Tag: leak
-
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report.The link, the non-profit organization said, is a “Predator attack attempt based on the technical…
-
Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified
Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/predator-spyware-intellexa-evades/
-
AI Agents Create Critical Supply Chain Risk in GitHub Actions
PromptPwnd shows how simple prompt injections can let attackers compromise GitHub Actions and leak sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-agents-create-critical-supply-chain-risk-in-github-actions/
-
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm. ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or…
-
ATT Extends Deadline for Data Breach Settlement Claims
The deadline for 51 million affected customers to claim compensation from two massive data leaks is now Dec. 18. The post ATT Extends Deadline for Data Breach Settlement Claims appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-att-data-breach-settlement/
-
Developers urged to immediately upgrade React, Next.js
create-next-app and built for production is vulnerable without any specific code modifications by the developer,” Wiz also warns.The problem in React’s server package, designated CVE-2025-55182, is a logical deserialization vulnerability allowing the server to processes RSC payloads in an unsafe way. When a server receives a specially crafted, malformed payload, say Wiz researchers, it fails to validate the…
-
SmartTube Android TV App Compromised After Signing Keys Leak
SmartTube, a popular open-source YouTube client for Android TV devices with over 25,900 GitHub stars, has been compromised after its digital signing keys were exposed, prompting an urgent security response from developer Yurii Liskov (yuliskov). The incident, disclosed on November 27, 2025, has forced affected users to reinstall the application under a new digital signature…
-
Russia limits WhatsApp use, claiming it enables terrorism, crime, espionage
Russian users of WhatsApp reported disruptions as authorities limited access to the app, which they said enabled fraud, terrorism and possibly a recent leak of diplomatic communications with the U.S. First seen on therecord.media Jump to article: therecord.media/russia-whatsapp-restrictions
-
South Korea’s Coupang Confirms 34 Million Customer Data Leak
The South Korean police are tracking the suspect behind a cyber-attack targeting e-commerce giant Coupang First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/south-korea-coupang-34m-customer/
-
Chinese Front Companies Offering Advanced Steganography Tools for APT Groups
The Chinese government’s cyber ecosystem continues to attract significant scrutiny from security researchers worldwide. Following revelations from Intrusion Truth, the i-Soon leaks, tracking of EagleMsgSpy, and exposure of Great Firewall components, a recent analysis has uncovered details about two technology companies allegedly linked to China’s Ministry of State Security (MSS). BIETA and its subsidiary CIII…
-
Flock Uses Overseas Gig Workers to Build Its Surveillance AI
An accidental leak revealed that Flock, which has cameras in thousands of US communities, is using workers in the Philippines to review and classify footage. First seen on wired.com Jump to article: www.wired.com/story/flock-uses-overseas-gig-workers-to-build-its-surveillance-ai/
-
Flock Uses Overseas Gig Workers to Build Its Surveillance AI
An accidental leak revealed that Flock, which has cameras in thousands of US communities, is using workers in the Philippines to review and classify footage. First seen on wired.com Jump to article: www.wired.com/story/flock-uses-overseas-gig-workers-to-build-its-surveillance-ai/
-
âš¡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day, code packages, cloud accounts, email, chat, phones, and “trusted” partners, and turn them against us.One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone,…
-
Leak confirms OpenAI is preparing ads on ChatGPT for public roll out
OpenAI is now internally testing ‘ads’ inside ChatGPT that could redefine the web economy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openai-is-preparing-ads-on-chatgpt-for-public-roll-out/
-
OBR drags in cyber bigwig after Budget leak blunder
Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule First seen on theregister.com Jump to article: www.theregister.com/2025/11/28/obr_ciaran_martin/
-
Werbefreies Youtube-Streaming: Smarttube-App mutiert durch Leak zur Malware-Gefahr
Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
-
Thousands of sensitive secrets published on JSONFormatter and CodeBeautify
Users of JSONFormatter and CodeBeautify leaked thousands of sensitive secrets, including credentials and private keys, WatchTowr warns. WatchTowr’s latest research reveals massive leaks of passwords, secrets, and keys across developer formatting platforms like JSONFormatter and CodeBeautify. Despite past incidents, exposed credentials remain rampant, sometimes even for critical systems. WatchTowr researchers highlight how easily sensitive data…
-
Werbefreies Youtube-Streaming: Signatur-Leak macht Smarttube zur Malware-Bedrohung
Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
-
New observational auditing framework takes aim at machine learning privacy leaks
Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/machine-learning-privacy-audit-checks/
-
UNMASKED: Massive Leak Exposes Iran’s ‘Department 40’ Cyber-Terror Unit
The post UNMASKED: Massive Leak Exposes Iran’s ‘Department 40’ Cyber-Terror Unit appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/unmasked-massive-leak-exposes-irans-department-40-cyber-terror-unit/
-
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
Tags: attack, breach, data, finance, group, korea, leak, msp, north-korea, ransomware, service, supply-chainSouth Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.”This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) First seen on…
-
Massive Data Leak: ByteToBreach Offers Stolen Global Airline, Banking, and Government Records
A cybercriminal operating under the alias ByteToBreach has emerged as a prominent figure in the underground data trade, orchestrating a series of high-profile breaches targeting critical sectors worldwide. Active since at least June 2025, ByteToBreach has leveraged a blend of technical proficiency, aggressive self-promotion, and cross-platform operations to become one of the most publicized threat…
-
Massive Data Leak: ByteToBreach Offers Stolen Global Airline, Banking, and Government Records
A cybercriminal operating under the alias ByteToBreach has emerged as a prominent figure in the underground data trade, orchestrating a series of high-profile breaches targeting critical sectors worldwide. Active since at least June 2025, ByteToBreach has leveraged a blend of technical proficiency, aggressive self-promotion, and cross-platform operations to become one of the most publicized threat…
-
Developers Are Exposing Passwords and API Keys Through Online Code Tools
Security researchers at watchTowr Labs uncovered a massive leak of sensitive credentials after scanning popular online JSON formatting tools. Developers and administrators have been pasting passwords, API keys, database credentials, and personally identifiable information (PII) into sites like jsonformatter.org and codebeautify.org, where >>save>Recent Links
-
Alliances between ransomware groups tied to recent surge in cybercrime
Tags: access, attack, awareness, backup, business, cloud, cybercrime, cybersecurity, data, encryption, exploit, extortion, group, healthcare, incident response, intelligence, law, leak, monitoring, ransom, ransomware, saas, service, software, tactics, theft, threat, vpn, vulnerability, zero-dayRansomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw…
-
Developers left large cache of credentials exposed on code generation websites
Tags: ai, api, authentication, banking, credentials, cyber, data, data-breach, email, endpoint, fortinet, government, healthcare, infrastructure, leak, mssp, service, vulnerability, waf, zero-day/service/getDataFromID API endpoint, watchTowr was able to extract the content behind each link from 80,000+ downloaded submissions, five years of historical JSON Formatter content, one year of historical Code Beautify content, 5GB+ of enriched data, annotated JSON data, plus thousands of secrets. These included:Active Directory credentialsCode repository authentication keysDatabase credentialsLDAP configuration informationCloud environment keysFTP credentialsCI/CD…
-
Developers left large cache of credentials exposed on code generation websites
Tags: ai, api, authentication, banking, credentials, cyber, data, data-breach, email, endpoint, fortinet, government, healthcare, infrastructure, leak, mssp, service, vulnerability, waf, zero-day/service/getDataFromID API endpoint, watchTowr was able to extract the content behind each link from 80,000+ downloaded submissions, five years of historical JSON Formatter content, one year of historical Code Beautify content, 5GB+ of enriched data, annotated JSON data, plus thousands of secrets. These included:Active Directory credentialsCode repository authentication keysDatabase credentialsLDAP configuration informationCloud environment keysFTP credentialsCI/CD…
-
Data Leaks: Why Are We So Stupid About Free Online Services?
JSON Code ‘Beautifiers’ Expose Sensitive Data From Banks, Government Agencies At what price beauty? Apparently, some developers will paste anything into JSON beautify sites, from researchers report recovering authentication keys, database credentials, personally identifiable information for banking customers and much more. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/data-leaks-are-we-so-stupid-about-free-online-services-p-3982