach, infrastructure, mitigation, regulation, risk, skills, technology, threatgrow a workforce and body of expertise, not shrink it.By illuminating career pathways or creating opportunities for those who have been historically overlooked, DEIB programs welcome people that may not have been exposed or traditionally have lacked access to the space. Across the US, Black practitioners make up only 8% of the total tech workforce.…
-
10 things you should include in your AI policy
Tags: access, ai, best-practice, breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, framework, gartner, GDPR, governance, incident response, insurance, law, monitoring, privacy, regulation, risk, software, strategy, switch, technology, tool, training, updateInput from all stakeholders: At Aflac, the security team took the initial lead on developing the company’s AI policy. But AI is not just a security concern. “And it’s not just a legal concern,” Ladner says. “It’s not just a privacy concern. It’s not just a compliance concern. You need to bring all the stakeholders…
-
Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed
A newly identified Linux backdoor named >>Auto-Color,
-
23andMe Data Breach: A Wake-Up Call for Consumer Privacy and Corporate Accountability
In recent months, the fallout from the 23andMe data breach has offered a sobering reminder of the real-world implications of poor data security”, and the profound responsibility companies bear when entrusted with sensitive consumer information. In October 2023, 23andMe, one of the most well-known consumer genetic testing companies, disclosed a significant breach that affected nearly…