Collecting Cyber-News from over 60 sources

Tag: leak

Unmasked by Leaks: The Hidden Backbone of a Ransomware Operation

Jan 19, 2026 3:13 PM

Tags: cyber, group, leak, ransomware, russia

The leaks tied to the BlackBasta ransomware group and Russian hosting company Media Land pulled back the curtain on something defenders rarely get to see: the internal machinery and people behind a major ransomware operation. In February 2025, an unknown individual using the handle ExploitWhispers appeared on Telegram and published a massive archive of BlackBasta’s internal chats…
Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems

Jan 19, 2026 11:13 AM

Tags: breach, data, hacker, hacking, leak

An actor who goes online with the alias @ihackthegovernment posted stolen personal data from his victims, including the U.S. Supreme Court. Nicholas Moore, 24, from Tennessee, pleaded guilty to repeatedly hacking the U.S. Supreme Court’s electronic filing system. Court documents reveal he used his Instagram account to leak data from several of his victims. >>Nicholas…
New OpenAI leak hints at upcoming ChatGPT features

Jan 19, 2026 5:13 AM

Tags: chatgpt, leak, openai, update

OpenAI is internally testing a new update for ChatGPT, at least on the web. It’ll begin rolling out in the coming weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/new-openai-leak-hints-at-upcoming-chatgpt-features/
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026

Jan 15, 2026 7:51 PM

Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
Cybercrime Inc.: When hackers are better organized than IT

Jan 14, 2026 7:11 PM

Tags: access, ai, attack, automation, awareness, botnet, breach, business, communications, compliance, computing, control, corporate, credentials, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, exploit, finance, group, hacker, healthcare, incident response, intelligence, jobs, leak, malicious, malware, marketplace, network, organized, phishing, programming, ransom, ransomware, resilience, risk, service, social-engineering, software, supply-chain, technology, tool, training, update, vulnerability

Ransomware-as-a-service: The Amazon of crime: The ransomware-as-a-service (RaaS) model has also revolutionized the cybercrime business. Criminal groups offer their malware like a software product. Attackers can license the code, select targets, and launch attacks, all without in-depth programming knowledge. The operator receives a commission for this.Thus, a marketplace developed where services, tools, and data are traded like…
Hacker Claims Full Breach of Russia’s Max Messenger, Threatens Public Leak

Jan 14, 2026 7:11 PM

Tags: breach, data, hacker, leak, russia

A hacker claims a full breach of Russia’s Max Messenger, threatening to leak user data and backend systems if demands are not met. First seen on hackread.com Jump to article: hackread.com/hacker-russia-max-messenger-breach-data-leak/
Fortinet fixed two critical flaws in FortiFone and FortiSIEM

Jan 14, 2026 7:11 PM

Tags: authentication, cve, data, exploit, flaw, fortinet, leak, vulnerability

Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
Fortinet fixed two critical flaws in FortiFone and FortiSIEM

Jan 14, 2026 7:11 PM

Tags: authentication, cve, data, exploit, flaw, fortinet, leak, vulnerability

Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
Fortinet fixed two critical flaws in FortiFone and FortiSIEM

Jan 14, 2026 7:11 PM

Tags: authentication, cve, data, exploit, flaw, fortinet, leak, vulnerability

Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
Leaked Data Exposes Thousands of Border Patrol, ICE Agents After Renee Good Shooting

Jan 14, 2026 7:11 PM

Tags: data, data-breach, leak

A reported DHS leak exposed personal details of about 4,500 ICE and Border Patrol agents after a Minneapolis shooting, raising safety and ethics concerns. The post Leaked Data Exposes Thousands of Border Patrol, ICE Agents After Renee Good Shooting appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-leaked-data-exposes-thousands-border-patrol-ice-agents/
DragonForce Ransomware Breakdown and Decryptor for ESXi Windows

Jan 14, 2026 7:11 PM

Tags: cyber, data, leak, ransomware, windows

Security researchers have published an in”‘depth technical analysis of the DragonForce ransomware operation, along with details of working decryptors for both Windows and ESXi systems targeting specific victims. By the time its dedicated Data Leak Site (DLS) was identified later that month, 17 victim organizations had already been listed. DragonForce markets itself as a cartel…
Cybercrime und Desinformation – Fake-Leaks als Mittel der Cybererpressung

Jan 14, 2026 7:11 PM

Tags: cybercrime, leak

First seen on security-insider.de Jump to article: www.security-insider.de/fake-leaks-cybererpressung-ransomware-a-0117c0adbed3cf60df8fc018dee3f256/
Cybercrime und Desinformation – Fake-Leaks als Mittel der Cybererpressung

Jan 14, 2026 7:11 PM

Tags: cybercrime, leak

First seen on security-insider.de Jump to article: www.security-insider.de/fake-leaks-cybererpressung-ransomware-a-0117c0adbed3cf60df8fc018dee3f256/
Cybercrime und Desinformation – Fake-Leaks als Mittel der Cybererpressung

Jan 14, 2026 7:11 PM

Tags: cybercrime, leak

First seen on security-insider.de Jump to article: www.security-insider.de/fake-leaks-cybererpressung-ransomware-a-0117c0adbed3cf60df8fc018dee3f256/
Telegram to Add Warning for Proxy Links After IP Leak Concerns

Jan 13, 2026 8:02 PM

Tags: leak, privacy, vpn

Telegram will add a warning for proxy links after reports showed they can expose user IP addresses with a single click, bypassing VPN or privacy settings. First seen on hackread.com Jump to article: hackread.com/telegram-add-warning-proxy-links-ip-leak/
Lack of isolation in agentic browsers resurfaces old vulnerabilities

Jan 13, 2026 7:02 PM

Tags: access, ai, api, attack, authentication, control, corporate, credentials, data, data-breach, defense, dns, email, exploit, finance, flaw, framework, github, google, hacker, healthcare, injection, Internet, leak, linkedin, LLM, malicious, mitigation, network, nvidia, organized, privacy, programming, risk, service, side-channel, threat, tool, training, unauthorized, update, vulnerability, xss

With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks, which are functionally similar to cross-site scripting (XSS) and cross-site request forgery (CSRF), resurface decades-old patterns…
BreachForums Data Leak Raises Fresh Questions Over Credibility

Jan 13, 2026 6:02 PM

Tags: breach, cybercrime, data, data-breach, leak

BreachForums, one of the most well-known English-language cybercrime forums, has reportedly suffered a data breach, exposing user information after the site was taken offline once again. As reported by The Register, a database linked to the forum was leaked online, potentially revealing account details, private messages and metadata on close to 325,000 accounts. However, security…
2 Separate Campaigns Probe Corporate LLMs for Secrets

Jan 13, 2026 6:02 PM

Tags: ai, attack, corporate, endpoint, leak, LLM

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/separate-campaigns-target-exposed-llm-services
Russia’s Crackdown on Probiv Data Leaks May Have Fed the Beast Instead

Jan 13, 2026 11:02 AM

Tags: control, data, leak, russia, threat

Explore how Russia’s efforts to control the probiv market highlight the challenges of data leaks, insider threats, and the conflict between control and security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/russias-crackdown-on-probiv-data-leaks-may-have-fed-the-beast-instead/
Top 5 Best Free VPN for 2026 to Protect Your Anonymity on the Internet

Jan 13, 2026 8:01 AM

Tags: cyber, Internet, leak, vpn

If you are torrenting without the use of a VPN, you are inviting trouble for yourself. That being said, there is a lot of misleading and incorrect information available on the World Wide Web regarding the free VPN for torrenting. There are many so-called freeVPN that leaks the very information they are designed to protect.…
Notorious BreachForums hacking site hit by ‘doomsday’ leak of 324,000 criminal users

Jan 13, 2026 12:02 AM

Tags: access, breach, crime, cyber, cybercrime, dark-web, data, data-breach, email, extortion, group, hacking, intelligence, law, leak, password, penetration-testing, ransomware, risk, service, threat

Have I Been Pwned, the data breach happened last August, two months before the police takedown of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.This tallies with the August 11 date on the database leaked last week; that was the…
Meta fixes Instagram password reset flaw, denies data breach

Jan 12, 2026 9:02 PM

Tags: breach, data, data-breach, email, flaw, leak, password, vulnerability

Meta fixed an Instagram password reset flaw that let third parties send reset emails, while denying a data breach despite leak claims. Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data. >>We fixed an issue that let an…
Instagram Confirms Password-Reset Spam Flood, Denies Breach

Jan 12, 2026 7:02 PM

Tags: breach, data-breach, email, leak, malicious, password, spam, threat

Security Experts See Coincidental Timing After Leak of Scraped Instagram User Data. Instagram said a massive wave of password reset emails sent to its users traced to malicious abuse of a legitimate feature, but didn’t result from any breach of its systems. Separately, security experts said a threat actor leaked 6.2 million users’ email addresses,…
Two Separate Campaigns Target Exposed LLM Services

Jan 12, 2026 6:02 PM

Tags: ai, attack, data-breach, endpoint, leak, LLM, service

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/separate-campaigns-target-exposed-llm-services
Prevent cloud data leaks with Microsoft 365 access reviews

Jan 12, 2026 5:02 PM

Tags: access, cloud, data, leak, microsoft

Microsoft 365 has made file sharing effortless, but that convenience often leaves organizations with little visibility into who can access sensitive data. Tenfold explains how access reviews for shared cloud content can help organizations regain visibility, reduce unnecessary permissions, and prevent data leaks in Microsoft 365. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/prevent-cloud-data-leaks-with-microsoft-365-access-reviews/
How to stop insider-driven data loss in browser sessions

Jan 12, 2026 12:02 PM

Tags: control, data, leak

Midmarket teams turn to secure browsers capable of providing deep visibility and enforcing granular user controls during user browsing sessions, the goal being to prevent intentional or unintentional leaks without adding friction to the user experience. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/how-to-stop-insider-driven-data-loss-in-browser-sessions/808445/
BreachForums Database Leak Turns the Tables on Threat Actors

Jan 12, 2026 11:01 AM

Tags: data-breach, hacking, leak, threat

A database featuring 300,000+ users of notorious hacking forum BreachForums has been leaked online First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/breachforums-database-leak/
CISOs’ top 10 cybersecurity priorities for 2026

Jan 12, 2026 9:01 AM

Tags: access, ai, attack, authentication, business, ciso, cloud, compliance, control, corporate, cyber, cyberattack, cybersecurity, data, deep-fake, defense, gartner, google, hacker, identity, intelligence, international, leak, monitoring, network, office, passkey, resilience, risk, risk-management, service, software, strategy, supply-chain, technology, threat, tool, training, unauthorized, zero-trust

Prepping for AI-enabled attacks: Although conventional tasks dominate the CISO priorities in the Foundry survey, interviews and other research show that AI-related issues are also high on the CISO priority list.For example, 53% of security leaders ranked AI-enabled cyber threats as a top-three organizational risk in a global survey conducted by Boston Consulting Group. BCG…
CISOs’ top 10 cybersecurity priorities for 2026

Jan 12, 2026 9:01 AM

Tags: access, ai, attack, authentication, business, ciso, cloud, compliance, control, corporate, cyber, cyberattack, cybersecurity, data, deep-fake, defense, gartner, google, hacker, identity, intelligence, international, leak, monitoring, network, office, passkey, resilience, risk, risk-management, service, software, strategy, supply-chain, technology, threat, tool, training, unauthorized, zero-trust

Prepping for AI-enabled attacks: Although conventional tasks dominate the CISO priorities in the Foundry survey, interviews and other research show that AI-related issues are also high on the CISO priority list.For example, 53% of security leaders ranked AI-enabled cyber threats as a top-three organizational risk in a global survey conducted by Boston Consulting Group. BCG…
Critical InputPlumber Flaw Enables UI Input Injection and DenialService

Jan 12, 2026 8:01 AM

Tags: cve, cyber, flaw, injection, leak, linux, service, vulnerability

Security researchers have discovered critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, that could allow attackers to inject keystrokes, leak sensitive information, and cause denial-of-service conditions. The flaws, tracked as CVE-2025-66005 and CVE-2025-14338, affect InputPlumber versions before v0.69.0 and stem from inadequate D-Bus authorization checks. CVE ID Description Affected Versions Impact…