Tag: leak
-
Cisco Snort 3 Security Flaws Threaten Network Inspection
Cisco Snort 3 flaws allow unauthenticated attacks that disrupt inspection or leak sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-snort-3-security-flaws-threaten-network-inspection/
-
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.Read on to catch up before the next wave hits. Honeypot…
-
Critical RCE flaw allows full takeover of n8n AI workflow platform
Tags: ai, api, attack, authentication, cloud, credentials, data, email, exploit, flaw, leak, LLM, password, rce, remote-code-execution, threat, vulnerabilityformWebhook function used by n8n Form nodes to receive data doesn’t validate whether the Content-Type field of the POST request submitted by the user is set to multipart/form-data.Imagine a very common use case in which n8n has been used to build a chat interface that allows users to upload files to the system, for example,…
-
Personal LLM Accounts Drive Shadow AI Data Leak Risks
Lack of visibility and governance around employees using generative AI is resulting in rise in data security risks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/personal-llm-accounts-drive-shadow/
-
Malicious Chrome Extension Leaks ChatGPT and DeepSeek Chats of 900,000 Users
Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers. Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s >>Featured
-
Flare Researchers Analyze SafePay Ransomware Leak Data
Flare researchers analyzed SafePay leak data, showing how the group targets regulated SMBs to maximize pressure. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/flare-researchers-analyze-safepay-ransomware-leak-data/
-
Critical ‘MongoBleed’ Bug Under Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/mongobleed-bug-active-attack-patch
-
Critical ‘MongoBleed’ Bug Under Active Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/mongobleed-bug-active-attack-patch
-
New Zealand Probes Ransomware Hack of Health Portal
More Than 100,000 Affected by Hack Detected on Dec. 30. The New Zealand government is probing a year-end ransomware hack of private healthcare service provider Manage My Health that impacted thousands of patients. Digital extortion group Kazu has claimed responsibility and threatened to leak the data on Jan. 15 unless it receives a $60,000 ransom.…
-
Handala Leak Shows Telegram Account Risk, Not iPhone Hacks
The Handala incident shows how Telegram account takeovers can expose sensitive data without compromising entire devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/handala-leak-shows-telegram-account-risk-not-iphone-hacks/
-
Cybersecurity firm turns tables on threat actors with decoy data trap
Evidence of real breach remains thin: Despite Resecurity’s detailed account, the threat actors have not backed up their original claims with additional verifiable evidence. After posting the screenshots, no substantiated leaks of internal systems or actual client data have appeared. Independent analysis by various cybersecurity researchers supports Resecurity’s assertion that no production assets were compromised.On…
-
Cybersecurity firm turns tables on threat actors with decoy data trap
Evidence of real breach remains thin: Despite Resecurity’s detailed account, the threat actors have not backed up their original claims with additional verifiable evidence. After posting the screenshots, no substantiated leaks of internal systems or actual client data have appeared. Independent analysis by various cybersecurity researchers supports Resecurity’s assertion that no production assets were compromised.On…
-
Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol
Security researcher in “Martha Root” in Pink Power Ranger deletes white supremacist dating sites live onstage, leaks 8,000 profiles and 100GB of data at Chaos Communication Congress (CCC) 2025. First seen on hackread.com Jump to article: hackread.com/white-supremacist-dating-sites-wiped-okstupid-lol/
-
NDSS 2025 DLBox: New Model Training Framework For Protecting Training Data
Session 7D: ML Security Authors, Creators & Presenters: Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University) PAPER DLBox: New Model Training Framework For Protecting Training Data Sharing training data for deep…
-
Breach Roundup: Clop Tied to Korean Air Vendor Breach
Also: China-Linked APT Hijack Updates, Condé Nast Data Leaked, La Poste Hit. This week, a Clop-linked vendor breach hit Korean Air, a China-linked APT hijacked software updates, a critical zero-day flaw remained unpatched, Condé Nast faced a data leak, La Poste was disrupted and Korean police extradited a malware operation suspect. First seen on govinfosecurity.com…
-
Everest Ransomware Leaks 1TB of Stolen ASUS Data
On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of… First seen on hackread.com Jump to article: hackread.com/everest-ransomware-asus-data-leak/
-
30,000 Korean Air Employee Records Stolen as Cl0p Leaks Data Online
Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data. First seen on hackread.com Jump to article: hackread.com/30000-korean-air-employee-cl0p-leaks-data/
-
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQL database used to store and manage data…
-
MongoBleed (CVE-2025-14847): MongoDB Memory Leak Flaw
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/mongobleed-cve-2025-14847-mongodb-memory-leak-flaw
-
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations
Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
-
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations
Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
-
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed.”A flaw First…
-
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/
-
Hacker claims to leak WIRED database with 2.3 million records
A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-claims-to-leak-wired-database-with-23-million-records/
-
NDSS 2025 CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP
Tags: attack, conference, control, data-breach, exploit, germany, Hardware, Internet, leak, malicious, network, oracle, side-channelSession 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Stefan Gast (Graz University of Technology), Hannes Weissteiner (Graz University of Technology), Robin Leander Schröder (Fraunhofer SIT, Darmstadt, Germany and Fraunhofer Austria, Vienna, Austria), Daniel Gruss (Graz University of Technology) – PAPER CounterSEVeillance: Performance-Counter Attacks On AMD SEV-SNP Confidential virtual machines (VMs) promise higher security…
-
Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach
A hacker using the alias >>Lovely
-
Inside the Biggest Cyber Attacks of 2025
Tags: attack, breach, credentials, cyber, cybersecurity, finance, government, healthcare, incident, infrastructure, leak, saas, supply-chain2025 has emerged as one of the most disruptive years for cybersecurity, marked by unprecedented breach volumes, record-breaking credential leaks, and cascading supply-chain failures. Across just 12 months, cyber incidents have impacted governments, healthcare systems, financial institutions, SaaS providers, airlines, retailers, and critical infrastructure, proving that no industry or geography remains insulated. 2025 Global Cybersecurity……
-
Breach Roundup: Spotify Metadata Dumped Online
Also: SudamericaData Leak, RaccoonO365 Arrest and Nefilim Conspirator Pleads Guilty. This week: Spotify metadata scraped, Nissan disclosed third-party breach, millions of Argentines exposed to data leak, African police arrested hundreds in a cybercrime sweep, Nigeria nabbed a phishing operator, the U.S. DOJ charged ATM jackpotting ring and Nefilim ransomware affiliate pleaded guilty. First seen on…