Collecting Cyber-News from over 60 sources

Tag: leak

Poisoned truth: The quiet security threat inside enterprise AI

May 6, 2026 11:48 AM

Tags: access, ai, attack, breach, ciso, control, crowdstrike, data, finance, github, governance, ibm, infrastructure, leak, LLM, risk, sans, service, supply-chain, threat, training

It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
Brit mathematician lets AI agent loose with credit card cue password leaks, CAPTCHA chaos and more

May 6, 2026 6:49 AM

Tags: ai, captcha, credit-card, leak, password

Professor Fry’s AI experiment shows light and dark sides of agentic tech First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/british_mathematician_tinkers_with_openclaw/
Carding service Jerry’s Store leak exposes 345,000 stolen payment cards

May 1, 2026 4:39 PM

Tags: breach, cybercrime, data, data-breach, infrastructure, leak, service

Jerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open, revealing sensitive data. A cybercriminal operation known as Jerry’s Store has reportedly exposed a large cache of stolen payment card data after leaving its own infrastructure accessible online. The service appears to have been used to test…
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data

May 1, 2026 11:39 AM

Tags: cyber, data, dns, flaw, leak, mail, malicious, software, update, vulnerability

The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potentially leak sensitive system data. Mail server administrators are strongly advised to apply these fixes immediately…
Networks of Browser Extensions Are Spyware in Disguise

May 1, 2026 9:39 AM

Tags: ai, attack, corporate, data, governance, intelligence, leak, network, privacy, saas, spyware

Modern browser extensions and ad blockers are legally collecting and reselling user data, including streaming habits and B2B sales intelligence, under the guise of “analytics.” This unregulated “legal spyware” creates massive security gaps as employees unwittingly leak corporate URLs, SaaS dashboards, and research activity to third-party databases. With the rise of AI-native browsers and personal…
Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak

May 1, 2026 12:39 AM

Tags: data-breach, leak

Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files. First seen on hackread.com Jump to article: hackread.com/private-chats-photos-celebs-expose-stalkerware-leak/
Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

Apr 30, 2026 9:40 PM

Tags: ai, breach, credit-card, data-breach, hacker, leak, marketplace

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw. First seen on hackread.com Jump to article: hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/
Moldova’s health insurance agency reports possible data leak after cyberattack

Apr 30, 2026 4:39 PM

Tags: cyberattack, data, insurance, leak, theft

The agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information. First seen on therecord.media Jump to article: therecord.media/moldova-health-insurance-agency-reports-possible-data-leak-cyberattack
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats

Apr 30, 2026 10:39 AM

Tags: data, hacker, iran, leak, threat

US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/iran-handala-hackers-leak-us-marines-data-chilling-whatsapp-threats
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Apr 30, 2026 5:39 AM

Tags: access, apt, attack, china, computing, cyber, defense, espionage, exploit, framework, group, iran, leak, malicious, malware, network, open-source, programming, service, software, stuxnet, threat, tool, update, windows

fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen

Apr 29, 2026 7:39 PM

Tags: api, breach, data, data-breach, flaw, hacker, leak

A hacker using the alias “Xorcat” claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident. First seen on hackread.com Jump to article: hackread.com/polymarket-rejects-data-breach-hacker-records-stolen/
CISA flags data-theft bug in NSA-built OT networking tool

Apr 29, 2026 6:39 PM

Tags: cisa, data, leak, phishing, skills, theft, tool

GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/cisa_flags_datatheft_bug_in/
Data Privacy Leaks The Drip, Drip, Drip of Exposure

Apr 29, 2026 1:39 PM

Tags: breach, data, leak, privacy, threat

Beyond the “headline breach,” modern enterprises face a persistent threat: steady-state data leakage. Learn why traditional privacy definitions fail and how “authorized” data flows in workplace apps create continuous legal and operational risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/data-privacy-leaks-the-drip-drip-drip-of-exposure/
Betting on Cybercrime Prediction Markets and Hacking

Apr 29, 2026 9:38 AM

Tags: access, cybercrime, data, exploit, finance, hacking, leak, ransomware

Cybercriminals are evolving from stealing data to “shaping the future” by leveraging prediction markets. By exploiting early access to disclosures, manipulating sensor data, or timing ransomware leaks to coincide with market bets, attackers can transform illegal access into guaranteed financial gains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/betting-on-cybercrime-prediction-markets-and-hacking/
ClickUp Data Leak Exposes Enterprise Emails for Over a Year

Apr 29, 2026 12:39 AM

Tags: api, corporate, data, data-breach, email, government, leak, saas

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-clickup-api-key-email-exposure/
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later

Apr 29, 2026 12:39 AM

Tags: ciso, leak, threat

Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and enculturation. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nsa-chief-during-snowden-affair-13-years-later
Feuding Ransomware Groups Leak Each Other’s Data

Apr 28, 2026 11:39 PM

Tags: data, data-breach, group, infrastructure, leak, ransomware

When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data
ClickUp Data Leak Exposes Enterprise Emails for Over a Year

Apr 28, 2026 10:38 PM

Tags: api, data, data-breach, email, government, leak

A hardcoded API key in ClickUp’s public website exposed hundreds of enterprise and government email addresses for over a year. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickup-data-leak-exposes-enterprise-emails-for-over-a-year/
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak

Apr 28, 2026 4:38 PM

Tags: data, email, leak, phone

Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak

Apr 28, 2026 4:38 PM

Tags: data, email, leak, phone

Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak

Apr 28, 2026 4:38 PM

Tags: data, email, leak, phone

Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
Securing RAG pipelines in enterprise SaaS

Apr 28, 2026 12:39 PM

Tags: access, ai, api, application-security, attack, breach, business, cloud, control, corporate, data, data-breach, defense, detection, email, encryption, finance, fintech, framework, GDPR, github, google, healthcare, iam, injection, intelligence, leak, LLM, malicious, metric, microsoft, monitoring, privacy, regulation, saas, service, sql, strategy, threat, tool, unauthorized, vulnerability, zero-trust

Zero-Click data exfiltration (Late 2025): The “EchoLeak” vulnerability demonstrated how attackers could use a specially crafted, unclicked email to manipulate Microsoft 365 Copilot’s massive enterprise RAG pipeline. The AI was tricked into retrieving and exfiltrating sensitive corporate data without any employee interaction.Vector database exposures (2024 2025): Several incidents involved exposed API keys for vector databases.…
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

Apr 27, 2026 7:39 PM

Tags: breach, cloud, data, data-breach, leak

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems. First seen on hackread.com Jump to article: hackread.com/shinyhunters-leak-udemy-zara-7-eleven-data-breach/
Home Security Firm ADT Breach: 5.5M Customers’ Data Exposed

Apr 27, 2026 7:39 PM

Tags: attack, breach, data, data-breach, extortion, group, leak, threat

Prolific ShinyHunters Extortion Group Made ‘Pay or Leak’ Threat to Victim. Home security giant ADT has suffered a data breach that appears to have exposed personally identifiable information tied to 5.5 million customers. Prolific extortionist group ShinyHunters claimed credit for the attack, saying it stole Salesforce data after socially engineering an ADT employee. First seen…
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

Apr 27, 2026 6:38 AM

Tags: attack, cyber, iran, leak, malware, software, stuxnet

What happened SentinelOne has uncovered Fast16, a Lua-based sabotage malware developed and deployed years before Stuxnet that was designed to tamper with high-precision calculation software used in civil engineering, physics, and physical process simulations. The malware was used in an attack in 2005 and was referenced in the ShadowBrokers’ 2016 leak of NSA offensive tools….The…
ADT confirms data breach after ShinyHunters leak threat

Apr 25, 2026 1:39 AM

Tags: breach, data, data-breach, extortion, group, leak, ransom, threat

Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adt-confirms-data-breach-after-shinyhunters-leak-threat/
ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface

Apr 24, 2026 6:39 PM

Tags: breach, email, leak

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface

Apr 24, 2026 6:39 PM

Tags: breach, email, leak

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

Apr 24, 2026 12:39 PM

Tags: data, government, group, hacker, leak, theft

French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms. First seen on hackread.com Jump to article: hackread.com/french-police-arrest-hexdex-hacker-data-leak-leaks/