< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 19 of 40

Texas Court Bars Samsung From Collecting Smart TV Data

⚖️ The State of Texas secured a temporary restraining order against Samsung, barring it from collecting audio and visual data about what Texas consumers watch on Samsung smart TVs using Automated Content Recognition (ACR). The court found the enrollment process deceptive and opaque, relying on 'dark patterns' that make informed consent impractical. The order halts ACR use, sale, transfer, and data collection for Texas-based TVs pending further proceedings.
read more →

Ni8mare: Critical RCE and data-exposure bug in n8n instances

⚠️ A maximum-severity vulnerability (CVE-2026-21858, 10/10) lets unauthenticated remote attackers fully compromise self-hosted n8n instances by exploiting a content-type parsing flaw in webhook/form handling. Cyera reports more than 100,000 vulnerable servers. The bug allows attackers to control file metadata in req.body.files, enabling arbitrary file reads, secret exfiltration, session forgery and potential command execution. n8n recommends updating to 1.121.0 and restricting public webhook endpoints.
read more →

ownCloud Urges MFA after Credential Theft Reports Globally

🔒 ownCloud has urged users to enable multi-factor authentication (MFA) after reports that threat actors used credentials stolen via infostealer malware to access self-hosted file-sharing instances. The company said the platform was not breached via a zero-day or vulnerability; attackers reused credentials harvested by malware such as RedLine, Lumma, and Vidar. ownCloud recommends enabling MFA, resetting passwords, invalidating sessions, and reviewing access logs to protect data.
read more →

Hackers Claim to Disconnect Brightspeed Customers Now

🔒 Brightspeed is investigating claims that the hacking group Crimson Collective obtained personally identifiable information for over one million customers and disrupted connectivity. The group posted a sample of the data on Telegram in early January and later said it had disconnected many users' home internet, although Brightspeed has not confirmed outages or the breach. The purported dataset includes account records, geolocation details, payment histories and masked card data. The ISP is probing the incident while the authenticity and scope of the claims remain unclear.
read more →

Jaguar Land Rover Q3 wholesale down 43% after attack

🚗 Jaguar Land Rover (JLR) says a September 2025 cyberattack forced production shutdowns and resulted in a 43.3% year‑on‑year decline in third‑quarter wholesale volumes. Production only returned to normal by mid‑November and global distribution delays further reduced sales. JLR booked a £196 million hit, confirmed data theft, and said the incident was claimed by the Scattered Lapsus$ Hunters. The U.K. government later approved a £1.5 billion loan guarantee to help stabilise supply chains while tariffs and the planned discontinuation of legacy Jaguar models also weighed on performance.
read more →

Sedgwick Confirms Breach at Government Contractor Subsidiary

🔒 Sedgwick has confirmed a security incident affecting its federal contractor subsidiary, Sedgwick Government Solutions. The company says the parent firm's network was not affected and that the incident involved an isolated file transfer system. Sedgwick notified law enforcement, engaged external cybersecurity experts, and reported no evidence of access to claims management servers. The TridentLocker ransomware group claims to have exfiltrated 3.39 GB of documents and posted samples on a Tor leak site.
read more →

Coinbase Insider Arrested in India Over Customer Data Leak

🔒 A former Coinbase customer service agent was arrested in Hyderabad, India, after allegedly accepting bribes from criminal gangs to access and sell sensitive customer records, Coinbase CEO Brian Armstrong announced. The incident, disclosed in May 2025, involved compromised support staff leaking data on nearly 70,000 customers, including IDs and financial details. Coinbase refused a US $20 million ransom and instead committed that sum to a reward fund while cooperating with law enforcement.
read more →

Cloud file-sharing breaches selling corporate data

🔐 A threat actor known as Zestix is offering corporate data reportedly stolen from dozens of companies after breaching ShareFile, Nextcloud, and OwnCloud instances. Hudson Rock links initial access to credentials harvested by infostealers such as RedLine, Lumma, and Vidar, often delivered via malvertising or ClickFix campaigns. Many affected accounts lacked multi-factor authentication, enabling unauthorized access and large-scale data exfiltration.
read more →

Brightspeed Probes Alleged Data Theft by Crimson Collective

🔒 Brightspeed is investigating claims that the extortion group Crimson Collective stole sensitive information belonging to more than one million customers. The U.S. broadband provider said it is rigorous in securing networks and is looking into a reported cybersecurity event, promising to keep customers, employees, and authorities informed. Crimson Collective posted on Telegram that the haul includes PII, account and payment details, and appointment/order records, and threatened to publish a sample to force a response.
read more →

Bitfinex Hacker Ilya Lichtenstein Granted Early Release

🔓 Ilya Lichtenstein, convicted in the 2016 Bitfinex exchange breach, has been released from prison early and transferred to home confinement under the First Step Act. Sentenced to five years in November 2024 for money laundering tied to the attack, he served about 14 months before the transfer. Authorities previously recovered roughly 94,000 of the 119,754 stolen bitcoin, making the case one of the largest seizures in US history.
read more →

New Zealand Orders Review of Manage My Health Breach

🔒 The New Zealand government has launched a review after Manage My Health, a national online patient portal, detected a cyber-attack on 30 December 2025 that may have exposed personal data for roughly 100,000–120,000 users. The vendor says the incident has been contained and the application is secure, but an alleged attacker using the alias 'Kazu' claims to have stolen over 428,000 files and demanded a $60,000 ransom. Health New Zealand, the New Zealand Police and independent forensic teams are involved while the Ministry examines data protections and third-party access across the health system.
read more →

Ledger Customers Affected by Global-e Third-Party Breach

🔒 Ledger says some customers had personal data exposed after a breach at third‑party payment processor Global‑e. The company confirmed its own network, hardware, and software were not compromised and that the leaked fields were limited to shopper names and contact information — no payment data, seed phrases, or blockchain secrets were taken. Ledger warned customers to watch for phishing attempts, never disclose their 24‑word recovery phrase, and follow any direct notifications from Global‑e for details.
read more →

Resecurity Lures Alleged ShinyHunters into Decoy Data Trap

🔒 Resecurity says it intentionally diverted attackers into a honeypot after individuals claiming ties to the Scattered Lapsus$ Hunters (SLH) alliance posted screenshots alleging a breach. The company reports it detected reconnaissance of exposed services and steered the activity to an emulated environment populated with synthetic consumer and payment records. According to Resecurity, the adversaries interacted with the decoy, generating telemetry that revealed tooling and methods, while independent researchers have found no evidence that production systems or client data were compromised.
read more →

European Space Agency Confirms External Server Breach

🔒 The European Space Agency (ESA) has acknowledged a December server compromise affecting a small number of external, non-corporate servers that support unclassified collaborative engineering activities. The agency says it has informed relevant stakeholders, implemented measures to secure potentially affected devices and launched a forensic analysis. Reports on underground forums claim over 200GB of data was stolen, including source code, CI/CD pipelines and credentials, raising supply chain and operational concerns.
read more →

Bitfinex Hacker Ilya Lichtenstein Granted Early Release

🔓 Ilya Lichtenstein, convicted in connection with the 2016 Bitfinex breach, announced on X that he has been released early and credited the First Step Act for his early disposition. Federal records list his formal release date as February 9, 2026, while a Trump administration official said he is currently on home confinement. Lichtenstein said he intends to work in cybersecurity and thanked supporters, while prosecutors continue efforts to return seized assets to Bitfinex.
read more →

Analysts Trace $35M Crypto Theft to LastPass 2022 Breach

🔎 TRM Labs investigators say a 2022 data breach at LastPass enabled sustained thefts that drained millions in cryptocurrency from user wallets over several years. The firm traced approximately $28m stolen from 2024 to early 2025 and a further $7m in September 2025, with funds routed to Russian exchanges and money‑laundering services. Using proprietary demixing techniques, analysts were able to correlate CoinJoin‑mixed transactions to withdrawal clusters tied to Russia‑based infrastructure. The report underscores the long‑tail risk from exposed password vault backups and reiterates the need for MFA and prompt password changes.
read more →

Hackers Claim Resecurity Breach; Company Calls It Honeypot

🛡️ Threat actors claiming to be the "Scattered Lapsus$ Hunters" published screenshots saying they accessed Resecurity systems and stole employee data, internal communications, threat reports, and client lists. Resecurity disputes the claim, saying the exposed account was a monitored honeypot populated with synthetic datasets to observe attacker behavior. The firm says it collected telemetry, observed OPSEC failures, and shared intelligence with law enforcement.
read more →

ShinyHunters Claims Resecurity Breach; Firm Calls Honeypot

🔒 ShinyHunters claims it gained full access to cybersecurity firm Resecurity, publishing Telegram screenshots that allegedly show employee records, internal chats, threat intelligence reports, and client data. Resecurity disputes the account, saying the accessed environment was an isolated honeypot populated with synthetic datasets after researchers detected probes in November 2025. The firm reports the actor generated automated exfiltration activity between December 12–24, collected telemetry on proxy infrastructure and tactics, and shared intelligence with law enforcement while the attacker promises to release more evidence.
read more →

Covenant Health: May data breach impacts 478,188 patients

🚨 Covenant Health disclosed that a May intrusion exposed sensitive patient data for 478,188 individuals after a broader analysis revised the initial July estimate of 7,864. The organization says the breach occurred on May 18 and was discovered on May 26; the ransomware group Qilin later claimed responsibility and said 852 GB of data was taken. Exposed elements may include names, addresses, dates of birth, Social Security numbers, medical record and insurance details, and treatment information. Covenant Health engaged third‑party forensics, reports ongoing review, has strengthened security, and is offering affected patients 12 months of free identity protection.
read more →

Cryptocurrency Thefts Linked to 2022 LastPass Breach

🔒 Blockchain investigator TRM Labs says a series of cryptocurrency thefts were traced back to the 2022 LastPass breach, where encrypted vault backups containing private keys and seed phrases were stolen. Attackers appear to have slowly decrypted vaults for users with weak or reused master passwords, draining wallets in waves months or years later. TRM also reported that stolen funds were converted to Bitcoin and laundered through Wasabi Wallet CoinJoin mixes before cash‑out via Russian-linked exchanges.
read more →