Tag: leak
-
Key Leaks, Vault Failures, and TEE Attacks: Highlights from RWC 2026
What resonated most at RWC 2026? GitGuardian highlights key research on private key leaks, password managers, trusted execution environments, and secret sprawl. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/key-leaks-vault-failures-and-tee-attacks-highlights-from-rwc-2026/
-
Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder
Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer. First seen on hackread.com Jump to article: hackread.com/anthropic-leaks-claude-ai-code-blunder/
-
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging they stole sensitive source code and data affecting Cisco, Salesforce, Aura, and various AWS storage buckets. The breach stems from a recent supply chain attack involving…
-
Free VPNs leak your data while claiming privacy
Most free Android VPNs track users, request dangerous permissions, and connect to risky servers, privacy comes at a hidden cost. Free VPN apps are some of the most popular downloads on Android, promising privacy at no cost. But the reality is far from what they advertise. Most users tap “install” without a second thought, unaware…
-
Anthropic accidentally leaks Claude Code
Anthropic accidentally exposed Claude Code source via npm, causing the code to quickly spread online after discovery. Anthropic accidentally leaked the source code of its Claude Code tool after a large debug file was included in a public npm release. The file exposed over 500,000 lines of code, which were quickly discovered, shared, and analyzed…
-
New criminal service plans to monetize data stolen by ransomware gangs
A site called Leak Bazaar pitches itself as something closer to a data-processing business than a typical hacking or ransomware-as-a-service operation. First seen on therecord.media Jump to article: therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
-
OpenAI patches twin leaks as Codex slips and ChatGPT spills
ChatGPT’s hidden outbound channel leaks user data: OpenAI has reportedly fixed a parallel bug in ChatGPT that goes beyond credential theft. Check Point researchers uncovered a hidden outbound communication path in ChatGPT’s code execution runtime that could be triggered with a single malicious prompt.This channel successfully bypassed the platform’s expected safeguards around external data sharing.…
-
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical flaws allow remote attackers to trigger process crashes, leak sensitive heap memory, and potentially achieve arbitrary code execution by tricking applications into processing specially crafted, standards-compliant PNG images. Both vulnerabilities require…
-
Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc
Qilin ransomware claims a breach of Dow Inc., listing it on its Tor leak site, but no proof of the hack has been released yet. Qilin Ransomware group allegedly breached the chemical manufacturing giant Dow Inc. The cybercrime group added the company to its Tor data leak site, but at this time, it has not…
-
Fahndung nach Cyberkriminellen 130 Firmen attackiert
130 Unternehmen und Institutionen gerieten ins Visier der Hacker.Nach jahrelangen Cybercrime-Angriffen auf mehr als Hundert Unternehmen und Einrichtungen in Deutschland haben Ermittler zwei zentrale Verdächtige identifiziert. Der eine sei der mutmaßliche Kopf von zwei Hackergruppen, der andere der mutmaßliche Programmierer der von diesen Gruppen genutzten Schadsoftware. Dies teilten das bei der Generalstaatsanwaltschaft Karlsruhe eingerichtete Cybercrime-Zentrum…
-
Iran-Linked Hackers Breach FBI Director Kash Patel’s Email, Leak Messages Online
Iran-linked hackers breached FBI Director Kash Patel’s personal email, leaking older messages in a retaliatory cyberattack with no classified data exposed. The post Iran-Linked Hackers Breach FBI Director Kash Patel’s Email, Leak Messages Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-iran-linked-hackers-breach-kash-patel/
-
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit on an exposed server, revealing victim credentials, ngrok tokens, and a complete pre-encryption playbook. This led them to an unauthenticated HTTP server at 176.120.22[.]127:80, hosted by Russian bulletproof provider Proton66 OOO, exposing 126 files across 18 subdirectories and about 140 MB of data. Proton66 has previously been tied to…
-
Healthcare software firm CareCloud informs SEC of potential patient data leak
The healthcare software firm CareCloud warned the Securities and Exchange Commission that a cyberattack may have resulted in the leak of patient data. First seen on therecord.media Jump to article: therecord.media/carecloud-hack-data-breach-sec
-
Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data
Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue. A critical vulnerability, tracked as CVE-2026-3055 (CVSS score of 9.3), in Citrix NetScaler ADC and Gateway is already being actively probed by attackers. This week, Citrix issued security updates for two NetScaler vulnerabilities, including the critical memory…
-
ShinyHunters claims the hack of the European Commission
The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers. The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers and internal communications systems. The cybercrime group added the Commission to its Tor data leak site, claiming the theft…
-
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr.The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information.Per First seen on thehackernews.com…
-
ShinyHunters Walk Away from BreachForums, Leak 300,000-User Database
ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups. First seen on hackread.com Jump to article: hackread.com/shinyhunters-breachforums-leak-300000-user-database/
-
Anthropic’s Mythos leak is a wake-up call: Phishing 3.0 is already here
<div cla Anthropic’s leaked model made headlines this week. But the real story is what current AI models can already do to your inbox. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/anthropics-mythos-leak-is-a-wake-up-call-phishing-3-0-is-already-here/
-
Claude Mythos and the Cybersecurity Risk That Was Already Here
<div cla On March 26, Anthropic confirmed the existence of Claude Mythos, an unreleased AI model described internally as “a step change” in capabilities, after a data leak exposed approximately 3,000 unpublished assets in a publicly searchable, unencrypted data store (Fortune, March 26, 2026). The leak was not a sophisticated intrusion. A toggle switch in…
-
Iran-Linked Threat Group Hacks FBI Director Kash Patel’s Personal Email
Iran-linked threat group Handala hacked into the personal email account of FBI Director Kash Patel, posting photos of him and links to documents found in the account. The DOJ confirmed the attack, which the bad actors said was in relation for the FBI’s seizure of several of its data leak websites a week ago. First…
-
World Leaks data extortion: What you need to know
World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. First seen on fortra.com Jump to article: www.fortra.com/blog/world-leaks-data-extortion-what-you-need-know
-
Apple says no one using Lockdown Mode has been hacked with spyware
The tech giant’s claim that it has not seen any successful spyware attacks targeting Apple devices with Lockdown Mode enabled comes amid a leak of hacking tools targeting users running devices with older software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/27/apple-says-no-one-using-lockdown-mode-has-been-hacked-with-spyware/
-
Handala Hacks FBI Director Kash Patel’s Personal Email
Leak ‘Involved No Government Information,’ Says FBI. Hackers widely believed to be connected to Iranian intelligence obtained personal emails of FBI Director Kash Patel, posting online photos and other emails apparently taken from his Gmail account. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/handala-hacks-fbi-director-kash-patels-personal-email-a-31244
-
AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure
Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/gitguardian-exposed-credentials-risk-report/
-
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
A new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to monetizing stolen corporate data, focusing on processing and refining information rather than simply publishing it.…
-
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billions in fraud losses, shaken customer trust, and security teams scrambling, demands a clear plan. In this article, we:…
-
New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
CSO in an email, because the hole allows an unauthenticated remote attacker to leak potentially sensitive information from the appliance’s memory.”This vulnerability is one that threat actors and researchers alike are paying attention to,” he said.The vulnerability carries similar ramifications to 2023’s CitrixBleed and 2025’s CitrixBleed2 memory leak vulnerabilities, Emmons added. Then, unauthenticated attackers with…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Five
Tags: backdoor, control, data, detection, encryption, infrastructure, leak, malicious, malware, network, resilience, software, windowsDear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Four” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …