Tag: unauthorized
-
macOS Flaw Allows TCC Bypass, Exposing Sensitive User Information
Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution. Researchers have disclosed CVE-2025-43530, a vulnerability in the ScreenReader.The framework’s MIG service permits attackers to execute unauthorized AppleScript commands and send AppleEvents to protected processes without user consent. The…
-
Handala Hackers Breach Telegram Accounts Linked to Israeli Officials
In December 2025, the Iran-linked hacking group known as Handala escalated its influence operations against Israel’s political establishment by publishing material it claimed was pulled from the fully “compromised” mobile devices of two high-profile officials. A technical review by threat intelligence firm KELA, however, indicates the intrusions were far narrower in scope centered on unauthorized…
-
IBM Patches Critical API Connect Bug Enabling Authentication Bypass
IBM has patched a critical API Connect flaw that could let attackers bypass authentication and gain unauthorized access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-ibm-api-connect-bug/
-
Hackers drain $3.9M from Unleash Protocol after multisig hijack
The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/
-
Are NHIs safe from unauthorized access in cloud environments
How Secure Are Non-Human Identities in Cloud Environments? Have you ever pondered the safety of machine identities within your organization’s cloud infrastructure? While we integrate more technology into our systems, managing Non-Human Identities (NHIs) becomes critical. These machine identities play an essential role in cybersecurity by securely interfacing between various digital environments, especially those based……
-
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
Tags: ai, attack, chatgpt, cloud, crypto, data, data-breach, framework, github, malicious, unauthorized, vulnerabilityIn December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory.The result: 23.77 million secrets were leaked through AI First…
-
M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens
A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web interface, enabling identity impersonation and unauthorized access to sensitive information. The flaw, tracked as CVE-2025-13008, was disclosed on December 19, 2025, and affects multiple M-Files Server versions deployed across enterprise environments. Field Details CVE…
-
South Korean firm hit with US investor lawsuit over data breach disclosure failures
Authentication keys left unrevoked after employee departure: Investigators traced the breach to a former employee who retained valid authentication credentials after leaving the company in 2024, according to statements by South Korean lawmaker Choi Min-hee. The individual, a 43-year-old Chinese national, had worked on authentication management systems and joined Coupang in November 2022.Rep. Choi Min-hee,…
-
Spotify Music Library Targeted as Hacktivists Scrape 86 Million Files
Anna’s Archive, a prominent digital preservation platform, has announced the largest unauthorized extraction of Spotify music data ever recorded. The hacktivist group scraped approximately 86 million songs from the streaming service, representing nearly 99.6% of all user listening activity on the platform. The collection, totaling just under 300TB, includes metadata for an estimated 99.9% of…
-
University of Phoenix Data Breach Impacts Over 3.5 Million Individuals
University of Phoenix, Inc. disclosed a significant data breach affecting approximately 3.5 million individuals following an external system compromise discovered in November 2025. The unauthorized access occurred on August 13, 2025, but remained undetected until November 21, 2025, creating a three-month window of exposure. Breach Overview The incident resulted from an external hacking attack targeting…
-
Coupang breach affecting 33.7 million users raises data protection questions
Coupang disclosed a data breach affecting 33.7 million customers after unauthorized access to personal data went undetected for nearly five months. Penta Security explains how the incident highlights insider credential abuse risks and why encrypting customer data beyond legal requirements can reduce exposure and limit damage. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coupang-breach-affecting-337-million-users-raises-data-protection-questions/
-
Nissan Discloses Data Breach Linked to Compromised Red Hat Infrastructure
Nissan Motor Co., Ltd. has disclosed a significant data breach affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. following unauthorized access to a Red Hat-managed server used for developing the company’s dealership customer management system. Red Hat, a software company contracted by Nissan to develop its customer management infrastructure, detected the unauthorized access…
-
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts
Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorizedTools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
-
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts
Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorizedTools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
-
New Flaw in Somalia’s E-Visa System Exposes Travelers’ Passport Data
A newly identified security flaw in Somalia’s electronic visa platform has raised serious concerns about the safety of personal data belonging to thousands of travelers, only weeks after the country acknowledged a major breach affecting tens of thousands of applicants. Investigations show that the Somalia e-visa system lacks essential protection methods, making it possible for unauthorized…
-
“‹”‹Marquis Data Breach Exposes Hundreds of Thousands of Bank Customers
Tags: breach, cyberattack, data, data-breach, exploit, finance, firewall, service, unauthorized, vulnerabilityNew regulatory disclosures have confirmed that a cyberattack on financial services vendor Marquis exposed sensitive personal and financial information belonging to more than 400,000 bank and credit union customers across the United States. According to filings submitted to state authorities, attackers accessed Marquis systems by exploiting a known but unpatched firewall vulnerability, allowing unauthorized access……
-
Rockrose Development suffers security breach affecting 47,000 people
The New York City-based firm recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/security-breach-hack-rockrose-development/808362/
-
The WAF must die some interesting thoughts FireTail Blog
Dec 19, 2025 – Jeremy Snyder – A recent posting by Dr. Chase Cunningham from Ericom Software on LinkedIn took an interesting view on web application firewalls, most commonly known as a WAF. WAF’s Must Die Like the Password and VPN’s Here at FireTail.io, we are also not fans of a WAF. Why? We do…
-
University of Sydney Cyberattack Exposes Decades of Staff and Student Data
The University of Sydney has confirmed a major cybersecurity incident that resulted in the exposure of personal information belonging to thousands of current and former staff members, as well as smaller groups of students, alumni, and supporters. The University of Sydney cyberattack was formally disclosed to the university community on December 18, 2025, after the institution detected unauthorized access to an…
-
University of Sydney Suffers Cyberattack, Student and Staff Data Exposed
The University of Sydney has alerted its community to a significant cybersecurity breach involving the unauthorized access of a code library. The incident, confirmed by university officials on December 18, 2025, has exposed the personal information of thousands of current and former staff members, as well as a smaller group of students and alumni. University…
-
Managing agentic AI risk: Lessons from the OWASP Top 10
Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, updateActionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
-
Managing agentic AI risk: Lessons from the OWASP Top 10
Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, updateActionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
-
CASB buyer’s guide: What to know about cloud access security brokers before you buy
Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trustcloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
-
CASB buyer’s guide: What to know about cloud access security brokers before you buy
Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trustcloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
-
SoundCloud Confirms Data Breach After Hackers Steal User Account Information
SoundCloud has publicly disclosed a significant data breach affecting approximately 20% of its user base. The music streaming platform confirmed that unauthorized actors gained access to limited user account information through a compromised ancillary service dashboard, prompting immediate containment measures and a comprehensive security response. The Incident Details The company discovered unauthorized activity within an…
-
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-newly-patched-fortinet-auth-bypass-flaws/
-
NDSS 2025 -I Know What You Asked: Prompt Leakage Via KV-Cache Sharing In Multi-Tenant LLM Serving
Tags: attack, conference, framework, intelligence, Internet, LLM, network, privacy, reverse-engineering, risk, side-channel, technology, unauthorizedSession 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Guanlong Wu (Southern University of Science and Technology), Zheng Zhang (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Weili Wang (Southern University of Science and Technolog), Jianyu Niu (Southern University of Science and Technolog), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology…
-
NDSS 2025 -I Know What You Asked: Prompt Leakage Via KV-Cache Sharing In Multi-Tenant LLM Serving
Tags: attack, conference, framework, intelligence, Internet, LLM, network, privacy, reverse-engineering, risk, side-channel, technology, unauthorizedSession 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Guanlong Wu (Southern University of Science and Technology), Zheng Zhang (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Weili Wang (Southern University of Science and Technolog), Jianyu Niu (Southern University of Science and Technolog), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology…
-
NDSS 2025 -I Know What You Asked: Prompt Leakage Via KV-Cache Sharing In Multi-Tenant LLM Serving
Tags: attack, conference, framework, intelligence, Internet, LLM, network, privacy, reverse-engineering, risk, side-channel, technology, unauthorizedSession 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Guanlong Wu (Southern University of Science and Technology), Zheng Zhang (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Weili Wang (Southern University of Science and Technolog), Jianyu Niu (Southern University of Science and Technolog), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology…
-
Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution
Huntress is warning of a new actively exploited vulnerability in Gladinet’s CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far.”Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution,” security researcher Bryan…