Tag: leak
-
ClickFunnels Investigates Breach After Hackers Leak Business Data
ClickFunnels is investigating a data breach after hackers leaked detailed business data, including emails, phone numbers, and company… First seen on hackread.com Jump to article: hackread.com/clickfunnels-investigate-breach-hackers-leak-business-data/
-
Helm Charts Flaw Could Let Hackers Access Kubernetes Clusters, Microsoft Finds
Default Helm charts for Kubernetes may expose clusters to attacks, Microsoft warns. Misconfigurations risk data leaks, code execution, and takeovers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/microsoft-helm-charts-kubernetes-clusters/
-
Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks
Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps. These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain…
-
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.”While these ‘plug-and-play’ options greatly simplify the setup process, they often prioritize ease of use over security,” Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team First…
-
Phony Hacktivist Pleads Guilty to Disney Data Leak
After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists’ rights and ensuring they receive fair compensation for their work. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/phony-hacktivist-pleads-guilty-disney-leak
-
xAI Developer Accidentally Leaks API Key Granting Access to SpaceX, Tesla, and X LLMs
An employee at Elon Musk’s artificial intelligence venture, xAI, inadvertently disclosed a sensitive API key on GitHub, potentially exposing proprietary large language models (LLMs) linked to SpaceX, Tesla, and Twitter/X. Cybersecurity specialists estimate the leak remained active for two months, offering outsiders the capability to access and query highly confidential AI systems engineered with internal…
-
Attackers Ramp Up Efforts Targeting Developer Secrets
Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/attackers-targeting-developer-secrets
-
Patients left in the dark months after cybercriminals leak testing lab data
It’s been almost a year since the Qilin cybercrime group breached sensitive data from U.K. pathology services company Synnovis, and its patient information page is still short on details about what was exposed and how many people were affected. First seen on therecord.media Jump to article: therecord.media/synnovis-health-data-breach-investigation-onging
-
Waltz’ letzter Tanz: Signal-Leak kostet Trump-Berater den Job
Mike Waltz, nationaler Sicherheitsberater von US-Präsident Donald Trump, hat seinen Posten verloren. Waltz und sein Vertreter müssen ihre Ämter abgeben. First seen on golem.de Jump to article: www.golem.de/news/waltz-letzter-tanz-signal-leak-kostet-trump-berater-den-job-2505-195847.html
-
Prolific RansomHub Operation Goes Dark
The chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/prolific-ransomhub-operation-goes-dark
-
A Look Into the Secrets of MCP: The New Secret Leak Source
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already discloses real-world secrets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/a-look-into-the-secrets-of-mcp-the-new-secret-leak-source/
-
The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning
BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums…
-
Misconfiguration leaks Second Phone Number iOS app data
First seen on scworld.com Jump to article: www.scworld.com/brief/misconfiguration-leaks-second-phone-number-ios-app-data
-
Vor diesen Ransomware-Banden sollten Sie sich hüten
Tags: ai, cyber, cyberattack, data, data-breach, exploit, extortion, germany, group, hacker, intelligence, leak, lockbit, malware, moveIT, ransomware, service, software, strategy, threat, tool, usa, vulnerability, zero-dayRansomware-Attacken werden immer mehr. Höchste Zeit, die Schutzmaßnahmen hochzufahren.In den ersten drei Monaten des laufenden Jahres gab es einen neuen Höchststand bei den weltweit gemeldeten Ransomware-Vorfällen. Laut dem aktuellen Bericht State of Ransomware von Check Point Research (CPR) haben Hacker im ersten Quartal 2025 insgesamt 2.289 Unternehmen erpresst 126 Prozent mehr als im Vorjahreszeitraum (1.011…
-
Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish
An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive documents from hundreds of organizations, following a chain reaction triggered by a critical false positive error. Security researchers at ANY.RUN first identified and reported the incident, highlighting major weaknesses in automated threat detection systems and the risks posed by user behaviors…
-
Hackers Claim TikTok Breach, Leak Over 900,000 Usernames and Passwords
A hacker collective known as R00TK1T claims to have breached TikTok’s user database, allegedly leaking login information for over 900,000 users. The group, which has previously made waves in the hacking community with bold claims”, often with little substantiated evidence”, has taken to underground forums to boast about their latest exploit. Alleged Account Deletions and…
-
Emulating the Hellish Helldown Ransomware
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak…
-
Trump Wants AI in Classrooms. Where Are the Safeguards?
Experts Say White House AI Plan May Spur Innovation But Leave School Data at Risk. The White House issued an executive order Wednesday to expand the use of new artificial intelligence tools in U.S. K12 schools, drawing expert warnings over the lack of cybersecurity safeguards to prevent data leaks or misuse by AI firms for…
-
Interlock ransomware claims DaVita attack, leaks stolen data
The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-claims-davita-attack-leaks-stolen-data/
-
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools
Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked to the KeyPlug malware, associated with the threat group RedGolf, also known as APT41. The server, which was inadvertently exposed for less than 24 hours, provided an unprecedented glimpse into the sophisticated tactics, techniques, and procedures (TTPs) employed by this advanced…
-
CISA Flags Risks from Legacy Oracle Cloud Credential Leak
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-flags-risks-from-legacy-oracle-cloud-credential-leak
-
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/
-
NTLM Hash Exploit Targets Poland and Romania Days After Patch
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ntlm-hash-exploit-targets-poland/
-
CISA warns of increased breach risks following Oracle Cloud leak
On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-increased-breach-risks-following-oracle-cloud-leak/
-
Hacker Leaks 33,000 Employee Records in Third-Party API Breach
A hacker has exposed the personal records of over 33,000 employees after discovering unrestricted endpoints belonging to a major technology service provider. The breach, first reported by cybersecurity platform CloudSEK’s BeVigil, highlights alarming gaps in API security that could have far-reaching consequences for both the affected organization and its clients. CloudSEK’s BeVigil, a platform specializing…
-
CISA warns of potential data breaches caused by legacy Oracle Cloud leak
The Cybersecurity and Infrastructure Security Agency on Wednesday said that while the scope of the reported Oracle issue remains unconfirmed, it “presents potential risk to organizations and individuals.” First seen on therecord.media Jump to article: therecord.media/cisa-warns-of-potential-data-breaches-tied-to-oracle-issue