Tag: data
-
UK sanctions Xinbi marketplace linked to Asian scam centers
The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-sanctions-xinbi-marketplace-linked-to-asian-scam-centers/
-
GlassWorm attack installs fake browser extension for surveillance
It hides inside developer tools, then monitors activity and steals data, turning a single infection into a wider risk across the supply chain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/glassworm-attack-installs-fake-browser-extension-for-surveillance/
-
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn… First seen on hackread.com Jump to article: hackread.com/financial-firms-rise-pxa-stealer-attacks/
-
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
A new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to monetizing stolen corporate data, focusing on processing and refining information rather than simply publishing it.…
-
Russia detains alleged admin of LeakBase cybercrime forum weeks after global crackdown
Russian authorities have detained a suspected administrator of LeakBase, a major online marketplace for stolen data, weeks after U.S. and European law enforcement agencies carried out a global crackdown on the platform. First seen on therecord.media Jump to article: therecord.media/leakbase-russia-admin-arrest-cyber
-
Wer beim Backup nur an die Daten denkt, hat kein Backup
Wie bei den meisten Gedenk- und Aktionstagen stellt sich auch beim World-Backup-Day die Frage, ob es ihn überhaupt noch braucht. Schließlich sichern laut der Backup-Studie 2025 des Datenrettungsspezialisten Data Reverse 77 Prozent der deutschen Unternehmen ihre Daten mindestens wöchentlich. Regelmäßige Datensicherung ist damit längst gelebte Praxis. Backups sind, so scheint es, kein Nischenthema mehr, sondern…
-
GitHub jumps on the bandwagon and will use your data to train AI
GitHub updated how it uses data to improve AI-powered coding assistance. Starting April 24, interaction data from Copilot Free, Pro, and Pro+ users may be used to train and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/26/github-copilot-data-privacy-policy-update/
-
Russia arrests suspected owner of LeakBase cybercrime forum
Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russia-arrests-suspected-owner-and-admin-of-leakbase-cybercrime-forum/
-
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called “Loot.” First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-460/
-
Researchers uncover WebRTC skimmer bypassing traditional defenses
Researchers found a new skimmer using WebRTC to steal and send payment data, bypassing traditional security controls. Sansec researchers discovered a new payment skimmer that uses WebRTC data channels instead of typical web requests to load malicious code and exfiltrate stolen payment data. >>What sets this attack apart is the skimmer itself. Instead of the usual…
-
Critical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution Attacks
Tags: attack, cyber, data, endpoint, exploit, group, incident response, ivanti, mobile, remote-code-execution, threat, vulnerability, zero-dayIn February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). A recent incident response investigation by WithSecure’s STINGR Group revealed that attackers used highly automated methods to exfiltrate sensitive data from compromised servers within seconds. These zero-day vulnerabilities allow unauthenticated attackers to execute arbitrary code…
-
Russian authorities arrest alleged LeakBase admin behind stolen data marketplace
Russian authorities arrested the alleged LeakBase admin for running a marketplace selling stolen data since 2021. Russian law enforcement has arrested the suspected administrator of LeakBase, a cybercrime forum used to trade stolen personal data. The suspect, from Taganrog, is accused of running the platform since 2021. During a search of his home, authorities seized…
-
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls.”Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,” Sansec said in a report published…
-
FedRAMP and the Data Broker Loophole
A new congressional report recommending a FedRAMP-style framework for commercial data brokers has reignited a long-running debate in Washington: whether federal agencies should be able to buy sensitive personal data on the open market without the same legal scrutiny required for traditional surveillance. Supporters of reform argue that the rapid growth of the data brokerage”¦…
-
Entropy-Rich Synthetic Data Generation for PQC Key Material
Explore how entropy-rich synthetic data generation strengthens PQC key material for Model Context Protocol. Secure your AI infrastructure with quantum-resistant encryption. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/entropy-rich-synthetic-data-generation-for-pqc-key-material/
-
What the UK Cyber Security Resilience Bill Means for Security Practitioners
Tags: cloud, compliance, cyber, data, detection, finance, framework, incident response, msp, network, nis-2, regulation, resilience, risk, saas, service, supply-chainThe UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026. The UK’s Cyber Security and Resilience Bill is working its way through Parliament, and if you haven’t started paying serious attention yet, now is the time. Introduced to the House of Commons in November 2025, the Bill represents…
-
AI Exploits, Data Breaches, and Zero-Days Define This Week’s Cybersecurity Landscape
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-exploits-data-breaches-and-zero-days-define-this-weeks-cybersecurity-landscape/
-
Google moves post-quantum encryption timeline up to 2029
The shift suggests the tech titan is worried that 2035 is too late to wait to protect their systems, devices and data for the quantum age. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-moves-post-quantum-encryption-timeline-to-2029/
-
Florida Suspends Firm for Unlawfully Offshoring Claims Data
State: Medicare Enrollee Data Sent to Unlicensed Firms in India, Philippines. State insurance regulators have suspended a Florida third-party health administrator firm for unlawfully offshoring sensitive claims and other data of more than 23,000 Florida Medicare Advantage enrollees to several unlicensed companies in India and the Philippines. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/florida-suspends-firm-for-unlawfully-offshoring-claims-data-a-31177
-
New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/
-
The Dark Side of DDoS: Why DDoS Downtime is Harder to Prevent
Cloudflare recently published data that offers clear insight into where the DDoS threat environment is heading. DDoS attacks are becoming larger, more frequent, and more sophisticated, with botnets reaching unprecedented scale. But beyond the headline numbers, the report also points to a broader shift that deserves closer attention. In this article, we’ll discuss some of..…
-
Hackers claim to have accessed data tied to millions of crime tipsters
A hacktivist group claims to have obtained sensitive data on crime tipsters and the people they reported, dating back to 1987. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hackers-claim-to-have-accessed-data-tied-to-millions-of-crime-tipsters/
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
PRE Security Ships Platform 3.3 With SignalGate Data Fabric and Agentic SOARGPT at RSAC 2026
PRE Security has released platform version 3.3, introducing two major new capabilities, SignalGate and a fully agentic Autonomous Security Operator, alongside two awards from the 2026 Cybersecurity Excellence Awards. The announcements coincide with RSAC 2026 in San Francisco. SignalGate is PRE Security’s new AI-driven security data fabric. It processes, classifies, prioritizes, and routes security signals..…
-
Tenable Launches Hexa AI, an Agentic Orchestration Engine Inside Tenable One
Tenable has announced Tenable Hexa AI, an agentic AI engine built into the Tenable One Exposure Management Platform. The announcement was made at RSAC 2026 in San Francisco. Tenable Hexa AI functions as an orchestration layer that connects exposure intelligence to action. Powered by Tenable’s Exposure Data Fabric, the engine understands how vulnerabilities, identities, assets,..…
-
Cyera Ships Browser Shield, Data Lineage, and MCP to Close AI Data Security Gaps
Cyera announced three new capabilities at RSAC 2026 on March 24: Browser Shield for AI, Data Lineage for files, and Cyera MCP. Together, they address two of the most pressing blind spots in enterprise AI security, what employees are sending into AI tools, and what happens to data after AI agents get access to it……
-
Phishers Pose as Palo Alto Networks’ Recruiters for Months in Job Scam
A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam
-
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs.”It logs keystrokes, dumps cookies and session tokens, captures screenshots, and First seen…