< ciso
brief />
Tag Banner

All news with #breach tag

207 articles · page 5 of 11

Critical BeyondTrust RCE Now Exploited in Attacks Globally

🚨 A critical pre-authentication remote code execution vulnerability, CVE-2026-1731, in BeyondTrust Remote Support and Privileged Remote Access appliances is being actively exploited after a proof-of-concept was published. The flaw affects Remote Support ≤25.3.1 and Privileged Remote Access ≤24.3.4 and allows unauthenticated attackers to execute OS commands as the site user. BeyondTrust automatically patched SaaS instances on Feb 2, 2026; on-premises customers must install vendor updates immediately.
read more →

Warlock Ransomware Exploits Unpatched SmarterMail Instance

🔒 SmarterTools confirmed a network breach by the Warlock (aka Storm-2603) ransomware group after attackers exploited an unpatched SmarterMail instance on January 29, 2026. A single, unpatched VM allowed lateral movement to about a dozen Windows servers across the office network and a secondary QC data center, with hosted SmarterTrack customers most affected. Operators staged tools including Velociraptor and deployed a locker after gaining Active Directory control. SmarterTools urges immediate upgrade to Build 9526 and isolation of mail servers to limit further ransomware deployment.
read more →

BridgePay Confirms Ransomware Caused System-wide Outage

🔒 BridgePay Network Solutions has confirmed a ransomware attack triggered a system-wide IT outage, according to security alerts published on February 6. Initial forensic work indicates no payment card data appears to have been compromised and that any accessed files were encrypted. The company said it is working with cybersecurity specialists, the FBI and the US Secret Service and that recovery may be lengthy; it will provide regular updates to affected customers and partners.
read more →

European Commission: Mobile Management Platform Breach

🔒 The European Commission is investigating a breach after detecting traces of a cyberattack against its mobile device management platform on 30 January. The incident may have exposed some staff names and mobile numbers, but investigators say there is no evidence that individual mobile devices were compromised. The Commission says the affected system was contained and cleaned within nine hours. The activity is believed to be linked to exploitation of Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities.
read more →

Man Pleads Guilty to Hacking Nearly 600 Snapchat Accounts

🔒 Kyle Svara, 26, pleaded guilty in federal court to phishing access codes and hacking nearly 600 Snapchat accounts to steal nude photos that he kept, sold, or traded. Between May 2020 and February 2021 he used social engineering to harvest credentials from roughly 570 victims and accessed at least 59 accounts to download private images. Svara advertised hacking services online, communicated via Kik, and accepted paid jobs including work for former Northeastern coach Steve Waithe. He now faces multiple federal charges, and is scheduled for sentencing on May 18.
read more →

Cyberattack Halts Production at Romina Mineralbrunnen

⚠️ Romina Mineralbrunnen, producer of Eiszeitquell and Silberbrunnen, is facing a cyberattack that has brought production at its Reutlingen-Rommelsbach bottling sites to a standstill. The company reports that phones and email are currently unreachable, and local reporting indicates production has stopped. Reutlingen police have opened an investigation, but the method of attack and whether data was exfiltrated remain unknown. Operations and deliveries are impacted while the company assesses the situation.
read more →

Notepad++ Hosting Breach Attributed to Lotus Blossom

🔒 Rapid7 attributes a late-2025 compromise of the infrastructure hosting Notepad++ to the China-linked actor known as Lotus Blossom. Attackers delivered a previously undocumented backdoor, Chrysalis, via a malicious NSIS installer after hijacking update requests beginning in June 2025; access was terminated on December 2, 2025. Notepad++ patched updater verification in version 8.8.9, migrated hosting, rotated credentials, and responders have published indicators and mitigations.
read more →

Operation Switch Off: Major IPTV Services Dismantled

🔒 A coordinated international law enforcement operation led by Italy’s District Prosecutor’s Office of Catania, with support from Europol, Eurojust and Interpol, dismantled three large illegal IPTV platforms. Authorities seized infrastructure linked to IPTVItalia, migliorIPTV and DarkTV, identified 31 suspects and disrupted servers across Romania and Africa. Investigators report the services illegally retransmitted content from providers such as Sky, DAZN, Netflix and others while using cryptocurrencies and shell companies to obscure proceeds.
read more →

Badges, Bytes and Blackmail: Law Enforcement Trends

🛡️ Orange Cyberdefense compiled a dataset of 418 publicly reported law enforcement actions from 2021 to mid-2025 to clarify how agencies address cybercrime. The study shows extortion (including ransomware), malware, and hacking are the most targeted offenses, while arrests (29%), takedowns (17%) and charges (14%) are the predominant responses. The U.S. DOJ and FBI are most visible, with extensive public–private collaboration supporting operations.
read more →

Match Group Breach Exposes Data from Multiple Dating Apps

🔒Match Group confirmed a security incident after the ShinyHunters group leaked 1.7 GB of compressed files allegedly containing about 10 million records from Hinge, Match, and OkCupid, along with internal documents. The company says it terminated unauthorized access, is working with external experts, and believes a limited amount of user data was exposed with no indication that login credentials, financial information, or private communications were accessed. Match Group is notifying affected individuals as appropriate and continuing its investigation.
read more →

Marquis Links Ransomware Breach to SonicWall Cloud Backup

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.
read more →

Nike Investigates Data Breach After Extortion Leak

🔒 Nike is investigating a potential cyber security incident after the extortion group World Leaks published 1.4 TB of files it claims were stolen from the company. Nike said it takes consumer privacy and data security seriously and is actively assessing the situation. The group claimed nearly 190,000 corporate files but later removed Nike from its leak site, a step often seen during negotiations or after a ransom payment.
read more →

eScan update breach distributes multi-stage malware

🛡️ Morphisec Threat Labs has identified a critical supply-chain compromise of MicroWorld Technologies’ eScan antivirus discovered on 20 January 2026, in which malicious updates were delivered via the vendor's legitimate update infrastructure. The trojanized 32-bit executable, allegedly signed with a compromised certificate, deployed a downloader and a 64-bit backdoor, established persistence and implemented anti-remediation controls to block further updates. Morphisec reported blocking the activity on protected systems and urged immediate investigative and remediation actions for affected organizations.
read more →

Law Firm Probes Coupang Security Failures After Breach

🔍 US law firm Hagens Berman is investigating alleged security failures at Coupang after a June 2025 breach that may have exposed the personal data of 33.7 million customers. The firm says it is probing why it took nearly six months to detect a former employee’s access and alleges inadequate access protocols. Investors are being urged to join a class action by the February 17 lead-plaintiff deadline. South Korean regulators and police have also opened inquiries, and Coupang has faced executive changes and an order to remove a liability disclaimer from its terms.
read more →

Eurail/Interrail Customer Database Breach Exposes PII

🔒 Utrecht-based Eurail BV has confirmed that an unauthorized party accessed its customer database, potentially exposing a range of personal information for Interrail pass holders and some DiscoverEU participants. Affected items may include identification data (first and last name, date of birth, gender), contact details (email, home address, telephone) and passport details (number, issuing country, expiry). The company says the investigation is ongoing and that there is currently no indication the data have been misused or publicly shared; it is advising customers to remain vigilant, change passwords for Rail Planner and related accounts, and consult the provider’s FAQ for guidance.
read more →

Grubhub Confirms Data Theft, Faces Extortion Demand

🔒 Grubhub confirmed unauthorized actors downloaded data from certain systems and said it investigated, halted the activity, and is taking steps to strengthen its security posture. The company stated that financial information and order histories were not affected but declined to answer further questions about timing, affected users, or extortion. Grubhub said it is working with a third-party cybersecurity firm and law enforcement, while sources tell BleepingComputer that threat actors are demanding payment.
read more →

Eurail/Interrail Customer Database Breach Exposes PII

🔒 Eurail B.V. has acknowledged unauthorized access to its Interrail customer database, potentially exposing identity, contact and passport information for affected customers. The company says there are no indications of misuse or public sharing so far and that investigations are ongoing. Customers who booked under the EU DiscoverEU program may have had copies of identity documents, IBANs and health data accessed. Eurail recommends vigilance and changing passwords for associated accounts.
read more →

Victorian Education Department Notifies Parents of Data Breach

🔒The Victorian Department of Education has notified parents that an unauthorized third party accessed a database containing student names, school names, year levels and school-issued email addresses, along with encrypted passwords for accounts that use those emails. The department said more sensitive fields such as birth dates, home addresses and phone numbers were not exposed. All student passwords have been reset and access to school accounts is blocked until new credentials are issued; VCE students will be prioritised. Authorities say they removed the attack vector and have not found evidence the data was publicly released or shared, and further updates will be provided.
read more →

Monroe University breach: 320,973 records exposed nationwide

🔒 Monroe University disclosed that threat actors accessed its network from December 9 to December 23, 2024, and stole personal, financial, and health information affecting 320,973 people. The university said stolen records may include names, dates of birth, Social Security numbers, government IDs, medical and insurance data, account usernames, passwords, and financial account information. Notifications began January 2 and affected individuals were offered one year of free credit monitoring through Cyberscout; the incident follows prior ransomware attacks and broader targeting of higher education institutions.
read more →

Central Maine Healthcare breach exposes data of 145,381

🛡️ Central Maine Healthcare disclosed a security incident after discovering unauthorized access to its systems between March 19 and June 1, 2025. The investigation, completed on November 6, 2025, determined that 145,381 individuals — including patients and current or former employees — may have had sensitive information exposed. Exposed data types vary by person and can include full names, dates of birth, treatment and service details, provider names, health insurance information, and Social Security Numbers. CMH has begun notifying affected individuals, is offering free credit monitoring, and has set up a dedicated patient support line to answer questions and accept reports of potential data misuse.
read more →