Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
User Privacy
Android Trojan Data Harvesting Data Leak malware User Privacy

Millions of Devices at Risk: New Trojan Monitors Smartphones

 

A menacing new Trojan has emerged that puts millions of smartphone devices worldwide at risk, according to recent cybersecurity reports. This sophisticated malware specifically targets Android devices and has already infected thousands of users across 143 countries. The Trojan's ability to monitor smartphones in real-time represents a significant evolution in mobile cyberthreats, with security researchers warning that the actual infection count could be far higher than currently detected.

The malware spreads primarily through seemingly legitimate websites that trick users into downloading malicious applications. Once installed, the Trojan grants hackers complete remote control over compromised devices, enabling live monitoring of user activities. Security firm Zimperium zLabs identified similar dangerous Trojans like Arsink, which impersonates popular brands including WhatsApp and TikTok to evade detection. The infected devices can have their audio recorded, text messages read, and even be wiped completely by attackers. 

This Trojan's most alarming capability is its live monitoring feature combined with coordinated attack systems. Beyond stealing credentials, the malware transmits live screen content to remote servers, creating a continuous visual feed that allows attackers to observe activity and intercept authentication steps in real time. Encrypted communication channels connect infected devices to centralized command systems that coordinate attacks and distribute updated instructions, managing thousands of compromised devices simultaneously. The infection has created a massive footprint, with Egypt reporting around 13,000 compromised phones, Indonesia approximately 7,000, and Iraq and Yemen each with 3,000 infections. 

The Trojan harvests an extensive range of sensitive data including SMS messages, call logs, contacts, device location, and Google account information. It can steal user accounts in messengers and social networks, stealthily send messages on behalf of victims, monitor browser activities, replace links, swap numbers during calls, and intercept SMS messages. Previous similar malware campaigns have already stolen at least $270,000 worth of cryptocurrency, suggesting the financial damage from this new Trojan could be substantial. 

Experts recommend several critical protection measures to safeguard against this threat. Users should only download applications from official app stores like Google Play, avoid clicking links from suspicious websites, and keep their Android operating system updated with the latest security patches. Google has warned that over 40% of Android devices remain vulnerable because they run outdated versions without security support. If your smartphone brand no longer provides security updates, experts strongly recommend considering a new device to protect your personal data.
Read more »
Data Leak
AI Bug Management Cloud Cyber Security Data Data Leak

9-Year-Old Linux bug Found by Researchers, Could Leak Data


Experts have revealed details of a bug in the Linux kernel that stayed unnoticed for nine years. The flaw is tracked as CVE-2026-46333 (CVSS score: 5.5). 

Improper bug management 

The incident is improper privilege management that could have allowed threat actors to reveal sensitive data as unprivileged local users and launch arbitrary commands on default installs such as Ubuntu, Debian, and Fedora. Its alias is aka ssh-keysign-pwn.

Vulnerability existed since 2016

Cybersecurity firm Qualys found the flaw. Since November 2016, the problem has been present in mainstream Linux (v4.10-rc1). 

Distribution updates and upstream patches are already accessible. There are publicly available working exploits, thus administrators should install vendor kernel upgrades right away, Qualys said.

Privilege compromise tactic

TRU discovered a small window in which a privileged process that is dropping its credentials can still be accessed through ptrace-family operations, despite the fact that its dumpable flag should have blocked that path, during ongoing study into Linux kernel privilege boundaries.  

Qualys also added that an attacker can obtain open file descriptors and authenticated inter-process channels from a dying privileged process and utilize them under their own uid by combining this window with the pidfd_getfd() syscall (introduced in v5.6-rc1, January 2020)

What is successful exploit?

Successful bug exploit can allow a local threat actor to reveal /etc/shadow and ho'st private keys under /etc/ssh/*_key, and deploy arbitrary commands as root via four distinct hacks attacking ssh-keysign, accounts-daemon, chage, and pkexec.

PoC exploit

The bug reveal is a proof-of-concept (PoC) exploit for the bug. It was released recently, and soon after, a public kernel surfaced. CVE-2026-46333 is the latest security bug revealed in Linux after Dirty Frag, Fragnesia, and Copy Fail in recent months.

How to stay safe

Experts have advised to use the latest kernel update released by Linux distributions. If users are unable to do it immediately, temporary patchwork includes raising "kernel.yama.ptrace_scope" to 2.
Qualys added, "On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed. Rotate host keys and review any administrative material that lived in the memory of set-uid processes,” Qualys said.

Incident impact

The incident happened after the release of a PoC for a local privilege exploit known as PinTheft that lets local hackers get access to root privileges on Arch Linux systems. The hack requires the Reliable Datagram Sockets (RDS) module to be deployed on the victim system, readable SUID-root-binary, io_ring enabling, and x86_64 support for the given payload.

Read more »
Instructure
AI Canvas Cloud Data Breach Data Leak data security Instructure

Data Leak: Instructure, Canvas Allegedly Hacked, ShinyHunters Claim Responsibility


Instructure, a cloud-based LMS Canvas company was hit by a massive data attack. Ransomware gang ShinyHunters claimed responsibility for the attack, saying that it had stolen data related to 280 million students, teachers, and school staff.

100s of GBs data leaked

The data breach accounts for hundreds of gigabytes, possibly leaking Canvas users’ email ids, private messages, and names. 

Instructure revealed in May that it was hit by a data breach. The Canvas incidents of 8,809 universities, educational platforms, schools were impacted by the attack. ShinyHunters said that the numbers range between tens of thousands to several millions per institution.

It is concerning that a lot of K-12 students’ data has been leaked. If your child has been affected by the data breach, Malware Bytes can help in what to do next and how to stay safe.

Canvas compromised

Various students who tried using Canvas after the cyberattack received the message from ShinyHunters blackmailing to leak the data if Instructure did not contact the hackers by May 12. Canvas was shut down offline for various students following the incident, but it is now available for most users. 

GTA 6, Studio Rockstar were blackmailed too

ShinyHunters has been killing it this year, with only high profile targets in its track records. The group asked for a ransom from GTA 6 (a video game) Studio Rockstar in April. But in reality, it was a hoax demand as the hackers did not have anything important/worthy to leak. 

Nvidea Geforce allegedly hacked

But recently, the group allegedly claimed responsibility for the Nvidea’s GeForce Now breach, claiming to have “pulled their entire database straight from the backend."

Shiny hunters all over the place

In the Canvas incident, ShinyHunters allegedly stole user records through exposrting features inside the platform. This consists of DAP queries, APIs, and provisioning reports, according to Bleeping Computers. “The unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts,” Instructure said. 

It also added that it “revoked privileged credentials and access tokens, deployed platform-wide protections, rotated certain internal keys, restricted token creation pathways, and added monitoring across our platforms." 

The impact

Instructure also “engaged a third-party forensic firm and notified law enforcement. Beyond the immediate response, we're hardening administrative access, token management, permissions, monitoring, and related workflows. The investigation may inform further improvements.”

However, it might be too little, too late—parents are unlikely to overlook the possibility of disclosing their children's information. The much bigger problem, though, is the disastrous harm ShinyHunters has caused to Canvas's operations and reputation, as malware historian vx-underground stated on X.

Read more »
Tech
Banks Cyber Security Data Data Leak digital scam identity Scam Tech

High Court Squashes Ban for Sim-Swap Fraud, Says Zero Customer Liability


In an important ruling amid surging digital financial fraud attacks, the Bombay HC sided with the customer protection norms. It directed Bank of Baroda to return Rs. 1.24 crore to the victim private firm that lost money in a SIM-swap case. The court stressed that if a consumer reports fraud promptly in time, “zero liability” is ruled, and the bank must reimburse the losses.                 

Private company reported the incident immediately

The order was given by a division bench of the HC, which included Justices Manjusha Deshpande and Bharati Dangre, when private company PNP Polytex (based in Mumbai) submitted a petition. Polytex alleged that Rs.1.24 crore had been stolen from its bank accounts illegally and without knowledge. 

About court proceedings

As per the submissions to the court, the firm informed the bank soon after finding malicious transactions and asked the accounts to be frozen. The bank could only save Rs. 47.8 lakh, the remaining money was already stolen by the hackers. After this, the firm moved to HC for help.

Later, enquiry revealed that the scam was done using a SIM-swap tactic, where hackers get control of the target’s registered contact number. This lets the hackers intercept OTPs and do banking transactions without the account owner's consent and knowledge. The high court found that the scam was done by third-parties, and showed no evidence of negligence on consumer’s end.

What is RBI’s zero liability rule?

During the proceedings, the court referred to the July 6, 2017 statement given by the RBI, which laid down the customer protection guidelines in incidents of illegal electronic banking transactions. According to the circular, the consumers are entitled to zero liability if they report fraud transactions within 72 hours (three days).

In the judgement, the high court stressed that if a customer informs the bank about a scam or fraud, it is the duty of the bank to return the disputed amount back to the victim’s account. The court also said that the burden of proving customer negligence is on the bank too.  

The court rejected the bank's defenses that it had followed the due process and security measures, and the bench  labelled the argument as a “lame excuse,” saying that such mechanisms become powerless when a SIM card is hacked. The court also attributed another ruling in an incident where HDFC bank was held liable under similar situations. 

Bank will return stolen amount with interest

After revising the previously frozen funds, the High Court ordered the bank to return the remaining sum plus 6% interest within eight weeks. 

Read more »
leaked sensitive data
Customer Data Data Breach Data Leak Data protection data security Hacking Attack Hacking Group leaked sensitive data

ShinyHunters Vimeo Data Breach Exposes Information of Over 119,000 Users

 

Early this year, Vimeo faced a security incident leading to the theft of personal details tied to over 119,000 people by the ShinyHunters hacking collective. Information on the leak became known via Have I Been Pwned, a service tracking compromised accounts, after examining the exposed records. 

Late last month, Vimeo revealed a security issue affecting its systems. The platform, known for hosting and streaming videos globally, serves many millions of active users. Access by unknown parties came via a flaw tied to Anodot. This firm provides tools that spot irregularities in data flows. Its technology connects directly into parts of Vimeo’s infrastructure. 

The event marks one point where external partnerships introduced risk. Details emerged only after internal reviews concluded. One thing became clear: the entry did not stem from inside Vimeo's own network. Instead, it traced back to how outside services link up. Security teams now examine how third-party integrations affect overall protection levels. 

Surprisingly, early reports showed hackers obtained technical data, video metadata, and titles - sometimes even user emails. Despite the breach, payment information, account passwords, and live session tokens stayed secure, according to internal confirmation. Throughout the event, Vimeo’s main system kept running smoothly, maintaining full service availability. Unexpectedly, operations continued without noticeable interference. 

Right away, Vimeo shut down every login linked to Anodeto stop any more unwanted entry once the break-in came to light. Instead of handling things alone, outside cyber experts joined to support the inquiry. At the same time, officials responsible for enforcing laws got word about what happened. Later, even so, the hackers released a huge 106GB collection of stolen files online when talks reportedly broke down. 

That data appeared on a hidden website used by the ShinyHunters crew, who stated weak login credentials tied to Anodot opened doors unexpectedly. From there, they moved into Vimeo's storage platforms - Snowflake and BigQuery - with little resistance. Some 119,200 individuals had their email addresses disclosed, along with names in certain instances, based on findings from Have I Been Pwned after reviewing the leaked data. 

Though the breach details have circulated, Vimeo hasn’t officially verified how many accounts were impacted. Inside these breaches, access began through deceptive emails or fake support calls tricking staff. Not long ago, compromised logins gave hackers entry to identity tools like Okta and Microsoft Entra. From there, movement spread toward customer relationship software, team messaging apps, file storage, design programs, help desks, and workplace productivity suites. Cloud infrastructure and subscription-based tech now draw more attention than before. 

Breach attempts often follow weak points in unified login setups across company networks. Though main networks stay secure, outside providers sometimes open doors hackers exploit. A breach in one connected service might unlock several company areas at once. Experts observe rising incidents targeting cloud logins and partner tools for this reason. Instead of attacking central defenses, intruders shift focus to these links. Sensitive client data ends up at risk even if primary infrastructure holds firm.  

Recently, ShinyHunters took credit for hacks spanning education, retail, health care, gaming, and government bodies. Vimeo's situation shows third-party links still pose steady threats to big digital services managing vast user information. Despite different targets, weak outside connections often open doors. One breach can ripple through many layers unexpectedly.
Read more »
Ransomware
Cyber Security Cyber Security Ransomware Attacks Data Leak data security Ransomware

Ransomware Attacks Reach All Time High, Leaked Over 2.6 Billion Records

 

A recent analysis of cybercrime data of last year (2025) disclosed that ransomware victims have risen rapidly by 45% in the previous year. But this is not important, as there exists something more dangerous. The passive dependence on hacked credentials as the primary entry point tactic is the main concern. Regardless of the platforms used, the accounts you are trying to protect, it is high time users start paying attention to password security. 

State of Cybercrime report 2026


The report from KELA found over 2.86 billion hacked credentials, passwords, session cookies, and other info that allows 2FA authentication. Surprisingly, authentication services and business cloud accounted for over 30% of the leaked data in 2025.

The analysis also revealed that infostealer malware which compromised credentials is immune to whatever OS you are using, “infections on macOS devices increased from fewer than 1,000 cases in 2024 to more than 70,000 in 2025, a 7,000% increase,” the report said.

Expert advice


Experts from Forbes have warned users about the risks associated with infostealer malware endless times. The leaked data includes FBI operations aimed at shutting down cybercrime gangs, millions of gmail passwords within leaked infostealer logs, and much more. Despite the KELA analysis, the risk continues. To make things worse, the damage is increasing year after year.

About infostealer


Kela defined the malware as something that is “designed to exfiltrate sensitive data from compromised machines, including login credentials, authentication tokens, and other critical account information.” What is more troublesome is the ubiquity of malware-as-a-service campaigns in the dark web world. The entry barrier is not closed, but the gates have been kicked wide open for experts as well as amateur threat actors. Data compromise in billions

Infostealer malware, according to Kela, ‘is designed to exfiltrate sensitive data from compromised machines, including login credentials, authentication tokens, and other critical account information.” And with the now almost universal availability of malware-as-a-service operations to the infostealer criminal world, the barrier to entry has not only been lowered but kicked to the curb completely.

In 2025, Kela found around “3.9 million unique machines infected with infostealer malware globally, which collectively yielded 347.5 million compromised credentials.” The grand total amounts to 2.86 billion hacked credentials throughout all platforms: databases of infostealer logs and dark web criminal marketplaces.

Tricks used by infostealers:


AI-generated tailored scams, messaging apps, and email frequently use Phishing-as-a-Service to get around MFA. In so-called "hack your own password" assaults, users are duped into manually running scripts in order to circumvent conventional security measures.

Trojanized software is promoted by malicious advertisements and search results, increasing the risk of infection. In supply chain assaults, high-privilege credentials are the target of poisoned packages and DevTools impersonation. Form-grabbing and cookie theft are made possible via compromised browser extension updates. Fake software updates and pirated apps continued to be successful.
Read more »
data security
ADT ADT data breach customer data leak customer data privacy Data Breach Data Extortion Data Leak data security

ADT Data Breach Confirmed After ShinyHunters Threatens Leak of Stolen Customer Information

 

Now comes word that ADT, a provider of home security systems, suffered a data breach following threats by the hacking collective ShinyHunters to expose purloined records if payment isn’t made. This event joins others recently where attackers gain access via compromised credentials or outside service providers. 

On April 20, the company noticed unusual activity within its systems - response teams moved quickly to limit exposure and launch a review from within. It turned out some customer and prospective customer details were reached and copied by those responsible. Names, contact numbers, and home locations made up most of what was seen; in a few cases, birth dates showed up alongside incomplete identification digits used for tax or government purposes. Though only a narrow collection of files was involved, steps followed to assess how far the breach extended. 

What ADT made clear is that financial details of high sensitivity stayed secure. It turned out bank accounts, credit cards, along with any payment records, remained untouched through the incident. On top of this, home security setups and active monitoring kept running without interference. Evidently, the breach never reached operational systems - only certain data areas felt its effect. After claims surfaced on a hacker forum, ShinyHunters stated they accessed more than 10 million records - some containing personal details and private business files. 
Despite the threat to publish everything unless met with demands, confirmation of the full extent remains unverified by ADT. Still, notification letters have gone out to impacted users during ongoing review efforts. What happens next depends on internal assessments already underway. One claim points to vishing as the starting point - a tactic aimed at one worker. Posing as known contacts, hackers won entry through a company-wide login system. 

Once inside, they navigated sideways into linked environments without immediate detection. Access likely extended to cloud services including Salesforce, where information was pulled from storage. Identity theft now drives many cyber intrusions, moving past old tactics that hunted software bugs. Instead of probing code flaws, hackers aim at sign-in systems like Okta, Microsoft Entra, or Google logins. Breaching one verified profile opens doors to numerous company tools. 

With entry secured, stolen information gets pulled out quietly. That data then becomes leverage - no malware needed to lock files. What happened lately isn’t new for ADT - earlier leaks of staff and client details came out earlier this year. Facing repeated issues, many companies struggle to protect digital identities while handling permissions in linked platforms. 

Still under investigation, the incident highlights how often social engineering now shapes current cyber attacks. Rather than exploiting software flaws, hackers rely on mistakes people make - slipping past defenses by tricking users. 

Because of this shift, training staff to spot risks matters just as much as strong login protections. Preventing future breaches depends less on technology alone, more on understanding human behavior. Awareness becomes a shield when passwords fail.
Read more »
Stryker
Business Security Cyber Attacks Data Leak Medical Tech Stryker

Stryker Attack Wipes Thousands of Devices Without Malware

 

Stryker’s latest cyber incident is a stark reminder that attackers do not always need malware to cause major damage. The medical technology company said the breach was confined to its internal Microsoft environment and did not affect its products, including connected and life-saving devices, which remain safe to use. Even so, the attack disrupted business operations and forced customers to place orders manually while electronic ordering systems stayed offline. 

According to the report, the incident was not a ransomware attack, and Stryker emphasized that no malware was deployed on its systems. Instead, the threat actor appears to have used legitimate Microsoft Intune tools to remotely wipe devices after compromising an administrator account and creating a new Global Administrator account. That method made the attack especially dangerous because it relied on trusted enterprise controls rather than suspicious malicious software. 

The scale of the wipe was severe. A source familiar with the attack told BleepingComputer that nearly 80,000 devices were erased between 5:00 and 8:00 a.m. UTC on March 11. Employees across multiple countries reportedly woke up to find company-managed laptops and mobile devices wiped overnight. The group Handala, believed to be linked to Iran, claimed responsibility and said it had destroyed over 200,000 systems and stolen 50 terabytes of data, though investigators did not confirm those claims. 

What makes this case notable is that the attack appears to have used “living off the land” tactics, meaning the intruder abused legitimate administrative access rather than deploying custom code. That approach can be harder to detect because security tools often look for malware signatures or known exploit behavior, not authorized commands executed by a compromised admin account. The result is a fast, high-impact disruption that can spread across a corporate fleet in hours. 

For enterprises, the Stryker case reinforces the need for stronger identity protection, tighter administrator controls, and better monitoring of cloud management platforms. Privileged access should be minimized, account creation should be closely audited, and wipe capabilities should require strong checks before execution. In this incident, the attacker did not need an exploit or a virus; a stolen credential and a legitimate tool were enough to cripple a large organization.
Read more »
Hacking Group
Cyber Security Ransomware Attacks Data Breach Data Leak Data protection data security Hacker attack Hacking Group

ShinyHunters Targets McGraw Hill In Salesforce Data Leak Dispute Over Breach Scope

 

A breach at McGraw Hill came to light when details appeared on a leak page run by ShinyHunters, a hacking collective now seeking payment. Appearing online without warning, the listing suggested sensitive data had been taken. The firm acknowledged something went wrong only after outsiders pointed to the published claims. Instead of silence, there followed a brief statement - no elaborate explanations, just confirmation. What exactly was accessed remains partly unclear, though the criminals promise more leaks if demands go unmet. Their method? Take data first, then pressure victims publicly through exposure. 

Though the collective says it pulled around 45 million records from Salesforce setups, McGraw Hill challenges how serious the incident really was. A flaw in a cloud-based Salesforce setup - misconfigured, not hacked - led to what occurred, according to the company. Public release looms unless money changes hands by their stated date. Not a breach of core infrastructure, they clarify. Timing hinges on whether terms get fulfilled. What surfaced came via access error, not forced entry. 

Later came confirmation from the firm: only minor data sat exposed through a public page tied to Salesforce. Not part of deeper networks - systems handling daily operations stayed untouched. Customer records? Still secure. Educational material platforms? Unreached. Personal identifiers like income traces or school files showed no signs of exposure. The breach never reached those layers. A single weak link elsewhere might open doors wider than expected. Problems often start outside core networks, hidden in connected tools. 

One misstep in setup could ripple across several teams relying on Salesforce. When outside systems slip, sensitive details sometimes follow. Security gaps far from the main system still carry risk close to home. What seems distant can quickly become immediate. Even with those reassurances, ShinyHunters insists the breached records include personal details - setting their version against the firm’s own review. Contradictions like this often surface when attacks aim to extort, as hackers sometimes inflate what they took to push targets into responding. 

Now operating at a steady pace, ShinyHunters stands out within the underground scene by focusing less on locking files and more on quietly siphoning information. Instead of scrambling networks, they pressure victims using material already taken - payment demands follow exposure threats. Their name surfaced after breaches hit well-known companies, where leaked datasets served as leverage. Rather than causing immediate downtime, their power lies in what could be revealed. 

What stands out lately is how this group exploited a security gap at Anodet, an analytics company, gaining entry through leaked access tokens aimed squarely at cloud-based data systems. Alongside that incident came the public drop of massive corporate datasets - another sign their main goal remains pulling vast amounts of information from high-profile targets. Among recent breaches, the one involving McGraw Hill stands out - not because of its scale, but due to how it reveals weaknesses hidden within standard cloud setups. 

Instead of breaking through strong defenses, hackers often slip in via small errors made during setup steps handled by outside teams. What makes this case notable is less about immediate damage, more about what follows: sensitive information pulled quietly into unauthorized hands. While systems keep running without interruption, stolen data becomes the weapon - threatening public release unless demands are met. 

Over time, such tactics have shifted the focus of digital attacks away from crashes toward silent leaks. With probes still underway, one thing becomes clear: oversight of outside connections matters more now than ever. When digital intruders challenge what companies say, credibility hinges on openness. Tight rules around setup adjustments help reduce weak spots. How firms handle disclosures can shape public trust just as much as technical fixes. Clarity during crises often separates measured responses from confusion.
Read more »
leaked sensitive data
cybercriminals Ransomware Attack Data Breach Data Hackers Data Leak data security Hacker attack leaked sensitive data

Qilin Ransomware Targets Die Linke in Suspected Politically Motivated Cyberattack

 

A major digital attack hit Die Linke when hackers using the name Qilin said they broke into internal networks and copied confidential files. Because of this breach, private details may appear online unless demands are met - raising alarms about rising cyber threats tied to political agendas across European nations. 

On March 27, the group made public what had just been noticed - odd behavior inside their digital setup. Though Die Linke admitted someone got in without permission, they did not at once call it a complete breakdown of data safety. Later signs point toward intruders possibly reaching inner networks. Some organizational details might now be exposed. One report suggests hackers aimed at company systems plus staff details, mainly tied to central offices. 

What got taken stays uncertain right now - no clear picture on volume or leaks so far. Still, authorities admit: chances of sensitive material being exposed feel real enough. Though gaps remain in understanding the full reach, concern holds steady. Notably, Die Linke confirmed its member records stayed untouched. That means information tied to more than 123,000 individuals likely avoided exposure. 

So, the incident may be narrower than first feared. Early in April, the Qilin ransomware crew named Die Linke among those hit, posting details on their public leak page. Despite holding back actual files until now, these moves often aim to push targets toward payment. Pressure builds when sensitive material might go live - this is how cyber gangs tighten control mid-talks. Something like this might point beyond mere hacking. Die Linke sees signs of coordination, possibly tied to Russian-speaking cybercriminal networks. Not accidental, they argue - the timing matters. 

A move within wider hybrid campaigns emerges here, blending digital strikes with influence efforts. Institutions become targets when data breaches align with disinformation. Cyber actions gain weight when paired with political pressure. This event fits a pattern some have seen before. Digital intrusions serve larger goals when linked to real-world disruption. Following the incident, German officials received official notification along with submission of a criminal report. To examine the security lapse, limit consequences, and repair compromised infrastructure, outside cyber specialists are now assisting the organization. 

Far from unique, such attacks mirror past patterns seen in Germany. State-backed hacking efforts have struck before - especially those tied to APT29 - with political groups often in their sights. Surprisingly, cyber operations against Die Linke reveal how digital security now intertwines with global power struggles - political groups face rising risks from attackers motivated by profit or belief alike. 

While once seen as separate realms, online threats today frequently mirror international tensions, pulling parties like Die Linke into the crosshairs without warning. Because motives differ, so do methods; yet all exploit vulnerabilities in systems meant to serve public discourse. Thus, a breach isn’t merely technical - it reflects broader shifts in who gets targeted, and why.
Read more »
User Privacy
Chrome Extensions Data Breach Data Leak Linkedin User Privacy

LinkedIn Secretly Scans 6,000+ Chrome Extensions, Collects Device Data

 

LinkedIn is facing renewed scrutiny after a report alleged that its website secretly scans browsers for more than 6,000 Chrome extensions and collects device data tied to user profiles . The company says the detection is meant to identify scraping and other policy-violating extensions, not to infer sensitive personal information.

LinkedIn’s critics say the practice goes far beyond basic security checks because the platform can connect extension data to real identities, employers, and job roles. That makes the scanning especially controversial, since the results could reveal which tools workers or companies use, including products that compete with LinkedIn’s own sales offerings.

BleepingComputer said it independently confirmed part of the behavior during testing, observing a LinkedIn-loaded JavaScript file with a randomized name that checked for 6,236 browser extensions . The script reportedly did this by probing extension-related file resources, a known method for determining whether specific extensions are installed . 

The report also says the script gathers broader browser and device details, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features . That kind of data can contribute to browser fingerprinting, which may allow websites to build a more unique profile of a visitor across sessions . 

LinkedIn, however, rejects the allegation that it is using the data to profile users in a harmful way . The company says it looks for extensions that scrape data without consent or violate its terms, and that it uses the findings to improve defenses and protect site stability . The dispute also appears to be tied to a broader legal fight involving a LinkedIn-related browser extension developer, with LinkedIn pointing to a German court ruling that sided with the company .
Read more »
Information Security
Cyber Breach Cyber Security Cyberattacks Data Exposure Data Leak Data Privacy data security Information Security

Mazda Reports Limited Data Exposure After Warehouse System Breach

 

Early reports indicate Mazda Motor Corporation faced a data leak following suspicious activity uncovered in its systems during December 2025. Information belonging to staff members, along with details tied to external partners, became accessible due to the intrusion. Investigation results point to a weak spot found within software managing storage logistics. This particular setup supports component sourcing tasks based in Thailand. Findings suggest the flaw allowed outside parties to enter without permission. 

Despite early concerns, investigators confirmed the breach touched only internal systems - no client details were involved. A count later showed 692 records may have been seen by unauthorized parties. Among what was accessed: login codes, complete names, work emails, firm titles, along with tags tied to collaboration networks. What escaped exposure? Anything directly linked to customers. 

After finding the issue, Mazda notified Japan’s privacy regulator while launching a probe alongside outside experts focused on digital security. So far, no signs have appeared showing the leaked details were exploited. Still, people touched by the event are being urged to watch closely for suspicious messages or fraud risks tied to the breach. Despite limited findings now, caution remains key given how personal information might be used later.  

Mazda moved quickly, rolling out several upgrades to protect its digital infrastructure. With tighter controls on who can enter systems, fewer services exposed online now limit entry points. Patches went live where needed most, closing known gaps before they could be used. Monitoring grew sharper, tuned to catch odd behavior faster than before. Each change connects to a clear goal - keeping past problems from repeating. Protection improves not by one fix but through layers put in place over time. 

Mazda pointed out the breach showed no signs of ransomware or malicious software, yet operations remain unaffected. Though certain hacking collectives once said they attacked Mazda’s networks, the firm clarified this event holds no connection - no communication from any threat actor occurred. 

Now more than ever, protection across suppliers and daily operations demands attention - the car company keeps watch, adjusts defenses continuously. Emerging risks push updates to digital safeguards forward steadily.
Read more »
underground hacking forums
data breach forum shutdown Data Leak Europol cybercrime operation LeakBase takedown underground hacking forums

Global Crackdown Dismantles LeakBase Data Breach Forum, Dozens Targeted in Europol Operation

 

A large-scale international law enforcement effort has reportedly led to multiple arrests as authorities moved to shut down a well-known underground data leak marketplace.

Europol revealed details of a coordinated operation that successfully dismantled LeakBase, a platform it described as “established itself as a central hub in the cybercrime ecosystem”.

Launched in 2021, the forum rapidly grew in scale, amassing over 142,000 registered members within four years. During this time, users created approximately 32,000 posts and exchanged more than 215,000 private messages. Operating openly on the web and primarily in English, the platform enabled users to trade and distribute stolen or compromised data sourced from individuals and organizations worldwide. Notably, content related to Russia was prohibited, with the forum restricting any sale or publication of such data.

On March 3, 2026, authorities from multiple countries carried out nearly 100 coordinated actions, including house searches, “knock-and-talk” interventions, and arrests as part of the crackdown.

While officials did not disclose the exact number of individuals detained, their locations, or specific charges, they confirmed that enforcement measures were taken against 37 of the forum’s most active participants.

The following day, authorities seized control of the forum’s domain and replaced its content. Investigators also obtained the platform’s database, which is now being analyzed to identify users. Officials have reportedly already “engaged directly with several suspects”.

“This operation shows that no corner of the internet is beyond the reach of international law enforcement. What began as a shadowy forum for stolen data has now been dismantled, and those who believed they could hide behind anonymity are being identified and held accountable,” said Edvardas Å ileris, Head of Europol’s European Cybercrime Centre.

“This is a clear message to cybercriminals everywhere: if you traffic in other people’s stolen information, law enforcement will find you and bring you to justice.”
Read more »
France
Cyber Attacks Data Leak FICOBA Financial Fraud France

French FICOBA Breach Exposes 1.2M Bank Accounts

 

A major cyberattack struck France's national bank account registry, FICOBA, exposing sensitive data from over 1.2 million accounts.The breach occurred in late January 2026 when hackers stole login credentials from a civil servant and impersonated an authorized user to access the database. This incident highlights vulnerabilities in government systems handling financial records.

FICOBA serves as France's central repository for all bank accounts opened in domestic institutions, storing identifiers like RIB and IBAN numbers, holder names, and postal addresses. Attackers extracted this information but could not access balances or perform transactions, according to officials. The French Ministry of Finance confirmed tax IDs were not compromised, though early reports varied.

Authorities detected the intrusion swiftly, immediately restricting access and taking the database offline temporarily.It was restored with enhanced security measures after collaboration with the National Cybersecurity Agency (ANSSI). A formal complaint was filed with the National Commission for Information Technology and Civil Liberties (CNIL), and notifications are underway to affected individuals and banks.

The exposure raises alarms for phishing scams and SEPA direct debit fraud, with banks already noting increased suspicious SMS and emails.Criminals could exploit IBANs and personal details for identity theft or unauthorized payments. French tax authorities warn they never request banking info via unsolicited messages.

Safety recommendations 

To protect yourself post-breach, monitor bank statements daily for unauthorized activity and enable transaction alerts. Change passwords on financial accounts, using unique strong ones via a password manager, and activate multi-factor authentication (MFA) everywhere possible. Avoid clicking links in unsolicited emails or texts claiming breach notifications—contact your bank directly through official apps or sites.

Further, freeze credit reports if available in your country to block new accounts in your name, and consider credit monitoring services. Report suspicious activity to your bank and local cyber police immediately.Regularly update software and use antivirus tools to prevent credential theft, emphasizing least-privilege access in organizations. These steps minimize risks from exposed data like in the FICOBA incident.
Read more »
Google Gemini
API Keys Data Breach Data Leak Google Gemini

Google API Keys Expose Gemini AI Data via Leaked Credentials

 

Google API keys, once considered harmless when embedded in public websites for services like Maps or YouTube, have turned into a serious security risk following the integration of Google's Gemini AI assistant. Security researchers at Truffle Security uncovered this issue, revealing that nearly 3,000 live API keys—prefixed with "AIza"—are exposed in client-side JavaScript code across popular sites.

Truffle Security's scan of the November 2025 Common Crawl dataset, which captures snapshots of major websites, identified 2,863 active keys from diverse sectors including finance, security firms, and even Google's own infrastructure. These keys, deployed sometimes years ago (one traced back to February 2023), were originally safe as mere billing identifiers but gained unauthorized access to Gemini endpoints without developers' knowledge.Attackers can simply copy a key from page source, authenticate to Gemini, and extract sensitive data like uploaded files, cached contexts, or datasets via simple prompts.

The danger extends beyond data theft to massive financial abuse, as Gemini API calls consume tokens that rack up charges—potentially thousands of dollars daily per compromised account, depending on the model and context window. Truffle Security demonstrated this by querying the /models endpoint with exposed keys, confirming access to private Gemini features. One reported case highlighted an $82,314 bill from a stolen key, underscoring the real-world impact.

Google acknowledged the flaw as "single-service privilege escalation" after Truffle's disclosure on November 21, 2025, and implemented fixes by January 2026, including blocking leaked keys from Gemini access, defaulting new AI Studio keys to Gemini-only scope, and sending proactive leak notifications. Despite these measures, the "retroactive privilege expansion" caught many off-guard, as enabling Gemini in projects silently empowered old keys.

Developers must immediately audit Google Cloud projects for Gemini API enablement, rotate all exposed keys, and restrict scopes to essentials—avoiding the default "unrestricted" setting. Tools like TruffleHog can scan code repositories for leaks, while regular monitoring prevents future exposures in an era where AI services amplify API risks. This incident highlights the need for vigilance as cloud features evolve.
Read more »
Personal Data
Cloud Conduent Cyber Attacks Data Leak Personal Data

Conduent Leak: One of the Largest Breaches in The U.S


Conduent, a business that offers printing, payment, and document processing services to some of the biggest health insurance companies in the nation, has had at least 25 million people's personal information stolen. Addresses, social security numbers, and health information were exposed to ransomware hackers in what some have already dubbed one of the biggest data breaches in American history. 

According to a letter the business issued online, Conduent initially learned it was the victim of a "cyber incident" more than a year ago on January 13, 2025. The actual breach occurred between October 21, 2024, and January 13, 2025, and it included Conduent's data because the company offers services to health plans.

Names, social security numbers, health insurance details, and unspecified medical information were among the data. In its notice, the business stressed that "not every data element was present for every individual," which implies that some individuals may have had their health insurance information taken but not their social security number, or vice versa. 

According to Bleeping Computer, the Safepay ransomware organization claimed responsibility for the attack, which allegedly captured more than 8 gigabytes of data. Conduent stated online, "Presently, we are unaware of any attempted or actual misuse of any information involved in this incident," while it is unclear if Safepay has demanded payment for the information's recovery.

10.5 million people were affected by the incident, according to Oregon's consumer protection website, although it's unknown how many people in Oregon alone were affected. According to Wisconsin, the national total is more than 25 million. 

Notifications have also been sent to residents of other states, such as California, Delaware, Massachusetts, New Hampshire, and New Mexico. According to the state's attorney general, just 374 people's data was compromised in Maine, one of the states with very tiny numbers. Conduent, a New Jersey-based company, did not reply to emails on Tuesday inquiring about the full extent of the incident and what victims could do about it.

Conduent is providing free credit monitoring and identity restoration services through Epiq to certain individuals, but those affected must join before April 30, 2026, according to a letter given to victims in California.

Read more »
leaked sensitive data
API Keys Data Breach Data Leak Data protection Data Safety User Data data security leaked sensitive data

Critical better-auth Flaw Enables API Key Account Takeover

 

A flaw in the better-auth authentication library could let attackers take over user accounts without logging in. The issue affects the API keys plugin and allows unauthenticated actors to generate privileged API keys for any user by abusing weak authorization logic. Researchers warn that successful exploitation grants full authenticated access as the targeted account, potentially exposing sensitive data or enabling broader application compromise, depending on the user’s privileges. 

The better-auth library records around 300,000 weekly downloads on npm, making the issue significant for applications that rely on API keys for automation and service-to-service communication. Unlike interactive logins, API keys often bypass multi-factor authentication and can remain valid for long periods. If misused, a single key can enable scripted access, backend manipulation, or large-scale impersonation of privileged users. 

Tracked as CVE-2025-61928, the vulnerability stems from flawed logic in the createApiKey and updateApiKey handlers. These functions decide whether authentication is required by checking for an active session and the presence of a userId in the request body. When no session exists but a userId is supplied, the system incorrectly skips authentication and builds user context directly from attacker-controlled input. This bypass avoids server-side validation meant to protect sensitive fields such as permissions and rate limits. 

In practical terms, an attacker can send a single request to the API key creation endpoint with a valid userId and receive a working key tied to that account. The same weakness allows unauthorized modification of existing keys. Because exploitation requires only knowledge or guessing of user identifiers, attack complexity is low. Once obtained, the API key allows attackers to bypass MFA and operate as the victim until the key is revoked. 

A patched version of better-auth has been released to fix the authorization checks. Organizations are advised to upgrade immediately, rotate potentially exposed API keys, review logs for suspicious unauthenticated requests, and tighten key governance through least-privilege permissions, expiration policies, and monitoring. 

The incident highlights broader risks tied to third-party authentication libraries. Authorization flaws in widely adopted components can silently undermine security controls, reinforcing the need for continuous validation, disciplined credential management, and zero-trust approaches across modern, API-driven environments.
Read more »
User Privacy
Conduent Data Breach Data Leak Ransomware attack User Privacy

Conduent Data Breach Expands to Tens of Millions of Americans

 

A massive data breach at Conduent, a leading government technology contractor, has escalated dramatically, now affecting tens of millions of Americans across multiple states. Initially detected in January 2025, the intrusion originated from an unauthorized access on October 21, 2024, allowing hackers to lurk undetected for nearly three months. Recent disclosures reveal the scope far exceeds early estimates, with Texas alone reporting 15.4 million victims, Oregon 10.5 million, and additional hundreds of thousands in Washington, Maine, and beyond.

Conduent provides critical back-end services like payments, printing, and processing for state agencies, transit systems, and insurers serving over 100 million users nationwide. The stolen data trove includes highly sensitive details: names, Social Security numbers, dates of birth, medical records, health insurance IDs, and treatment information. This breach, linked to ransomware group SafePay, exposes victims to severe identity theft and fraud risks, prompting lawsuits and regulatory scrutiny.

The cyberattack disrupted operations briefly, delaying child support payments in states like Wisconsin and affecting insurers such as Premera Blue Cross and Blue Cross Blue Shield of Montana. Conduent, aided by Palo Alto Networks and other forensics experts, secured systems swiftly but incurred $25 million in direct response costs by Q1 2025. No misuse of data has surfaced as of late 2025 notifications, but experts warn of looming phishing and extortion campaigns.

Legal fallout has been swift, with at least nine class-action suits filed over the 10.5 million+ record exposure, marking it as 2025's largest healthcare breach.Notifications began rolling out in October 2025 to state attorneys general in Maine, California, and others, advising credit freezes and fraud alerts—without offering free monitoring. Victims, primarily government program beneficiaries, face heightened vulnerability in an era of persistent ransomware targeting public sector vendors.

Cybersecurity analysts highlight Conduent's prolonged undetected access as a stark reminder of supply chain risks in govtech. The firm's SEC filings underscore ongoing financial strain from notifications and potential liabilities. As investigations continue into 2026, this incident amplifies calls for stricter vendor oversight and zero-trust architectures in handling citizen data.

In response, affected states and insurers urge proactive measures: monitor credit reports, enable multi-factor authentication, and watch for suspicious IRS or healthcare scams. Conduent assures full cooperation with authorities, but the ballooning victim count underscores the fragility of centralized data troves in government services.This breach serves as a pivotal case study in evolving cyber threats to public infrastructure.
Read more »
ShinyHunters
Data Breach Data Leak Harvard Breach Upenn Hack ShinyHunters

ShinyHunters Leak Exposes Harvard and UPenn Personal Data

 

Hacking group ShinyHunters has reportedly published more than a million records stolen from Harvard University and the University of Pennsylvania (UPenn) on its dark web site, putting a vast trove of sensitive personal data within reach of cybercriminals worldwide. The leaked data appears to contain sensitive details about the students, employees, alumni, donors, and family members of the breached organizations. This has expanded the scope of the compromised data to a wide range of people. Initial verification of the leaked data has revealed that at least some of the leaked data is genuine. 

The UPenn breach is believed to have begun in early November 2025, when the hackers gained access to an employee’s single sign-on (SSO) account by claiming to have obtained full access to the UPenn employee’s SSO account. This has essentially turned the SSO account into a master key that has allowed the hackers to access the UPenn VPN system, Salesforce data, the Qlik analytics platform, SAP business intelligence tools, and SharePoint. During the course of the attack, the hackers also used the compromised login credentials to send offensive emails to 700,000 people. Initially, UPenn believed that the emails were fake, but they later turned out to be real.

Harvard confirmed a related compromise roughly three weeks after the UPenn disclosure, tying its own incident to a successful voice phishing (vishing) campaign. In this case, attackers are said to have infiltrated Alumni Affairs and Development systems, exposing data on past and present students, donors, some faculty and staff, and even spouses, partners, and parents of alumni and students. The stolen records reportedly include names, dates of birth, home addresses, phone numbers, estimated net worth, donation history, and sensitive demographic attributes such as race, religion, and sexual orientation.

Unlike traditional ransomware operations that both encrypt systems and steal data, ShinyHunters appears to have focused solely on data theft and extortion, deploying no encryptors in these campaigns. The group allegedly attempted to negotiate payment in cryptocurrency in exchange for promising to delete the stolen files, following the now-common double extortion model. When talks broke down and the universities did not pay, the hackers responded by dumping the data openly on their dark web leak site, amplifying the risk of identity theft, harassment, and targeted scams for victims.

For Harvard and UPenn, the breaches highlight the dangers of over-reliance on SSO accounts and human-centric weaknesses such as vishing, where convincing phone calls trick staff into revealing or approving access. For affected individuals, the publication of highly personal and demographic information raises concerns around fraud, doxxing, discrimination, and reputational harm that could persist for years. The incidents reinforce the need for stronger multifactor authentication, rigorous phishing and vishing awareness training, and tighter controls around high-value institutional accounts holding large volumes of sensitive data.
Read more »
Offline Security
Air Gaps Black hat Cyber Security Data Leak Offline Security

Black Hat Researcher Proves Air Gaps Fail to Secure Data

 

Air gaps, long hailed as the ultimate defense for sensitive data, are under siege according to Black Hat researcher Mordechai Guri. In a compelling presentation, Guri demonstrated multiple innovative methods to exfiltrate information from supposedly isolated computers, shattering the myth of complete offline security. These techniques exploit everyday hardware components, proving that physical disconnection alone cannot guarantee protection in high-stakes environments like government and military networks.

Guri's BeatCoin malware turns computer speakers into covert transmitters, emitting near-ultrasonic sounds inaudible to humans but detectable by nearby smartphones up to 10 meters away. This allows private keys or other secrets to leak out effortlessly. Even disabling speakers fails, as Fansmitter modulates fan speeds to alter blade frequencies, creating acoustic signals receivable by listening devices within 8 meters. For scenarios without microphones, the Mosquito attack repurposes speakers as rudimentary microphones via GPIO manipulation, enabling ultrasonic data transmission between air-gapped machines.

Electromagnetic exploits further erode air-gap defenses. AirHopper manipulates monitor cables to radiate FM-band signals, capturable by a smartphone's built-in receiver. GSMem leverages CPU-RAM pathways to generate cellular-like transmissions detectable by basic feature phones, while USBee transforms USB ports into antennas for broad leakage. These methods highlight how standard peripherals become unwitting conduits for data escape.

Faraday cages, designed to block electromagnetic waves, offer no sanctuary either. Guri's ODINI attack generates low-frequency magnetic fields from CPU cores, penetrating these shields.PowerHammer goes further by inducing parasitic signals on building power lines, tappable by attackers monitoring electrical infrastructure.Such persistence underscores the vulnerability of even fortified setups.

While these attacks assume initial malware infection—often via USB or insiders—real-world precedents like Stuxnet validate the threat. Organizations must layer defenses with anomaly detection, hardware restrictions, and continuous monitoring beyond mere air-gapping. Guri's work urges a reevaluation of "secure" isolation strategies in an era of sophisticated side-channel threats.
Read more »
Subscribe to: Posts (Atom)