Tag: leak
-
8Base ransomware site taken down as Thai authorities arrest 4 connected to operation
The leak site for the 8Base ransomware gang was taken down Monday and replaced with a banner by multiple law enforcement agencies. First seen on therecord.media Jump to article: therecord.media/8base-ransomware-site-taken-down-4-arrested
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Global police operation seizes 8base ransomware gang leak site
The U.S. government previously said 8base indiscriminately targeted multiple sectors across the United States, including healthcare First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/10/global-police-operation-seizes-8base-ransomware-gang-leak-site/
-
Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files
Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications. First seen on hackread.com Jump to article: hackread.com/handala-hackers-israeli-police-breach-data-leak/
-
ISMG Editors: AI Security Wake-Up Call From DeepSeek
Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerabilityAlso: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
-
DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption
DeepSeek iOS app”, a highly popular AI assistant recently crowned as the top iOS app since its January 25 release”, has been discovered to transmit sensitive user data to ByteDance servers without encryption. The security flaws, uncovered by mobile app security firm NowSecure, have prompted swift reactions from governments, enterprises, and cybersecurity experts worldwide. The…
-
Police arrest teenager suspected of hacking NATO and numerous Spanish institutions
Spain’s National Police, in a joint operation with the Civil Guard, has arrested an 18-year-old suspected of being the hacker going by aliases including “Natohub,” and known for hacking the computer services of private companies and Spanish institutions such as the Civil Guard, the Ministry of Defense, the National Mint, and the Ministry of Education,…
-
Hackers impersonate DeepSeek to distribute malware
Tags: access, ai, api, attack, automation, breach, china, cloud, computer, credentials, cyberattack, data, hacker, infrastructure, leak, LLM, malicious, malware, ml, pypi, threat, tool, vulnerabilityTo make things worse than they already are for DeepSeek, hackers are found flooding the Python Package Index (PyPI) repository with fake DeepSeek packages carrying malicious payloads.According to a discovery made by Positive Expert Security Center (PT ESC), a campaign was seen using this trick to dupe unsuspecting developers, ML engineers, and AI enthusiasts looking…
-
Apple Service Ticket Portal Vulnerability Leaks Sensitive Information
Apple, one of the most trusted technology brands in the world, recently faced a critical security exposure in its service ticket portal. The vulnerability, discovered by a tech enthusiast while submitting a repair request uncovered severe flaws in Apple’s system that could have resulted in a massive breach of customer data. The Vulnerability Explained This…
-
Ransomware Groups Weathered Raids, Profited in 2024
Cybercriminals posted nearly 6,000 breaches to data-leak sites last year “, and despite significant takedowns, they continued to thrive in a record-breaking year for ransomware. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ransomware-weathered-raids-profited-2024
-
The Secret to Your Artifactory: Inside The Attacker Kill-Chain
Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation strategies, including token scoping and implementing least privilege policies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/the-secret-to-your-artifactory-inside-the-attacker-kill-chain/
-
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and…
-
CISA warns of critical, high-risk flaws in ICS products from four vendors
Tags: access, authentication, automation, cisa, cloud, computing, control, credentials, cve, cvss, cybersecurity, data, exploit, flaw, infrastructure, injection, leak, mitigation, monitoring, open-source, remote-code-execution, risk, service, software, threat, update, vulnerability, windowsThe US Cybersecurity and Infrastructure Security Alliance has issued advisories for 11 critical and high-risk vulnerabilities in industrial control systems (ICS) products from several manufacturers.The issues include OS command injection, unsafe deserialization of data, use of broken cryptographic algorithms, authentication bypass, improper access controls, use of default credentials, sensitive information leaks, and more. The flaws…
-
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
Side channel gives unauthenticated remote attackers access they should never have. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/
-
Texas utility firm investigating potential leak of customer data tied to 2023 MOVEit breach
A large Texas energy company confirmed it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during a 2023 breach. First seen on therecord.media Jump to article: therecord.media/texas-utility-firm-investigating-potential-data-leak-moveit-breach
-
Neue Ransomware-Gruppe Funksec profitiert von LLMs
Tags: access, ai, cyberattack, data-breach, ddos, extortion, group, leak, LLM, mail, malware, powershell, ransomware, rust, service, tool, usa, windows -
Security pros more confident about fending off ransomware, despite being battered by attacks
Data leak, shmata leak. It will all work out, right? First seen on theregister.com Jump to article: www.theregister.com/2025/01/28/research_security_pros_gain_ransomware/
-
Spionage-App mSpy: Auch in Deutschland wird fleißig spioniert!
Der mSpy-Leak deckt auf: Digitale Überwachung ist leider bereits zum Alltag geworden. Auch hier bei uns in Deutschland! First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/spionage-app-mspy-auch-in-deutschland-wird-fleissig-spioniert-308836.html
-
Privacy Roundup: Week 4 of Year 2025
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
New ransomware group Funksec is quickly gaining traction
Tags: access, ai, attack, computer, control, country, cybercrime, data, data-breach, ddos, detection, email, encryption, extortion, government, group, leak, LLM, malware, password, powershell, ransom, ransomware, russia, rust, service, threat, tool, usa, windowsThreat reports for December showed a newcomer to the ransomware-as-a-service (RaaS) landscape quickly climbing the ranks. Called Funksec, this group appears to be leveraging generative AI in its malware development and its founders are tied to hacktivist activity.Funksec was responsible for 103 out of 578 ransomware attacks tracked by security firm NCC Group in December,…
-
Clone2Leak attacks exploit Git flaws to steal credentials
A set of three distinct but related attacks, dubbed ‘Clone2Leak,’ can leak credentials by exploiting how Git and its credential helpers handle authentication requests. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials/
-
FortiGate config leaks: Victims’ email addresses published online
Experts warn not to take leaks lightly as years-long compromises could remain undetected First seen on theregister.com Jump to article: www.theregister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emails/
-
Google Cloud Security Threat Horizons Report #11 Is Out!
Tags: access, api, apt, attack, authentication, breach, business, cloud, corporate, credentials, cybersecurity, data, detection, exploit, extortion, google, identity, intelligence, leak, mfa, password, phishing, ransomware, service, tactics, theft, threat, tool, vulnerabilityThis is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10). My favorite quotes from the report follow below:…
-
Cloudflare CDN flaw leaks user location data, even through secure chat apps
A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/