Tag: leak
-
Werbefreies Youtube-Streaming: Signatur-Leak macht Smarttube zur Malware-Bedrohung
Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
-
New observational auditing framework takes aim at machine learning privacy leaks
Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/machine-learning-privacy-audit-checks/
-
UNMASKED: Massive Leak Exposes Iran’s ‘Department 40’ Cyber-Terror Unit
The post UNMASKED: Massive Leak Exposes Iran’s ‘Department 40’ Cyber-Terror Unit appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/unmasked-massive-leak-exposes-irans-department-40-cyber-terror-unit/
-
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
Tags: attack, breach, data, finance, group, korea, leak, msp, north-korea, ransomware, service, supply-chainSouth Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.”This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) First seen on…
-
Massive Data Leak: ByteToBreach Offers Stolen Global Airline, Banking, and Government Records
A cybercriminal operating under the alias ByteToBreach has emerged as a prominent figure in the underground data trade, orchestrating a series of high-profile breaches targeting critical sectors worldwide. Active since at least June 2025, ByteToBreach has leveraged a blend of technical proficiency, aggressive self-promotion, and cross-platform operations to become one of the most publicized threat…
-
Massive Data Leak: ByteToBreach Offers Stolen Global Airline, Banking, and Government Records
A cybercriminal operating under the alias ByteToBreach has emerged as a prominent figure in the underground data trade, orchestrating a series of high-profile breaches targeting critical sectors worldwide. Active since at least June 2025, ByteToBreach has leveraged a blend of technical proficiency, aggressive self-promotion, and cross-platform operations to become one of the most publicized threat…
-
Developers Are Exposing Passwords and API Keys Through Online Code Tools
Security researchers at watchTowr Labs uncovered a massive leak of sensitive credentials after scanning popular online JSON formatting tools. Developers and administrators have been pasting passwords, API keys, database credentials, and personally identifiable information (PII) into sites like jsonformatter.org and codebeautify.org, where >>save>Recent Links
-
Alliances between ransomware groups tied to recent surge in cybercrime
Tags: access, attack, awareness, backup, business, cloud, cybercrime, cybersecurity, data, encryption, exploit, extortion, group, healthcare, incident response, intelligence, law, leak, monitoring, ransom, ransomware, saas, service, software, tactics, theft, threat, vpn, vulnerability, zero-dayRansomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw…
-
Developers left large cache of credentials exposed on code generation websites
Tags: ai, api, authentication, banking, credentials, cyber, data, data-breach, email, endpoint, fortinet, government, healthcare, infrastructure, leak, mssp, service, vulnerability, waf, zero-day/service/getDataFromID API endpoint, watchTowr was able to extract the content behind each link from 80,000+ downloaded submissions, five years of historical JSON Formatter content, one year of historical Code Beautify content, 5GB+ of enriched data, annotated JSON data, plus thousands of secrets. These included:Active Directory credentialsCode repository authentication keysDatabase credentialsLDAP configuration informationCloud environment keysFTP credentialsCI/CD…
-
Developers left large cache of credentials exposed on code generation websites
Tags: ai, api, authentication, banking, credentials, cyber, data, data-breach, email, endpoint, fortinet, government, healthcare, infrastructure, leak, mssp, service, vulnerability, waf, zero-day/service/getDataFromID API endpoint, watchTowr was able to extract the content behind each link from 80,000+ downloaded submissions, five years of historical JSON Formatter content, one year of historical Code Beautify content, 5GB+ of enriched data, annotated JSON data, plus thousands of secrets. These included:Active Directory credentialsCode repository authentication keysDatabase credentialsLDAP configuration informationCloud environment keysFTP credentialsCI/CD…
-
Data Leaks: Why Are We So Stupid About Free Online Services?
JSON Code ‘Beautifiers’ Expose Sensitive Data From Banks, Government Agencies At what price beauty? Apparently, some developers will paste anything into JSON beautify sites, from researchers report recovering authentication keys, database credentials, personally identifiable information for banking customers and much more. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/data-leaks-are-we-so-stupid-about-free-online-services-p-3982
-
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code.Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of First…
-
Dartmouth College confirms data breach after Clop extortion attack
Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school’s Oracle E-Business Suite servers on its dark web leak site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dartmouth-college-confirms-data-breach-after-clop-extortion-attack/
-
Dartmouth College confirms data breach after Clop extortion attack
Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school’s Oracle E-Business Suite servers on its dark web leak site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dartmouth-college-confirms-data-breach-after-clop-extortion-attack/
-
NDSS 2025 Deanonymizing Device Identities Via Side-Channel Attacks In Exclusive-Use IoTs
Tags: attack, authentication, conference, data, data-breach, exploit, flaw, identity, Internet, iot, leak, mitigation, network, privacy, side-channel, strategy, threat, vulnerability, wifiSession4A: IoT Security Authors, Creators & Presenters: Christopher Ellis (The Ohio State University), Yue Zhang (Drexel University), Mohit Kumar Jangid (The Ohio State University), Shixuan Zhao (The Ohio State University), Zhiqiang Lin (The Ohio State University) PAPER Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs & Mitigation Wireless technologies like Bluetooth Low Energy (BLE)…
-
APT35 Data Leak Uncovers the Iranian Hacker Group’s Operations and Tactics
In October 2025, a significant breach exposed internal operational documents from APT35, also known as Charming Kitten, revealing that the Iranian state-sponsored group operates as a bureaucratized, quota-driven cyber-espionage unit with hierarchical command structures, performance metrics, and specialized attack teams. The leaked materials provide an unprecedented window into how this Islamic Revolutionary Guard Corps Intelligence…
-
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github/
-
Iberia discloses customer data leak after vendor security breach
Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iberia-discloses-customer-data-leak-after-vendor-security-breach/
-
CrowdStrike Fires Employee for Leaking Internal System Info to Hackers
Cybersecurity giant CrowdStrike has terminated an employee who allegedly shared sensitive internal system information with a notorious hacking collective. The incident involved the leak of internal screenshots posted on a public Telegram channel operated by the threat group known as >>Scattered Lapsus$ Hunters>>. Insider Threat Detected Through Screen Sharing The leaked images displayed internal dashboards,…
-
CrowdStrike Fires Worker Over Insider Leak to Scattered Lapsus Hunters
CrowdStrike fired an insider for selling internal screenshots to Scattered Lapsus$ Hunters for $25,000. Read how the security team detected the activity and protected customers. First seen on hackread.com Jump to article: hackread.com/crowdstrike-fires-worker-insider-leak-scattered-lapsus-hunters/
-
WhatsApp API Could Bulk Leak User Telephone Numbers
Researchers Were Able to Query 3.5 Billion Accounts. Security researchers were able to scoop up the telephone numbers of billions of WhatsApp users through an enumeration tool provided by app owner Meta. The sheer quantity of leaked numbers – 3.5 billion in total – would amount to the largest data leak in history. First seen…
-
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy’s national railway operator Ferrovie dello Stato Italiane (FS) was leaked after a data breach at IT provider Almaviva. FS Italiane Group is Italy’s state-owned railway company, managing passenger…
-
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy’s national railway operator Ferrovie dello Stato Italiane (FS) was leaked after a data breach at IT provider Almaviva. FS Italiane Group is Italy’s state-owned railway company, managing passenger…
-
How one quick AI check can leak your company’s secrets
In this Help Net Security video, Dinesh Nagarajan, Global Partner, Cyber Security Services at IBM Consulting, walks through a situation in which an employee shared production … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/ai-intellectual-property-risks-video/
-
How one quick AI check can leak your company’s secrets
In this Help Net Security video, Dinesh Nagarajan, Global Partner, Cyber Security Services at IBM Consulting, walks through a situation in which an employee shared production … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/ai-intellectual-property-risks-video/
-
Critical Twonky Server Flaws Let Hackers Bypass Login Protection
Tags: api, authentication, control, credentials, cyber, encryption, endpoint, flaw, hacker, leak, login, password, vulnerabilityTwonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered that an attacker can leak encrypted admin passwords through an unprotected API endpoint, then decrypt them using hardcoded encryption keys embedded directly in the…