Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
leaked sensitive data
cybercriminals Ransomware Attack Data Breach Data Hackers Data Leak data security Hacker attack leaked sensitive data

Qilin Ransomware Targets Die Linke in Suspected Politically Motivated Cyberattack

 

A major digital attack hit Die Linke when hackers using the name Qilin said they broke into internal networks and copied confidential files. Because of this breach, private details may appear online unless demands are met - raising alarms about rising cyber threats tied to political agendas across European nations. 

On March 27, the group made public what had just been noticed - odd behavior inside their digital setup. Though Die Linke admitted someone got in without permission, they did not at once call it a complete breakdown of data safety. Later signs point toward intruders possibly reaching inner networks. Some organizational details might now be exposed. One report suggests hackers aimed at company systems plus staff details, mainly tied to central offices. 

What got taken stays uncertain right now - no clear picture on volume or leaks so far. Still, authorities admit: chances of sensitive material being exposed feel real enough. Though gaps remain in understanding the full reach, concern holds steady. Notably, Die Linke confirmed its member records stayed untouched. That means information tied to more than 123,000 individuals likely avoided exposure. 

So, the incident may be narrower than first feared. Early in April, the Qilin ransomware crew named Die Linke among those hit, posting details on their public leak page. Despite holding back actual files until now, these moves often aim to push targets toward payment. Pressure builds when sensitive material might go live - this is how cyber gangs tighten control mid-talks. Something like this might point beyond mere hacking. Die Linke sees signs of coordination, possibly tied to Russian-speaking cybercriminal networks. Not accidental, they argue - the timing matters. 

A move within wider hybrid campaigns emerges here, blending digital strikes with influence efforts. Institutions become targets when data breaches align with disinformation. Cyber actions gain weight when paired with political pressure. This event fits a pattern some have seen before. Digital intrusions serve larger goals when linked to real-world disruption. Following the incident, German officials received official notification along with submission of a criminal report. To examine the security lapse, limit consequences, and repair compromised infrastructure, outside cyber specialists are now assisting the organization. 

Far from unique, such attacks mirror past patterns seen in Germany. State-backed hacking efforts have struck before - especially those tied to APT29 - with political groups often in their sights. Surprisingly, cyber operations against Die Linke reveal how digital security now intertwines with global power struggles - political groups face rising risks from attackers motivated by profit or belief alike. 

While once seen as separate realms, online threats today frequently mirror international tensions, pulling parties like Die Linke into the crosshairs without warning. Because motives differ, so do methods; yet all exploit vulnerabilities in systems meant to serve public discourse. Thus, a breach isn’t merely technical - it reflects broader shifts in who gets targeted, and why.
Read more »
User Privacy
Chrome Extensions Data Breach Data Leak Linkedin User Privacy

LinkedIn Secretly Scans 6,000+ Chrome Extensions, Collects Device Data

 

LinkedIn is facing renewed scrutiny after a report alleged that its website secretly scans browsers for more than 6,000 Chrome extensions and collects device data tied to user profiles . The company says the detection is meant to identify scraping and other policy-violating extensions, not to infer sensitive personal information.

LinkedIn’s critics say the practice goes far beyond basic security checks because the platform can connect extension data to real identities, employers, and job roles. That makes the scanning especially controversial, since the results could reveal which tools workers or companies use, including products that compete with LinkedIn’s own sales offerings.

BleepingComputer said it independently confirmed part of the behavior during testing, observing a LinkedIn-loaded JavaScript file with a randomized name that checked for 6,236 browser extensions . The script reportedly did this by probing extension-related file resources, a known method for determining whether specific extensions are installed . 

The report also says the script gathers broader browser and device details, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features . That kind of data can contribute to browser fingerprinting, which may allow websites to build a more unique profile of a visitor across sessions . 

LinkedIn, however, rejects the allegation that it is using the data to profile users in a harmful way . The company says it looks for extensions that scrape data without consent or violate its terms, and that it uses the findings to improve defenses and protect site stability . The dispute also appears to be tied to a broader legal fight involving a LinkedIn-related browser extension developer, with LinkedIn pointing to a German court ruling that sided with the company .
Read more »
Information Security
Cyber Breach Cyber Security Cyberattacks Data Exposure Data Leak Data Privacy data security Information Security

Mazda Reports Limited Data Exposure After Warehouse System Breach

 

Early reports indicate Mazda Motor Corporation faced a data leak following suspicious activity uncovered in its systems during December 2025. Information belonging to staff members, along with details tied to external partners, became accessible due to the intrusion. Investigation results point to a weak spot found within software managing storage logistics. This particular setup supports component sourcing tasks based in Thailand. Findings suggest the flaw allowed outside parties to enter without permission. 

Despite early concerns, investigators confirmed the breach touched only internal systems - no client details were involved. A count later showed 692 records may have been seen by unauthorized parties. Among what was accessed: login codes, complete names, work emails, firm titles, along with tags tied to collaboration networks. What escaped exposure? Anything directly linked to customers. 

After finding the issue, Mazda notified Japan’s privacy regulator while launching a probe alongside outside experts focused on digital security. So far, no signs have appeared showing the leaked details were exploited. Still, people touched by the event are being urged to watch closely for suspicious messages or fraud risks tied to the breach. Despite limited findings now, caution remains key given how personal information might be used later.  

Mazda moved quickly, rolling out several upgrades to protect its digital infrastructure. With tighter controls on who can enter systems, fewer services exposed online now limit entry points. Patches went live where needed most, closing known gaps before they could be used. Monitoring grew sharper, tuned to catch odd behavior faster than before. Each change connects to a clear goal - keeping past problems from repeating. Protection improves not by one fix but through layers put in place over time. 

Mazda pointed out the breach showed no signs of ransomware or malicious software, yet operations remain unaffected. Though certain hacking collectives once said they attacked Mazda’s networks, the firm clarified this event holds no connection - no communication from any threat actor occurred. 

Now more than ever, protection across suppliers and daily operations demands attention - the car company keeps watch, adjusts defenses continuously. Emerging risks push updates to digital safeguards forward steadily.
Read more »
underground hacking forums
data breach forum shutdown Data Leak Europol cybercrime operation LeakBase takedown underground hacking forums

Global Crackdown Dismantles LeakBase Data Breach Forum, Dozens Targeted in Europol Operation

 

A large-scale international law enforcement effort has reportedly led to multiple arrests as authorities moved to shut down a well-known underground data leak marketplace.

Europol revealed details of a coordinated operation that successfully dismantled LeakBase, a platform it described as “established itself as a central hub in the cybercrime ecosystem”.

Launched in 2021, the forum rapidly grew in scale, amassing over 142,000 registered members within four years. During this time, users created approximately 32,000 posts and exchanged more than 215,000 private messages. Operating openly on the web and primarily in English, the platform enabled users to trade and distribute stolen or compromised data sourced from individuals and organizations worldwide. Notably, content related to Russia was prohibited, with the forum restricting any sale or publication of such data.

On March 3, 2026, authorities from multiple countries carried out nearly 100 coordinated actions, including house searches, “knock-and-talk” interventions, and arrests as part of the crackdown.

While officials did not disclose the exact number of individuals detained, their locations, or specific charges, they confirmed that enforcement measures were taken against 37 of the forum’s most active participants.

The following day, authorities seized control of the forum’s domain and replaced its content. Investigators also obtained the platform’s database, which is now being analyzed to identify users. Officials have reportedly already “engaged directly with several suspects”.

“This operation shows that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable,” said Edvardas Å ileris, Head of Europol’s European Cybercrime Centre.

“This is a clear message to cybercriminals everywhere: if you traffic in other people’s stolen information, law enforcement will find you and bring you to justice.”
Read more »
France
Cyber Attacks Data Leak FICOBA Financial Fraud France

French FICOBA Breach Exposes 1.2M Bank Accounts

 

A major cyberattack struck France's national bank account registry, FICOBA, exposing sensitive data from over 1.2 million accounts.The breach occurred in late January 2026 when hackers stole login credentials from a civil servant and impersonated an authorized user to access the database. This incident highlights vulnerabilities in government systems handling financial records.

FICOBA serves as France's central repository for all bank accounts opened in domestic institutions, storing identifiers like RIB and IBAN numbers, holder names, and postal addresses. Attackers extracted this information but could not access balances or perform transactions, according to officials. The French Ministry of Finance confirmed tax IDs were not compromised, though early reports varied.

Authorities detected the intrusion swiftly, immediately restricting access and taking the database offline temporarily.It was restored with enhanced security measures after collaboration with the National Cybersecurity Agency (ANSSI). A formal complaint was filed with the National Commission for Information Technology and Civil Liberties (CNIL), and notifications are underway to affected individuals and banks.

The exposure raises alarms for phishing scams and SEPA direct debit fraud, with banks already noting increased suspicious SMS and emails.Criminals could exploit IBANs and personal details for identity theft or unauthorized payments. French tax authorities warn they never request banking info via unsolicited messages.

Safety recommendations 

To protect yourself post-breach, monitor bank statements daily for unauthorized activity and enable transaction alerts. Change passwords on financial accounts, using unique strong ones via a password manager, and activate multi-factor authentication (MFA) everywhere possible. Avoid clicking links in unsolicited emails or texts claiming breach notifications—contact your bank directly through official apps or sites.

Further, freeze credit reports if available in your country to block new accounts in your name, and consider credit monitoring services. Report suspicious activity to your bank and local cyber police immediately.Regularly update software and use antivirus tools to prevent credential theft, emphasizing least-privilege access in organizations. These steps minimize risks from exposed data like in the FICOBA incident.
Read more »
Google Gemini
API Keys Data Breach Data Leak Google Gemini

Google API Keys Expose Gemini AI Data via Leaked Credentials

 

Google API keys, once considered harmless when embedded in public websites for services like Maps or YouTube, have turned into a serious security risk following the integration of Google's Gemini AI assistant. Security researchers at Truffle Security uncovered this issue, revealing that nearly 3,000 live API keys—prefixed with "AIza"—are exposed in client-side JavaScript code across popular sites.

Truffle Security's scan of the November 2025 Common Crawl dataset, which captures snapshots of major websites, identified 2,863 active keys from diverse sectors including finance, security firms, and even Google's own infrastructure. These keys, deployed sometimes years ago (one traced back to February 2023), were originally safe as mere billing identifiers but gained unauthorized access to Gemini endpoints without developers' knowledge.Attackers can simply copy a key from page source, authenticate to Gemini, and extract sensitive data like uploaded files, cached contexts, or datasets via simple prompts.

The danger extends beyond data theft to massive financial abuse, as Gemini API calls consume tokens that rack up charges—potentially thousands of dollars daily per compromised account, depending on the model and context window. Truffle Security demonstrated this by querying the /models endpoint with exposed keys, confirming access to private Gemini features. One reported case highlighted an $82,314 bill from a stolen key, underscoring the real-world impact.

Google acknowledged the flaw as "single-service privilege escalation" after Truffle's disclosure on November 21, 2025, and implemented fixes by January 2026, including blocking leaked keys from Gemini access, defaulting new AI Studio keys to Gemini-only scope, and sending proactive leak notifications. Despite these measures, the "retroactive privilege expansion" caught many off-guard, as enabling Gemini in projects silently empowered old keys.

Developers must immediately audit Google Cloud projects for Gemini API enablement, rotate all exposed keys, and restrict scopes to essentials—avoiding the default "unrestricted" setting. Tools like TruffleHog can scan code repositories for leaks, while regular monitoring prevents future exposures in an era where AI services amplify API risks. This incident highlights the need for vigilance as cloud features evolve.
Read more »
Personal Data
Cloud Conduent Cyber Attacks Data Leak Personal Data

Conduent Leak: One of the Largest Breaches in The U.S


Conduent, a business that offers printing, payment, and document processing services to some of the biggest health insurance companies in the nation, has had at least 25 million people's personal information stolen. Addresses, social security numbers, and health information were exposed to ransomware hackers in what some have already dubbed one of the biggest data breaches in American history. 

According to a letter the business issued online, Conduent initially learned it was the victim of a "cyber incident" more than a year ago on January 13, 2025. The actual breach occurred between October 21, 2024, and January 13, 2025, and it included Conduent's data because the company offers services to health plans.

Names, social security numbers, health insurance details, and unspecified medical information were among the data. In its notice, the business stressed that "not every data element was present for every individual," which implies that some individuals may have had their health insurance information taken but not their social security number, or vice versa. 

According to Bleeping Computer, the Safepay ransomware organization claimed responsibility for the attack, which allegedly captured more than 8 gigabytes of data. Conduent stated online, "Presently, we are unaware of any attempted or actual misuse of any information involved in this incident," while it is unclear if Safepay has demanded payment for the information's recovery.

10.5 million people were affected by the incident, according to Oregon's consumer protection website, although it's unknown how many people in Oregon alone were affected. According to Wisconsin, the national total is more than 25 million. 

Notifications have also been sent to residents of other states, such as California, Delaware, Massachusetts, New Hampshire, and New Mexico. According to the state's attorney general, just 374 people's data was compromised in Maine, one of the states with very tiny numbers. Conduent, a New Jersey-based company, did not reply to emails on Tuesday inquiring about the full extent of the incident and what victims could do about it.

Conduent is providing free credit monitoring and identity restoration services through Epiq to certain individuals, but those affected must join before April 30, 2026, according to a letter given to victims in California.

Read more »
leaked sensitive data
API Keys Data Breach Data Leak Data protection Data Safety User Data data security leaked sensitive data

Critical better-auth Flaw Enables API Key Account Takeover

 

A flaw in the better-auth authentication library could let attackers take over user accounts without logging in. The issue affects the API keys plugin and allows unauthenticated actors to generate privileged API keys for any user by abusing weak authorization logic. Researchers warn that successful exploitation grants full authenticated access as the targeted account, potentially exposing sensitive data or enabling broader application compromise, depending on the user’s privileges. 

The better-auth library records around 300,000 weekly downloads on npm, making the issue significant for applications that rely on API keys for automation and service-to-service communication. Unlike interactive logins, API keys often bypass multi-factor authentication and can remain valid for long periods. If misused, a single key can enable scripted access, backend manipulation, or large-scale impersonation of privileged users. 

Tracked as CVE-2025-61928, the vulnerability stems from flawed logic in the createApiKey and updateApiKey handlers. These functions decide whether authentication is required by checking for an active session and the presence of a userId in the request body. When no session exists but a userId is supplied, the system incorrectly skips authentication and builds user context directly from attacker-controlled input. This bypass avoids server-side validation meant to protect sensitive fields such as permissions and rate limits. 

In practical terms, an attacker can send a single request to the API key creation endpoint with a valid userId and receive a working key tied to that account. The same weakness allows unauthorized modification of existing keys. Because exploitation requires only knowledge or guessing of user identifiers, attack complexity is low. Once obtained, the API key allows attackers to bypass MFA and operate as the victim until the key is revoked. 

A patched version of better-auth has been released to fix the authorization checks. Organizations are advised to upgrade immediately, rotate potentially exposed API keys, review logs for suspicious unauthenticated requests, and tighten key governance through least-privilege permissions, expiration policies, and monitoring. 

The incident highlights broader risks tied to third-party authentication libraries. Authorization flaws in widely adopted components can silently undermine security controls, reinforcing the need for continuous validation, disciplined credential management, and zero-trust approaches across modern, API-driven environments.
Read more »
User Privacy
Conduent Data Breach Data Leak Ransomware attack User Privacy

Conduent Data Breach Expands to Tens of Millions of Americans

 

A massive data breach at Conduent, a leading government technology contractor, has escalated dramatically, now affecting tens of millions of Americans across multiple states. Initially detected in January 2025, the intrusion originated from an unauthorized access on October 21, 2024, allowing hackers to lurk undetected for nearly three months. Recent disclosures reveal the scope far exceeds early estimates, with Texas alone reporting 15.4 million victims, Oregon 10.5 million, and additional hundreds of thousands in Washington, Maine, and beyond.

Conduent provides critical back-end services like payments, printing, and processing for state agencies, transit systems, and insurers serving over 100 million users nationwide. The stolen data trove includes highly sensitive details: names, Social Security numbers, dates of birth, medical records, health insurance IDs, and treatment information. This breach, linked to ransomware group SafePay, exposes victims to severe identity theft and fraud risks, prompting lawsuits and regulatory scrutiny.

The cyberattack disrupted operations briefly, delaying child support payments in states like Wisconsin and affecting insurers such as Premera Blue Cross and Blue Cross Blue Shield of Montana. Conduent, aided by Palo Alto Networks and other forensics experts, secured systems swiftly but incurred $25 million in direct response costs by Q1 2025. No misuse of data has surfaced as of late 2025 notifications, but experts warn of looming phishing and extortion campaigns.

Legal fallout has been swift, with at least nine class-action suits filed over the 10.5 million+ record exposure, marking it as 2025's largest healthcare breach.Notifications began rolling out in October 2025 to state attorneys general in Maine, California, and others, advising credit freezes and fraud alerts—without offering free monitoring. Victims, primarily government program beneficiaries, face heightened vulnerability in an era of persistent ransomware targeting public sector vendors.

Cybersecurity analysts highlight Conduent's prolonged undetected access as a stark reminder of supply chain risks in govtech. The firm's SEC filings underscore ongoing financial strain from notifications and potential liabilities. As investigations continue into 2026, this incident amplifies calls for stricter vendor oversight and zero-trust architectures in handling citizen data.

In response, affected states and insurers urge proactive measures: monitor credit reports, enable multi-factor authentication, and watch for suspicious IRS or healthcare scams. Conduent assures full cooperation with authorities, but the ballooning victim count underscores the fragility of centralized data troves in government services.This breach serves as a pivotal case study in evolving cyber threats to public infrastructure.
Read more »
ShinyHunters
Data Breach Data Leak Harvard Breach Upenn Hack ShinyHunters

ShinyHunters Leak Exposes Harvard and UPenn Personal Data

 

Hacking group ShinyHunters has reportedly published more than a million records stolen from Harvard University and the University of Pennsylvania (UPenn) on its dark web site, putting a vast trove of sensitive personal data within reach of cybercriminals worldwide. The leaked data appears to contain sensitive details about the students, employees, alumni, donors, and family members of the breached organizations. This has expanded the scope of the compromised data to a wide range of people. Initial verification of the leaked data has revealed that at least some of the leaked data is genuine. 

The UPenn breach is believed to have begun in early November 2025, when the hackers gained access to an employee’s single sign-on (SSO) account by claiming to have obtained full access to the UPenn employee’s SSO account. This has essentially turned the SSO account into a master key that has allowed the hackers to access the UPenn VPN system, Salesforce data, the Qlik analytics platform, SAP business intelligence tools, and SharePoint. During the course of the attack, the hackers also used the compromised login credentials to send offensive emails to 700,000 people. Initially, UPenn believed that the emails were fake, but they later turned out to be real.

Harvard confirmed a related compromise roughly three weeks after the UPenn disclosure, tying its own incident to a successful voice phishing (vishing) campaign. In this case, attackers are said to have infiltrated Alumni Affairs and Development systems, exposing data on past and present students, donors, some faculty and staff, and even spouses, partners, and parents of alumni and students. The stolen records reportedly include names, dates of birth, home addresses, phone numbers, estimated net worth, donation history, and sensitive demographic attributes such as race, religion, and sexual orientation.

Unlike traditional ransomware operations that both encrypt systems and steal data, ShinyHunters appears to have focused solely on data theft and extortion, deploying no encryptors in these campaigns. The group allegedly attempted to negotiate payment in cryptocurrency in exchange for promising to delete the stolen files, following the now-common double extortion model. When talks broke down and the universities did not pay, the hackers responded by dumping the data openly on their dark web leak site, amplifying the risk of identity theft, harassment, and targeted scams for victims.

For Harvard and UPenn, the breaches highlight the dangers of over-reliance on SSO accounts and human-centric weaknesses such as vishing, where convincing phone calls trick staff into revealing or approving access. For affected individuals, the publication of highly personal and demographic information raises concerns around fraud, doxxing, discrimination, and reputational harm that could persist for years. The incidents reinforce the need for stronger multifactor authentication, rigorous phishing and vishing awareness training, and tighter controls around high-value institutional accounts holding large volumes of sensitive data.
Read more »
Offline Security
Air Gaps Black hat Cyber Security Data Leak Offline Security

Black Hat Researcher Proves Air Gaps Fail to Secure Data

 

Air gaps, long hailed as the ultimate defense for sensitive data, are under siege according to Black Hat researcher Mordechai Guri. In a compelling presentation, Guri demonstrated multiple innovative methods to exfiltrate information from supposedly isolated computers, shattering the myth of complete offline security. These techniques exploit everyday hardware components, proving that physical disconnection alone cannot guarantee protection in high-stakes environments like government and military networks.

Guri's BeatCoin malware turns computer speakers into covert transmitters, emitting near-ultrasonic sounds inaudible to humans but detectable by nearby smartphones up to 10 meters away. This allows private keys or other secrets to leak out effortlessly. Even disabling speakers fails, as Fansmitter modulates fan speeds to alter blade frequencies, creating acoustic signals receivable by listening devices within 8 meters. For scenarios without microphones, the Mosquito attack repurposes speakers as rudimentary microphones via GPIO manipulation, enabling ultrasonic data transmission between air-gapped machines.

Electromagnetic exploits further erode air-gap defenses. AirHopper manipulates monitor cables to radiate FM-band signals, capturable by a smartphone's built-in receiver. GSMem leverages CPU-RAM pathways to generate cellular-like transmissions detectable by basic feature phones, while USBee transforms USB ports into antennas for broad leakage. These methods highlight how standard peripherals become unwitting conduits for data escape.

Faraday cages, designed to block electromagnetic waves, offer no sanctuary either. Guri's ODINI attack generates low-frequency magnetic fields from CPU cores, penetrating these shields.PowerHammer goes further by inducing parasitic signals on building power lines, tappable by attackers monitoring electrical infrastructure.Such persistence underscores the vulnerability of even fortified setups.

While these attacks assume initial malware infection—often via USB or insiders—real-world precedents like Stuxnet validate the threat. Organizations must layer defenses with anomaly detection, hardware restrictions, and continuous monitoring beyond mere air-gapping. Guri's work urges a reevaluation of "secure" isolation strategies in an era of sophisticated side-channel threats.
Read more »
Spain
Data Breach Data Leak Education ministry of science Online Platforms Spain

Spain’s Science Ministry Partially Shuts Online Systems After Suspected Cyber Incident

 



Spain’s Ministry of Science, Innovation and Universities has temporarily disabled parts of its digital infrastructure following what it described as a technical problem. The disruption has affected several online services used by citizens, universities, researchers, and businesses for official procedures and submissions. These platforms support important administrative functions and process sensitive information, which is why access was restricted as a precaution.

The ministry oversees national science policy, research programs, innovation initiatives, and higher education administration. Its systems handle high-value data, including academic and research records, application materials, and personal information linked to students and professionals. Because of the incident, multiple digital services were made unavailable, and active procedures were placed on hold to limit any potential risk to data or system integrity.

In a public notice on its official website, the ministry stated that the incident is under technical assessment and did not disclose further details at the time. The announcement clarified that the ministry’s online portal is only partially operational and that ongoing administrative processes have been paused to protect the rights and lawful interests of affected users. To reduce the impact of the outage, authorities confirmed that deadlines for affected procedures will be extended in line with Spain’s administrative law provisions, so applicants and institutions are not penalized for delays caused by the shutdown.

Separately, claims surfaced on underground online platforms from an individual alleging unauthorized access to the ministry’s systems. The person shared what they presented as sample data to support the claim and stated that additional information was available for sale. The material reportedly includes personal records, email information, application-related documents, and images of official paperwork. These claims have not been independently verified, and the online space where the samples were shared later became inaccessible.

The same individual alleged that access was gained by exploiting a security weakness that can allow users to reach restricted resources without proper authorization. Such flaws, when present in web applications, can expose internal systems if not properly secured. At this stage, the technical details of the claim remain unconfirmed by authorities.

Spanish media outlets have reported that a ministry spokesperson acknowledged that the service disruption is linked to a cybersecurity incident. However, officials have not confirmed whether any data was accessed or taken, nor have they outlined the scope of any potential compromise. The ministry has indicated that investigations are ongoing to determine what occurred and to restore services safely.

Cybersecurity experts consistently warn that public sector systems are frequent targets because of the volume and sensitivity of data they manage. Strong access controls, continuous monitoring, and timely security updates are critical to reducing exposure to such risks. Further updates from the ministry are expected once technical assessments are completed and the situation is fully clarified.

Read more »
Dating Apps
Consumer Information Cyber Phishing Data Breach Data Leak data security Data Theft dating app security Dating Apps

ShinyHunters Claims Match Group Data Breach Exposing 10 Million Records

 

A new data theft has surfaced linked to ShinyHunters, which now claims it stole more than 10 million user records from Match Group, the U.S. company behind several major swipe-based dating platforms. The group has positioned the incident as another major addition to its breach history, alleging that personal data and internal materials were taken without authorization. 

According to ShinyHunters, the stolen data relates to users of Hinge, Match.com, and OkCupid, along with hundreds of internal documents. The Register reported seeing a listing on the group’s dark web leak site stating that “over 10 million lines” of data were involved. The exposure was also linked to AppsFlyer, a marketing analytics provider, which was referenced as the likely source connected to the incident. 

Match Group confirmed it is investigating what it described as a recently identified security incident, and said some user data may have been accessed. The company stated it acted quickly to terminate the unauthorized access and is continuing its investigation with external cybersecurity experts. Match Group also said there was no indication that login credentials, financial information, or private communications were accessed, and added that it believes only a limited amount of user data was affected. 

It said notifications are being issued to impacted individuals where appropriate. However, Match Group did not disclose what categories of data were accessed, how many users were impacted, or whether any ransom demand was made or paid, leaving key details about the scope and motivation unresolved. Cybernews, which reviewed samples associated with the listing, reported that the dataset appears to include customer personal data, some employee-related information, and internal corporate documents. 

The analysis also suggested the presence of Hinge subscription details, including user IDs, transaction IDs, payment amounts, and records linked to blocked installations, along with IP addresses and location-related data. In a separate post published the same week, ShinyHunters also claimed it had stolen data from Bumble. The group uploaded what it described as 30 GB of compressed files allegedly sourced from Google Drive and Slack. The claims come shortly after researchers reported that ShinyHunters targeted around 100 organizations by abusing stolen Okta single sign-on credentials. The alleged victim list included well-known SaaS and technology firms such as Atlassian, AppLovin, Canva, Epic Games, Genesys, HubSpot, Iron Mountain, RingCentral, and ZoomInfo, among others. 

Bumble has issued a statement saying that one contractor’s account had been compromised in a phishing incident. The company said the account had limited privileges but was used for brief unauthorized access to a small portion of Bumble’s network. Bumble stated its security team detected and removed the access quickly, confirmed the incident was contained, engaged external cybersecurity experts, and notified law enforcement. Bumble also emphasized that there was no access to its member database, member accounts, the Bumble app, or member direct messages or profiles.
Read more »
Google security
AI tools Data Breach Data Leak Digital Personal Data Protection Gemini AI Gemini Flaw Gemini vulnerability Google Gemini Google security

Google Gemini Calendar Flaw Allows Meeting Invites to Leak Private Data

 

Though built to make life easier, artificial intelligence helpers sometimes carry hidden risks. A recent study reveals that everyday features - such as scheduling meetings - can become pathways for privacy breaches. Instead of protecting data, certain functions may unknowingly expose it. Experts from Miggo Security identified a flaw in Google Gemini’s connection to Google Calendar. Their findings show how an ordinary invite might secretly gather private details. What looks innocent on the surface could serve another purpose beneath. 

A fresh look at Gemini shows it helps people by understanding everyday speech and pulling details from tools like calendars. Because the system responds to words instead of rigid programming rules, security experts from Miggo discovered a gap in its design. Using just text that seems normal, hackers might steer the AI off course. These insights, delivered openly to Hackread.com, reveal subtle risks hidden in seemingly harmless interactions. 

A single calendar entry is enough to trigger the exploit - no clicking, no downloads, no obvious red flags. Hidden inside what looks like normal event details sits coded directions meant for machines, not people. Rather than arriving through email attachments or shady websites, the payload comes disguised as routine scheduling data. The wording blends in visually, yet when processed by Gemini, it shifts into operational mode. Instructions buried in plain sight tell the system to act without signaling intent to the recipient. 

A single harmful invitation sits quietly once added to the calendar. Only after the user poses a routine inquiry - like asking about free time on Saturday - is anything set in motion. When Gemini checks the agenda, it reads the tainted event along with everything else. Within that entry lies a concealed instruction: gather sensitive calendar data and compile a report. Using built-in features of Google Calendar, the system generates a fresh event containing those extracted details. 

Without any sign, personal timing information ends up embedded within a new appointment. What makes the threat hard to spot is its invisible nature. Though responses appear normal, hidden processes run without alerting the person using the system. Instead of bugs in software, experts point to how artificial intelligence understands words as the real weak point. The concern grows as behavior - rather than broken code - becomes the source of danger. Not seeing anything wrong does not mean everything is fine. 

Back in December 2025, problems weren’t new for Google’s AI tools when it came to handling sneaky language tricks. A team at Noma Security found a gap called GeminiJack around that time. Hidden directions inside files and messages could trigger leaks of company secrets through the system. Experts pointed out flaws deep within how these smart tools interpret context across linked platforms. The design itself seemed to play a role in the vulnerability. Following the discovery by Miggo Security, Google fixed the reported flaw. 

Still, specialists note similar dangers remain possible. Most current protection systems look for suspicious code or URLs - rarely do they catch damaging word patterns hidden within regular messages. When AI helpers get built into daily software and given freedom to respond independently, some fear misuse may grow. Unexpected uses of helpful features could lead to serious consequences, researchers say.
Read more »
Vulnerabilities and Exploits
Cl0p Ransomware Data Leak Korean Air Supply-Chain Attack Vulnerabilities and Exploits

Korean Air Employee Data Exposed in Cl0p Ransomware Supply-Chain Attack

 

Korean Air has acknowledged the theft of sensitive data belonging to 30,000 current and former employees in a serious data breach. The breach occurred via a supply-chain compromise at KC&D Service, the airline's former catering subsidiary. Hackers exploited a critical flaw in Oracle E-Business Suite, tracked as CVE-2025-61882, that enabled code execution remotely without requiring any user interaction or authentication to login. Cl0p ransomware operators claimed responsibility for the attack, and after ransom demands were apparently ignored, they dumped almost 500 GB of stolen archives on their dark web site. 

The intrusion occurred at KC&D, which, though it was sold to Hahn & Company in 2020, was still handling in-flight meals and duty-free services. Korean Air continues to own a 20% stake and has continued sharing employee data through KC&D's ERP server. The attackers targeted Oracle EBS versions 12.2.3 through 12.2.14 to bypass authentication and reach sensitive systems. The vulnerability was publicly disclosed in early October 2025, after initial exploitation that started in August. Although Oracle promptly released patches, the combination of late detection and widespread exposure caused data exfiltration to spread across many victims. 

The stolen information includes full names and bank account numbers, which increases the risk of identity theft, financial fraud and phishing attacks for those whose information was compromised. Importantly, no customer data, including flight records or payment information, was compromised, preventing wider impact on operations. Korean Air on Dec. 29, 2025, advised the employees to be cautious of scams and took emergency security measures, disconnecting the KC&D servers and filing a report with the Korea Internet and Security Agency (KISA).

This attack is reminiscent of the 2023 MOVEit Transfer breach conducted by Cl0p, a similar file-transfer exploit that resulted in the compromise of millions of records from hundreds of companies. Dozens of EBS victims have surfaced, including Envoy Air, Harvard University, Schneider Electric, Emerson, Cox Enterprises, Logitech, and Barts Health NHS Trust, underscoring the campaign's global scale. Cl0p, a Russia-nexus extortion group linked to FIN11, prioritizes data theft over encryption for high-value targets. 

The incident emphasizes enduring supply-chain risk in aviation and enterprise software, underscoring the importance of timely patching, third-party risk assessments, and zero-trust architectures. Korean Air Vice Chairman Woo Kee-hong confirmed full dedication to breach scoping and support for its employees in the midst of South Korea's wave of cyberattacks, which also targeted Coupang and SK Telecom in recent days. Organizations around the globe need to review their Oracle EBS exposures and keep an eye on Cl0p leak sites in order to reduce risk.
Read more »
Personal Information
2FA API Data Breach Data Leak Instagram Meta Personal Information

Instagram Refutes Breach Allegations After Claims of 17 Million User Records Circulating Online

 



Instagram has firmly denied claims of a new data breach following reports that personal details linked to more than 17 million accounts are being shared across online forums. The company stated that its internal systems were not compromised and that user accounts remain secure.

The clarification comes after concerns emerged around a technical flaw that allowed unknown actors to repeatedly trigger password reset emails for Instagram users. Meta, Instagram’s parent company, confirmed that this issue has been fixed. According to the company, the flaw did not provide access to accounts or expose passwords. Users who received unexpected reset emails were advised to ignore them, as no action is required.

Public attention intensified after cybersecurity alerts suggested that a large dataset allegedly connected to Instagram accounts had been released online. The data, which was reportedly shared without charge on several hacking forums, was claimed to have been collected through an unverified Instagram API vulnerability dating back to 2024.

The dataset is said to include information from over 17 million profiles. The exposed details reportedly vary by record and include usernames, internal account IDs, names, email addresses, phone numbers, and, in some cases, physical addresses. Analysis of the data shows that not all records contain complete personal details, with some entries listing only basic identifiers such as a username and account ID.

Researchers discussing the incident on social media platforms have suggested that the data may not be recent. Some claim it could originate from an older scraping incident, possibly dating back to 2022. However, no technical evidence has been publicly provided to support these claims. Meta has also stated that it has no record of Instagram API breaches occurring in either 2022 or 2024.

Instagram has previously dealt with scraping-related incidents. In one earlier case, a vulnerability allowed attackers to collect and sell personal information associated with millions of accounts. Due to this history, cybersecurity experts believe the newly surfaced dataset could be a collection of older information gathered from multiple sources over several years, rather than the result of a newly discovered vulnerability.

Attempts to verify the origin of the data have so far been unsuccessful. The individual responsible for releasing the dataset did not respond to requests seeking clarification on when or how the information was obtained.

At present, there is no confirmation that this situation represents a new breach of Instagram’s systems. No evidence has been provided to demonstrate that the data was extracted through a recently exploited flaw, and Meta maintains that there has been no unauthorized access to its infrastructure.

While passwords are not included in the leaked information, users are still urged to remain cautious. Such datasets are often used in phishing emails, scam messages, and social engineering attacks designed to trick individuals into revealing additional information.

Users who receive password reset emails or login codes they did not request should delete them and take no further action. Enabling two-factor authentication is fiercely recommended, as it provides an added layer of security against unauthorized access attempts.


Read more »
Oracle E-Business Suite
Clop Ransomware Clop Ransomware Gang customer data leak Data Breach Data Leak Data protection data security Oracle E-Business Suite

University of Phoenix Data Breach Exposes Records of Nearly 3.5 Million Individuals

 

The University of Phoenix has confirmed a major cybersecurity incident that exposed the financial and personal information of nearly 3.5 million current and former students, employees, faculty members, and suppliers. The breach is believed to be linked to the Clop ransomware group, a cybercriminal organization known for large-scale data theft and extortion. The incident adds to a growing number of significant cyberattacks reported in 2025. 

Clop is known for exploiting weaknesses in widely used enterprise software rather than locking systems. Instead, the group steals sensitive data and threatens to publish it unless victims pay a ransom. In this case, attackers took advantage of a previously unknown vulnerability in Oracle Corporation’s E-Business Suite software, which allowed them to access internal systems. 

The breach was discovered on November 21 after the University of Phoenix appeared on Clop’s dark web leak site. Further investigation revealed that unauthorized access may have occurred as early as August 2025. The attackers used the Oracle E-Business Suite flaw to move through university systems and reach databases containing highly sensitive financial and personal records.  

The vulnerability used in the attack became publicly known in November, after reports showed Clop-linked actors had been exploiting it since at least September. During that time, organizations began receiving extortion emails claiming financial and operational data had been stolen from Oracle EBS environments. This closely mirrors the methods used in the University of Phoenix breach. 

The stolen data includes names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers. While the university has not formally named Clop as the attacker, cybersecurity experts believe the group is responsible due to its public claims and known use of Oracle EBS vulnerabilities. 

Paul Bischoff, a consumer privacy advocate at Comparitech, said the incident reflects a broader trend in which Clop has aggressively targeted flaws in enterprise software throughout the year. In response, the University of Phoenix has begun notifying affected individuals and is offering 12 months of free identity protection services, including credit monitoring, dark web surveillance, and up to $1 million in fraud reimbursement. 

The breach ranks among the largest cyber incidents of 2025. Rebecca Moody, head of data research at Comparitech, said it highlights the continued risks organizations face from third-party software vulnerabilities. Security experts say the incident underscores the need for timely patching, proactive monitoring, and stronger defenses, especially in education institutions that handle large volumes of sensitive data.
Read more »
personal data security
700Credit data breach Cyberattacks Data Breach Data Leak Data protection data security Personal Data Breach personal data security

700Credit Data Breach Exposes Personal Information of Over 5.6 Million Consumers

 

A massive breach at the credit reporting firm 700Credit has led to the leakage of private details of over 5.6 million people, throwing a new set of concerns on the risk of third-party security in the financial services value chain. The firm has admitted that the breach was a result of a supply chain attack on one of its third-party integration partners and did not originate from an internal breach.  

According to the revelations made, this breach has its roots going back to late October 2025, when 700Credit noticed some unusual traffic associated with an exposed API. The firm has more than 200 integration partners who are connected to consumers’ data through APIs. It has been found that one of these partners was compromised as early as July 2025, but this notification was not made to 700Credit, thus leaving an opportunity for hackers to gain unlawful access to an API used for fetching consumers’ credit details from this API connected environment.  

700Credit called this attack a "sustained velocity attack" that began October 25 and continued for over two weeks before being completely contained. Although the company was able to disable their vulnerable API once aware of the attack, attackers had already harvested a large chunk of customer information by exploiting this security hole. The attack is estimated to have compromised 20 percent of available information that was accessed through this vulnerability. 

The compromised information comprises highly sensitive personal information like names, physical addresses, dates of birth, as well as Social Security numbers. Although 700Credit asserted that their primary internal systems as well as login credentials as well as mode of payment are safe from any breach, security experts have indicated that the compromised information is sufficient for identity theft, financial fraud, as well as targeted phishing attacks. Consequently, individuals in the company’s database have been advised to exercise vigilance against any unsolicited messages, especially if they purportedly come from 700Credit or related entities.  

The Attorney General, Dana Nessel, issued a consumer alert warning people not to brush off the notifications received when a breach has occurred, but to be proactive about protecting themselves against fraud using the services of freezing their credit or monitoring their profiles for unusual activity due to the large-scale release of sensitive data that has happened previously. 

In reaction to the incident, 700Credit has already started notifying affected consumers of the breach as a gesture of goodwill, offering two years of complimentary credit monitoring service, as well as offering complimentary credit reports to affected consumers. The company has also partnered with the National Automobile Dealers Association to assist with breach notification with the Federal Trade Commission for a joint notification on affected dealerships. 

Law enforcement agencies have been notified of the breach as part of the continued investigations. This vulnerability highlights the increasing danger of the supply chain vulnerability, especially in companies which have extensive networks in handling personal data of consumers.
Read more »
personal data leak
Cyber Attacks Data Leak data security Data Theft employee data exposed Jaguar Jaguar Land Rover cyberattack payroll security breach personal data leak

Jaguar Land Rover Confirms Employee Data Theft After August 2025 Cyberattack

 

British luxury carmaker Jaguar Land Rover has confirmed that a cyberattack uncovered in August 2025 led to the theft of payroll and personal data of thousands of current and former employees. After this disclosure, the company asked the affected people to remain alert about identity theft, phishing attempts, and financial fraud. 

The breach represents the first official acknowledgement from JLR that employee personal information was compromised during the incident. Earlier statements had focused largely on the operational disruption caused by the attack, which forced the temporary shutdown of vehicle production across several manufacturing facilities for several weeks. The company employs more than 38,000 people worldwide. Records pertaining to former employees and contractors were also affected. 

Internal communications shared with staff revealed that forensic investigations determined attackers took unauthorized access to payroll administration systems. These systems would include sensitive employment-related records, including data associated with salaries, pension contributions, employee benefits, and information about dependents. While JLR has stated that there is currently no evidence that the stolen information has been publicly leaked or actively misused, the nature of the exposed data creates a heightened risk profile.  

Cybersecurity experts point out that payroll systems usually host very sensitive identifiers such as bank account details, national insurance numbers, tax information, residential addresses, and compensation records. Even partial data exposure could increase the chances of identity fraud, account takeover attempts, and targeted social engineering attacks by a great degree. In response, JLR has recommended that the affected keep themselves aware of unsolicited communications and enhance passwords related to personal and professional accounts. 

For the sake of mitigation, the company has declared two years of free credit and identity monitoring services for its current and former affected employees. A dedicated helpline is also established for phone support, to assist with queries, advise on protective measures, and take reports of suspected fraudulent activity. This decision by JLR comes after forensic analysis had continued post-restoration of safe production operations. 

The breach has been formally reported to the UK's Information Commissioner's Office (ICO), which has confirmed it is conducting enquiries into the incident. The regulator has asked for more information about the extent of the breach, what security controls were in place at the time of the attack, and what remedial action has been taken since the intrusion was detected. The after-effects of the cyberattack spilled over beyond JLR's workforce. 

The disruption reportedly affected almost 5,000 supplier and partner organizations, reflecting the interconnected nature of modern manufacturing supply chains. Estimates place the overall economic impact of the incident at roughly ₹20,000 crore. Official figures suggest the disruption contributed to a measurable contraction in the UK economy during September 2025. JLR also announced that the attack resulted in the quarterly sales decline of an estimated ₹15,750 crore, along with a one-time recovery and remediation cost of around ₹2,060 crore. 

The costs comprised restoration of systems, security controls enhancement, and incident response. The intrusion, which was earlier claimed by a hacking group named "Scattered Lapsus Hunters" that had earlier been involved with attacks on major retail organizations, has alleged that the organization also accessed customer data. 
However, Jaguar Land Rover claims that evidence supporting those claims has not been found. Investigations are ongoing, and the firm has announced that it will keep informing employees, regulators, and other stakeholders as more information becomes available.
Read more »
Personal Data
Cyber Scams Data Breach Data Leak data security Data Stealer data stealing Infostealer Malware Malwares Personal Data

AuraStealer Malware Uses Scam Yourself Tactics to Steal Sensitive Data

 

A recent investigation by Gen Digital’s Gen Threat Labs has brought attention to AuraStealer, a newly emerging malware-as-a-service offering that has begun circulating widely across underground cybercrime communities. First observed in mid-2025, the malware is being promoted as a powerful data-stealing tool capable of compromising a broad range of Windows operating systems. Despite its growing visibility, researchers caution that AuraStealer’s technical sophistication does not always match the claims made by its developers. 

Unlike conventional malware campaigns that rely on covert infection techniques such as malicious email attachments or exploit kits, AuraStealer employs a strategy that places users at the center of their own compromise. This approach, described as “scam-yourself,” relies heavily on social engineering rather than stealth delivery. Threat actors distribute convincing video content on popular social platforms, particularly TikTok, presenting the malware execution process as a legitimate software activation tutorial. 

These videos typically promise free access to paid software products. Viewers are guided through step-by-step instructions that require them to open an administrative PowerShell window and manually enter commands shown on screen. Instead of activating software, the commands quietly retrieve and execute AuraStealer, granting attackers access to the victim’s system without triggering traditional download-based defenses. 

From an analysis perspective, AuraStealer incorporates multiple layers of obfuscation designed to complicate both manual and automated inspection. The malware disrupts straightforward code execution paths by dynamically calculating control flow at runtime, preventing analysts from easily tracing its behavior. It also leverages exception-based execution techniques, intentionally generating system errors that are intercepted by custom handlers to perform malicious actions. These tactics are intended to confuse security sandboxes and delay detection. 

Functionally, AuraStealer targets a wide range of sensitive information. Researchers report that it is designed to harvest data from more than a hundred web browsers and dozens of desktop applications. Its focus includes credentials stored in both Chromium- and Gecko-based browsers, as well as data associated with cryptocurrency wallets maintained through browser extensions and standalone software. 

One of the more concerning aspects of the malware is its attempt to circumvent modern browser protections such as Application-Bound Encryption. The malware tries to launch browser processes in a suspended state and inject code capable of extracting encryption keys. However, researchers observed that this technique is inconsistently implemented and fails across multiple environments, suggesting that the malware remains technically immature. 

Despite being sold through subscription-based pricing that can reach several hundred dollars per month, AuraStealer contains notable weaknesses. Analysts found that its aggressive obfuscation introduces detectable patterns and that coding errors undermine its ability to remain stealthy. These shortcomings provide defenders with opportunities to identify and block infections before significant damage occurs. 

While AuraStealer is actively evolving and backed by ongoing development, its emergence highlights a broader trend toward manipulation-driven cybercrime. Security professionals continue to emphasize that any online tutorial instructing users to paste commands into a system terminal in exchange for free software should be treated as a significant warning sign.
Read more »
Subscribe to: Comments (Atom)