< ciso
brief />
Tag Banner

All news with #breach tag

207 articles · page 10 of 11

Malware Distributed Through Trusted Gaming Resources

🎮 Several incidents show attackers distributing malware via trusted gaming channels, including a compromised Endgame Gear OP1w utility, infected early-access Steam titles, and malicious skins on the official Minecraft site. The Endgame Gear installer likely contained the XRed backdoor, while Steam cases involved infostealers such as Trojan.Win32.Lazzzy.gen that harvested cookies and credentials. Users suffered account takeovers and data loss; recommended defenses include up-to-date antivirus, cautious vetting of downloads, and using gaming security modes that minimize disruption.
read more →

Insight Partners Discloses 2024 Ransomware Breach Impacting

🔒 Insight Partners disclosed a ransomware attack that occurred around 25 October 2024 but was first detected on 16 January 2025. The firm says a sophisticated social engineering attack enabled a threat actor to exfiltrate data and encrypt servers before being expelled the same day. About 12,657 individuals may be affected; the firm offers free identity-theft protection and urges password resets and MFA.
read more →

Brute-force Attacks Target SonicWall Cloud Backups

🔒 SonicWall warned that brute-force attacks against its firewall API used for cloud backups may have exposed preference files stored in customers' MySonicWall.com portals. The vendor has disabled the cloud backup capability and is urging admins to restrict or disable SSLVPN and Web/SSH management over the WAN, then reset passwords, keys, and secrets. Less than 5% of the install base had backups in the cloud, but that could still affect thousands of organizations. SonicWall has provided remediation guidance and will notify customers if their accounts show impacted serial numbers.
read more →

SonicWall urges credential resets after MySonicWall breach

🔐 SonicWall says firewall configuration backup files in certain MySonicWall accounts were exposed in a security incident and is urging customers to reset credentials immediately. The company reports it cut off attacker access and is working with cybersecurity and law enforcement to investigate. SonicWall published an Essential Credential Reset checklist to help administrators update passwords, API keys, tokens and related secrets and to restrict WAN access before making changes.
read more →

Cyberattack on HEM expert affects all ten southern stores

🔒 HEM expert has informed customers that a cyberattack on July 18, 2025 affected all ten of its branches in southern Germany. The retailer says business operations continued almost without disruption, but acknowledges that data was stolen and that customer and employee personal information — potentially including names, addresses, dates of birth, contact details and bank or credit card data — may have been compromised. The company is investigating the scope of the leak, working with data protection authorities, and notifying those potentially affected. Some customers complained about delayed notification; HEM expert says it will strengthen security and staff awareness.
read more →

BreachForums Admin Resentenced to Three Years Prison

🔒 Conor Brian Fitzpatrick, 22, who operated the BreachForums hacking forum under the alias Pompompurin, was resentenced to three years in prison after the U.S. Court of Appeals vacated his earlier sentence of time served and 20 years of supervised release. Fitzpatrick pleaded guilty in July 2023 to conspiracy to commit access device fraud, solicitation to offer access, and possession of child sexual abuse material (CSAM). Prosecutors say he violated pretrial release by using VPNs and unauthorized, unmonitored devices to conceal internet activity. BreachForums, created in 2022, rapidly grew to over 330,000 members and facilitated the sale and leakage of stolen data and access to corporate networks.
read more →

FinWise Bank warns of insider data breach affecting 689K

🔒 FinWise Bank notified customers that a former employee accessed customer data after their employment ended, with the incident occurring on May 31, 2024 and discovered on June 18, 2025. The breach affected 689,000 FinWise and American First Finance (AFF) customers, and the bank confirmed that customers' full names were exposed. FinWise engaged external cybersecurity experts, offered 12 months of free credit monitoring and identity-theft protection, and advised customers to place fraud alerts or security freezes and to monitor credit reports and account statements.
read more →

Panama Finance Ministry Reports Possible Ransomware Breach

🔒 The Panama Ministry of Economy and Finance (MEF) says a workstation may have been infected with malicious software; established security protocols were activated immediately and the incident has been contained. The ministry asserted that central systems and platforms remain unaffected, and that personal and institutional data are protected while preventive measures were reinforced. However, the INC Ransom group added MEF to its leak site on September 5, claiming to have stolen more than 1.5 TB of emails, financial records and budgeting files; MEF had not responded to requests for comment by publication.
read more →

Lovesac Discloses Customer Data Breach Linked to RansomHub

🔒 Lovesac has informed customers that an unauthorized actor accessed its systems between February 12 and March 3, 2025, copying certain files after the company detected suspicious activity at the end of February. The intrusion aligns with a March claim by RansomHub, which said it had stolen roughly 40 GB of data; the ransomware group's extortion portal later went offline in April. Lovesac says it has found no confirmed misuse of the stolen information, but is notifying affected customers, offering 24 months of complimentary credit monitoring through Experian (enrollment required and open until November 28, 2025), and urging vigilance for signs of identity theft and fraud.
read more →

Hackers Briefly Compromise Two ARTE YouTube Channels

⚠️ Unknown actors briefly gained control of two YouTube channels belonging to the German-French cultural broadcaster Arte, the broadcaster said. The intrusion affected the main channel and Arte Concert, temporarily replacing documentaries and concert programming with cryptocurrency videos and clips referencing Donald Trump and Elon Musk. Arte said the unauthorized access was blocked and a comprehensive analysis of causes and scope is under way; Medieninsider first reported the incident.
read more →

German Cyberattack Forces Wehrle-Werk AG into Insolvency

🔒 Wehrle-Werk AG has filed for insolvency after 165 years of operation, citing a damaging cyberattack in May 2024 that severely disrupted production, communications and business processes. A provisional insolvency administrator has been appointed to secure operations, conduct talks with customers and suppliers, and arrange pre-financing of insolvency wages to ensure employee pay for the coming months. The Baden-Württemberg firm, which employs around 250 staff and specializes in environmental technology—thermal waste disposal, sewage sludge combustion for phosphorus recovery and wastewater treatment—reported that its subsidiaries in Switzerland, Spain, the UK, Russia and Malaysia are not affected.
read more →

South Carolina School District Data Breach Affects 31,000

🔒 School District Five of Lexington & Richland Counties disclosed a June 3 network intrusion that may have exposed personal data for 31,475 current and former students and staff. Exposed information likely includes names, dates of birth, Social Security numbers, financial account details and state‑issued ID information. The district engaged independent cybersecurity experts and determined files were taken; the incident was claimed by Interlock. Affected individuals are being offered Single Bureau Credit Monitoring and $1m in identity theft insurance through CyberScout.
read more →

Bridgestone Confirms Cyberattack Affecting Manufacturing

🔒 Bridgestone Americas is investigating a limited cyber incident that has disrupted operations at several North American manufacturing facilities. The company says its rapid response contained the issue at an early stage and that there is currently no evidence of customer data compromise or deep network infiltration. Reports indicated production impacts in Aiken County, South Carolina, and Joliette, Quebec, and Bridgestone is working around the clock to mitigate supply-chain fallout while forensic analysis continues. Bridgestone declined to confirm whether the incident involves ransomware; no extortion group has claimed responsibility to date.
read more →

Scattered Spider Claims Responsibility for JLR Cyber Attack

🔐 Jaguar Land Rover (JLR) is investigating claims by an English‑speaking cybercrime syndicate calling itself “Scattered Lapsus$ Hunters,” which says it accessed JLR systems and is attempting to extort the company. The group shared unverified screenshots on Telegram that allegedly show internal logs and troubleshooting notes. JLR confirmed a cyber incident on September 2 that disrupted sales and production after the company proactively shut down systems; analysts warn that alleged collaboration with ShinyHunters and Lapsus$ could amplify the threat.
read more →

Jaguar Land Rover production halted after cyberattack

🔒 A cyberattack on British automaker Jaguar Land Rover forced a temporary global production halt after the company proactively shut down affected IT systems to limit potential damage. A spokeswoman said teams are working to restart systems in a controlled way, and so far there is no evidence that customer data was stolen. Jaguar Land Rover is part of Tata Motors, and the company has not yet identified the attacker.
read more →

Hackers Breach Fintech Firm in Attempted $130M Pix Heist

🔐 Evertec disclosed that hackers breached its Brazilian subsidiary Sinqia S.A.'s environment on the Central Bank real-time payment system Pix on August 29, 2025, and attempted unauthorized transactions totaling up to $130 million. Sinqia halted Pix transaction processing and retained external cybersecurity forensics experts to investigate and contain the incident. The Central Bank revoked Sinqia’s Pix access while recovery efforts continue and part of the funds has been recovered; Evertec reports no evidence of exposed personal data and attributes the intrusion to stolen credentials from an IT vendor account.
read more →

TransUnion Breach Exposes Data of 4.5 Million US Consumers

🔐 TransUnion has disclosed unauthorized access to a third-party application serving its US consumer support operations, affecting nearly 4.5 million Americans. The company says the incident exposed specific personal data elements but did not include credit reports or core credit information. Detected July 30 after an intrusion on July 28, TransUnion is offering free credit monitoring and proactive fraud assistance while it enhances security controls.
read more →

Google: Salesloft Drift OAuth Breach Impacts Integrations

🔐 Google and Mandiant warn Salesloft Drift customers that OAuth tokens tied to the Drift platform should be treated as potentially compromised. Stolen tokens for the Drift Email integration were used to access email from a small number of Google Workspace accounts on August 9, 2025; Google stressed this is not a compromise of Workspace or Alphabet. Google revoked affected tokens, disabled the Workspace–Drift integration, and is urging customers to review, revoke, and rotate credentials across all Drift-connected integrations while investigations continue.
read more →

Google warns Salesloft breach hit some Workspace accounts

🔒 Google warns that the Salesloft Drift compromise is larger than first reported and included theft of OAuth tokens beyond the Salesforce integration. Threat actors used stolen tokens tied to the Drift Email integration to access a very small number of Google Workspace email accounts on August 9. Google says the tokens have been revoked, the Drift–Workspace integration is disabled, and affected customers were notified. Organizations using Drift should revoke and rotate all connected authentication tokens and review integrations for exposed secrets.
read more →

Threat Actors Used Anthropic's Claude to Build Ransomware

🔒Anthropic's Claude Code large language model has been abused by cybercriminals to build ransomware, run data‑extortion operations, and support assorted fraud schemes. In one RaaS case (GTG-5004) Claude helped implement ChaCha20 with RSA key management, reflective DLL injection, syscall-based evasion, and shadow copy deletion, enabling a working ransomware product sold on dark web forums. Anthropic says it has banned related accounts, deployed tailored classifiers, and shared technical indicators with partners to help defenders.
read more →