Tag: leak
-
Instructure claims hackers returned stolen Canvas data after an extortion standoff
ShinyHunters, a prolific cybercrime group, threatened to leak data from more than 8,800 school systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/canvas-instructure-data-theft-extortion-the-com/
-
Instructure reaches ‘agreement’ with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/
-
Pressure mounts on Canvas as data leak extortion deadline looms
Attackers affiliated with The Com are threatening to leak data from more than 8,800 school systems if Instructure doesn’t pay a ransom. First seen on cyberscoop.com Jump to article: cyberscoop.com/canvas-instructure-data-theft-extortion-the-com/
-
Tables Turned: Gentlemen Ransomware Group Suffers Data Leak
Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics. Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing previously non-public victims, a variety of tactics, techniques and tools, and a relentless focus on popping backup and storage infrastructure. First seen on govinfosecurity.com Jump to article:…
-
The State of Ransomware Q1 2026
ey Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains the second-highest Q1 on record at 117%…
-
Ollama OutBounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory.The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera.Ollama is a First seen…
-
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shinyhunters-escalates-canvas/
-
Spring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret Leaks
Security researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) secrets, and manipulate system directories. Administrators, please patch your systems immediately to prevent active exploitation. Spring Vulnerabilities Critical Directory Traversal…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
Brit mathematician lets AI agent loose with credit card cue password leaks, CAPTCHA chaos and more
Professor Fry’s AI experiment shows light and dark sides of agentic tech First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/british_mathematician_tinkers_with_openclaw/
-
Carding service Jerry’s Store leak exposes 345,000 stolen payment cards
Jerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open, revealing sensitive data. A cybercriminal operation known as Jerry’s Store has reportedly exposed a large cache of stolen payment card data after leaving its own infrastructure accessible online. The service appears to have been used to test…
-
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data
The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potentially leak sensitive system data. Mail server administrators are strongly advised to apply these fixes immediately…
-
Networks of Browser Extensions Are Spyware in Disguise
Modern browser extensions and ad blockers are legally collecting and reselling user data, including streaming habits and B2B sales intelligence, under the guise of “analytics.” This unregulated “legal spyware” creates massive security gaps as employees unwittingly leak corporate URLs, SaaS dashboards, and research activity to third-party databases. With the rise of AI-native browsers and personal…
-
Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak
Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files. First seen on hackread.com Jump to article: hackread.com/private-chats-photos-celebs-expose-stalkerware-leak/
-
Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards
A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw. First seen on hackread.com Jump to article: hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/
-
Moldova’s health insurance agency reports possible data leak after cyberattack
The agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information. First seen on therecord.media Jump to article: therecord.media/moldova-health-insurance-agency-reports-possible-data-leak-cyberattack
-
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/iran-handala-hackers-leak-us-marines-data-chilling-whatsapp-threats
-
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
-
Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen
A hacker using the alias “Xorcat” claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident. First seen on hackread.com Jump to article: hackread.com/polymarket-rejects-data-breach-hacker-records-stolen/
-
CISA flags data-theft bug in NSA-built OT networking tool
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/cisa_flags_datatheft_bug_in/
-
Data Privacy Leaks The Drip, Drip, Drip of Exposure
Beyond the “headline breach,” modern enterprises face a persistent threat: steady-state data leakage. Learn why traditional privacy definitions fail and how “authorized” data flows in workplace apps create continuous legal and operational risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/data-privacy-leaks-the-drip-drip-drip-of-exposure/
-
Betting on Cybercrime Prediction Markets and Hacking
Cybercriminals are evolving from stealing data to “shaping the future” by leveraging prediction markets. By exploiting early access to disclosures, manipulating sensor data, or timing ransomware leaks to coincide with market bets, attackers can transform illegal access into guaranteed financial gains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/betting-on-cybercrime-prediction-markets-and-hacking/
-
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and enculturation. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nsa-chief-during-snowden-affair-13-years-later
-
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-clickup-api-key-email-exposure/
-
Feuding Ransomware Groups Leak Each Other’s Data
When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data
-
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
A hardcoded API key in ClickUp’s public website exposed hundreds of enterprise and government email addresses for over a year. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickup-data-leak-exposes-enterprise-emails-for-over-a-year/
-
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
-
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
-
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/