Tag: leak
-
Over 5 Million Misconfigured Git Web Servers Found Exposing Secrets Online
A massive widespread vulnerability in web server configurations has left millions of websites open to data theft and unauthorised takeover. A new 2026 study conducted by the Mysterium VPN research team reveals that nearly 5 million web servers worldwide are publicly exposing their .git repository metadata. The Scale of the Leak The research scanned the internet for…
-
Nearly 5 Million Web Servers Found Exposing Git Metadata Study Reveals Widespread Risk of Code and Credential Leaks
A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files. A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository metadata, with over 250,000 of them exposing .git/config files containing deployment credentials. Such misconfigurations […]…
-
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data
DragonForce is a ransomware group that emerged in late 2023 and has grown into a serious threat to businesses by combining data theft with file encryption. The group uses dual extortion: it steals sensitive data, encrypts systems, and then threatens to publish the stolen information on dark web leak sites if victims do not pay.”‹…
-
Harvard, UPenn Data Leaked in ShinyHunters Shakedown
Leaked Financial and Admissions Data Includes Contact Details for ‘Top Donors’. Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group’s ongoing live phishing attacks that often attempt to trick IT help desks into giving attackers direct access to a victim’s network and…
-
Victims Are Rebuffing Ransomware Mass Data Theft Campaigns
Revenue From Supply-Chain Attacks by Clop Group Sharply Fell, Report Investigators. Once lucrative steal-and-leak campaigns pioneered by Russian ransomware group Clop look set to go the way of the dinosaurs. While an estimated 25% of victims paid a ransom in the inaugural campaign five years ago, the number of victims that paid fell to zero…
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
Big Breach or Smooth Sailing? Mexican Gov’t Faces Leak Allegations
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
-
Big Breach or Nada de Nada? Mexican Gov’t Faces Leak Allegations
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
-
Over 21,000 OpenClaw AI Instances Leak Personal Configuration Data
The open-source AI assistant OpenClaw experienced explosive growth, expanding from approximately 1,000 active instances to over 21,000 in just seven days. Created by Austrian developer Peter Steinberger, the personal AI assistant integrates with email, calendars, smart-home systems, and food-delivery services, enabling it to perform actions far beyond those of traditional chatbots. The project’s rapid evolution…
-
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
The BreachForums marketplace has suffered a leak, exposing the identities of nearly 324,000 cybercriminals. This incident highlights a critical shift in cyberattacks, creating opportunities for law enforcement while demonstrating the risks associated with breaches in the cybercriminal ecosystem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/breachforums-breach-exposes-names-of-324k-cybercriminals-upends-the-threat-intel-game/
-
Aluminium OS: Leak offenbart ersten Blick auf den Windows-Konkurrenten von Google
First seen on t3n.de Jump to article: t3n.de/news/aluminium-os-leak-windows-konkurrent-google-1727292/
-
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated for approximately ten months with multi-platform remote access capabilities and integrated cryptocurrency mining operations. The…
-
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups
Ransomware victims surged in Q4 2025 despite fewer active extortion groups, with data leaks rising 50%, ReliaQuest researchers report First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-numbers-rise-despite/
-
Surging Cyberattacks Boost Latin America to Riskiest Region
The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/surging-cyberattacks-latin-america-riskiest-region
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Responding to Exposed Secrets An SRE’s Incident Response Playbook
Today, let’s take a closer look at incident response playbooks: how to build one, tailor it for secret leaks, take actions, and learn from incidents. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/responding-to-exposed-secrets-an-sres-incident-response-playbook/
-
Nike Investigates Alleged Data Breach Tied to World Leaks
Nike is investigating World Leaks’ claims of a data breach, underscoring growing risks from data-centric extortion attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nike-investigates-alleged-data-breach-tied-to-world-leaks/
-
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/
-
Nike probes potential cyber incident after hackers claim data leak
The company said in a brief statement that it takes consumer privacy and data security seriously and is “actively assessing the situation,” but offered few details about the scope of the alleged breach or whether customer information may have been exposed. First seen on therecord.media Jump to article: therecord.media/nike-probes-alleged-cyber-incident
-
Microsoft brings AI-powered investigations to security teams
Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/microsoft-purview-data-security-investigations/
-
World Leaks Ransomware Group Claims 1.4TB Nike Data Breach
Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/worldleaks-ransomware-14tb-nike/
-
Treasury Cuts Ties With Booz Allen Over IRS Data Leaks
Booz Allen Loses Treasury Work in Move Tied to Trump Waste Crackdown. The U.S. Department of Treasury said it canceled all active contracts with Booz Allen Hamilton, citing data protection failures in handling taxpayer information. Treasury cited a criminal case against Charles Littlejohn, a former employee who leaked the tax returns of President Donald Trump.…
-
Cloudflare misconfiguration behind recent BGP route leak
Tags: leakCloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/
-
Nike Data Breach Claims Surface as WorldLeaks Leaks 1.4TB of Files Online
As users continue to assess the Under Armour data breach, WorldLeaks, the rebranded version of the Hunters International… First seen on hackread.com Jump to article: hackread.com/nike-data-breach-worldleaks-leaks-files-online/
-
Can NHIs management fit within tight cybersecurity budgets?
Why Are Non-Human Identities Crucial in Cybersecurity? Have you ever considered how machine identities, or Non-Human Identities (NHIs), fit into your cybersecurity strategy? Where breaches and data leaks can have catastrophic consequences, ensuring that your digital is secure is more important than ever. Managing NHIs, which are essentially machine identities consisting of secrets such as……
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…