Tag: leak
-
Breach Roundup: Spotify Metadata Dumped Online
Also: SudamericaData Leak, RaccoonO365 Arrest and Nefilim Conspirator Pleads Guilty. This week: Spotify metadata scraped, Nissan disclosed third-party breach, millions of Argentines exposed to data leak, African police arrested hundreds in a cybercrime sweep, Nigeria nabbed a phishing operator, the U.S. DOJ charged ATM jackpotting ring and Nefilim ransomware affiliate pleaded guilty. First seen on…
-
Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression
MongoDB has disclosed a critical security vulnerability tracked as CVE-2025-14847 that could allow attackers to extract uninitialized heap memory from database servers without authentication. The flaw, affecting multiple MongoDB versions dating back to v3.6, stems from a client-side exploit in the server’s zlib compression implementation.”‹ Vulnerability Overview The security issue enables malicious actors to retrieve…
-
NDSS 2025 A Large-Scale Measurement Study Of The PROXY Protocol And Its Security Implications
Tags: access, automation, cctv, conference, control, data, email, Internet, iot, leak, monitoring, network, service, vulnerabilitySession 7A: Network Security 2 Authors, Creators & Presenters: Stijn Pletinckx (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara) PAPER A Large-Scale Measurement Study Of The PROXY Protocol And Its Security Implications Reverse proxy servers play a critical role in optimizing Internet services, offering…
-
Scammers use AI to make fake art seem real
Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploitsAI startups leak sensitive credentials on GitHub, exposing models and training dataAI hallucinations lead to a new cyber threat: Slopsquatting First seen on csoonline.com Jump to article: www.csoonline.com/article/4110618/scammers-use-ai-to-make-fake-art-seem-real.html
-
Think you can beat ransomware? RansomHouse just made it a lot harder
Tags: access, attack, backup, corporate, data, detection, encryption, endpoint, extortion, incident response, leak, monitoring, ransom, ransomware, strategy, updateRansomHouse attempts double extortion: Beyond the cryptographic update, RansomHouse leverages a double extortion model, which involves exfiltrating data and threatening public disclosure in addition to encrypting it, to add pressure on victims to pay.This layered pressure tactic, already a common feature of modern ransomware attacks, complicates incident response timelines and negotiating strategies for corporate security…
-
âš¡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most, firewalls, browser add-ons, and even smart TVs, turning small cracks into serious breaches.The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and…
-
Erpressung nach Smishing bei Analytics-Dienstleister – Pornhub meldet Diebstahl von Kundendaten Hacker drohen mit Leak
First seen on security-insider.de Jump to article: www.security-insider.de/pornhub-datenabfluss-mixpanel-shinyhunters-smishing-a-e567d92c5ab31a5c3e1900c16de81073/
-
MedStar Health Notifying Patients of Data Theft Breach
Ransomware Gang Rhysida Leaks 3.7TB of Data Stolen From Maryland Hospital System. Maryland-based MedStar Health, which operates 10 hospitals, is notifying patients about a data theft incident affecting their personal information. Ransomware group Rhysida claims on its darkweb leak site to have 3.7 terabytes of MedStar’s data, including over 7 million pieces of patient data.…
-
APT35 Leak Reveals Spreadsheets Containing Domains, Payments, and Server Information
Iranian cyber unit Charming Kitten, officially designated APT35, has long been dismissed as a noisy but relatively unsophisticated threat actor a politically motivated collective known for recycled phishing templates and credential-harvesting pages. Episode 4, the latest intelligence dump, fundamentally rewrites that assessment. What emerges is not a hacker collective but a government department, complete with…
-
ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees
The agency plans to renew a sweeping cybersecurity contract that includes expanded employee monitoring as the government escalates leak investigations and casts internal dissent as a threat. First seen on wired.com Jump to article: www.wired.com/story/ice-seeks-cyber-upgrade-to-better-surveil-and-investigate-its-employees/
-
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from.From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape…
-
140K Childcare Records Exposed in CRM Database Leak
A misconfigured childcare CRM exposed 140,000 records linking parents and children. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/140k-childcare-records-exposed-in-crm-database-leak/
-
Pornhub Premium und der Leak, der nach Erpressung riecht
Wenn der Betreiber nicht den Forderungen von ShinyHunters entspricht, wollen die Hacker zahlreiche Pornhub Premium-Kundendaten enttarnen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/cyberangriffe/pornhub-premium-und-der-leak-der-nach-erpressung-riecht-324307.html
-
Medical Group Will Pay $1.2M to Settle Data Theft Lawsuit
Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims. A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes. First seen on…
-
4.3 Billion Records Exposed in Massive Lead-Generation Data Leak
An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3-billion-records-exposed-in-massive-lead-generation-data-leak/
-
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed
Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerabilityYour employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
-
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed
Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerabilityYour employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records
Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII. First seen on hackread.com Jump to article: hackread.com/mongodb-database-expose-lead-gen-records/
-
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records
Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII. First seen on hackread.com Jump to article: hackread.com/mongodb-database-expose-lead-gen-records/
-
Charming Kitten Leak Reveals Key Operatives, Front Firms, and Massive Global Compromise
The latest materials from the Charming Kitten network access reveal three significant findings that expand our understanding of Iran’s APT35 cyber operations: complete salary records for operative teams, expanded surveillance platform capabilities, and a classified 2004 document connecting Iran’s obtained IAEA inspection materials to Department 40 assassination targeting. The leaked materials document unprecedented compensation data…
-
Charming Kitten Leak Reveals Key Operatives, Front Firms, and Massive Global Compromise
The latest materials from the Charming Kitten network access reveal three significant findings that expand our understanding of Iran’s APT35 cyber operations: complete salary records for operative teams, expanded surveillance platform capabilities, and a classified 2004 document connecting Iran’s obtained IAEA inspection materials to Department 40 assassination targeting. The leaked materials document unprecedented compensation data…
-
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit, and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life…
-
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit, and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life…
-
Copilot’s No-Code AI Agents Liable to Leak Company Data
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It’s a nice idea, and a surefire recipe for security issues. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/copilot-no-code-ai-agents-leak-company-data
-
Copilot’s No-Code AI Agents Liable to Leak Company Data
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It’s a nice idea, and a surefire recipe for security issues. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/copilot-no-code-ai-agents-leak-company-data
-
Copilot’s No-Code AI Agents Liable to Leak Company Data
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It’s a nice idea, and a surefire recipe for security issues. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/copilot-no-code-ai-agents-leak-company-data