< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 20 of 40

Trust Wallet Chrome Extension Hack Drains $8.5M in Dec

🔒 Trust Wallet disclosed that a second wave of the Shai‑Hulud supply chain attack exposed developer GitHub secrets, including a Chrome Web Store API key, enabling attackers to upload a trojanized extension build directly. The malicious update (v2.68) pushed a backdoor that harvested wallet mnemonic phrases to a domain registered as metrics-trustwallet[.]com, leading to the theft of about $8.5 million from 2,520 addresses. Trust Wallet urged users to update to v2.69, launched a reimbursement claim process, and said it has implemented additional monitoring and controls to strengthen its release procedures.
read more →

Hackers Drain $3.9M from Unleash Protocol via Multisig

🔓 The decentralized IP platform Unleash Protocol suffered an unauthorized contract upgrade after an external address gained administrative signing power in its multisig governance, enabling withdrawals. The attacker drained roughly $3.9 million in WIP, USDC, WETH, stIP, and vIP, then bridged funds and deposited 1,337 ETH into Tornado Cash. Unleash has paused operations and engaged external security experts; users should avoid interacting with contracts until the team confirms it is safe.
read more →

Disney to Pay $10M for Alleged COPPA Violations on YouTube

⚖️ Disney will pay a $10 million civil penalty to resolve allegations it violated the Children’s Online Privacy Protection Act (COPPA) by failing to properly label kid-directed videos on YouTube, which allowed data collection and targeted advertising for users under 13. The Department of Justice, following a referral from the FTC, said YouTube had notified Disney in 2020 about mislabeled content, but the company did not ensure correct Made for Kids designations. The settlement requires Disney to notify parents before collecting children's data and to correct video labels to prevent unlawful targeted ads.
read more →

ESA Confirms Breach of External Servers Hosting Code

🔒 The European Space Agency (ESA) confirmed a cybersecurity incident affecting a small number of servers located outside its corporate network that supported unclassified collaborative engineering activities. Threat actors claim they accessed JIRA and Bitbucket instances for about a week and exfiltrated over 200GB of data, including source code, CI/CD pipelines, tokens, and configuration files. ESA has initiated forensic analysis, notified relevant stakeholders, and implemented measures to secure potentially affected devices while the investigation continues.
read more →

Coupang to Pay $1.17B to 33.7M Breach Victims in Korea

🔔 Coupang announced it will distribute ₩1.685 trillion (about $1.17 billion) in compensation to 33.7 million customers affected by a data breach, with payments beginning January 15, 2026. The company said each customer will receive four single-use vouchers totaling 50,000 won for various Coupang services and products. Coupang reported the breach occurred on June 24, was discovered in mid-November, and has prompted a police investigation into a former IT employee.
read more →

Trust Wallet: $7M Stolen from 2,596 Wallets via Extension

🔒 Trust Wallet says attackers who pushed a malicious Chrome extension release on Dec 24 exfiltrated sensitive data and drained roughly $7 million from 2,596 wallet addresses. The compromise involved a malicious JavaScript added to v2.68.0 that bypassed internal release controls; users were urged to update to v2.69. Trust Wallet has begun reimbursing verified victims and strongly warned users not to share seed phrases or private keys.
read more →

Former Coinbase Support Agent Arrested in India After Breach

🔒 A former Coinbase customer support agent was arrested in Hyderabad after investigators linked the individual to a scheme that helped hackers access a company database earlier this year. Coinbase CEO Brian Armstrong said additional arrests are expected. The incident, tied to outsourced agents at TaskUs, affected about 69,500 customers and involved a $20 million ransom demand.
read more →

Final 2025 Weekly Recap: MongoDB, Wallet, and Supply Chain

🔔 A newly disclosed MongoDB memory-exposure flaw (CVE-2025-14847, "MongoBleed") and a wave of supply-chain and update-channel compromises defined the final week of 2025. Active exploitation of MongoDB affected tens of thousands of instances worldwide while extension- and package-based attacks, including a compromised Trust Wallet Chrome extension and a malicious npm package, led to immediate thefts and account takeovers. The recap stresses rapid attacker tempo, the abuse of trusted update/support channels, and persistent impacts that can surface months or years after an initial compromise.
read more →

Korean Air Data Breach Exposes Thousands of Employees

🔓 Korean Air warned employees that personal information, including names and bank account numbers, was compromised after its former in-flight catering supplier, Korean Air Catering & Duty-Free (KC&D), notified the carrier it had been hacked. Local outlets report about 30,000 records were exfiltrated, and the Clop ransomware gang has claimed responsibility and posted the alleged data on its leak site. Korean Air reported the incident to authorities, is investigating the scope, and urged staff to remain vigilant for phishing and impersonation attempts.
read more →

December 2025 cybersecurity roundup by Tony Anscombe

📰 ESET Chief Security Evangelist Tony Anscombe reviews the key cybersecurity stories closing out 2025, spotlighting significant incidents and trends. He highlights FinCEN's finding that U.S. organizations paid over $2.1 billion in ransomware between 2022 and 2024, and legal action by the Texas Attorney General against major TV manufacturers for alleged secret collection of viewing data. Tony also examines notable breaches and the tactics used by threat actors, offering practical perspective on risks and resilience.
read more →

Hacker Claims WIRED Subscriber Database Leak, 2.3M

🔓 A threat actor using the handle 'Lovely' claims to have leaked an alleged WIRED subscriber database containing 2,366,576 records and offered access on hacking forums for roughly $2.30 in site credits. BleepingComputer validated multiple records and security researchers, including Alon Gal, corroborated the dataset via infostealer logs. The dataset includes email addresses, optional PII (names, addresses, birthdays, phone numbers), account timestamps spanning 1996–2025, and has been added to Have I Been Pwned for user checks.
read more →

Massive Rainbow Six Siege breach grants billions of credits

🚨 Ubisoft's Rainbow Six Siege suffered an in‑game abuse incident that allowed attackers to ban and unban players, display fake ban messages, and grant approximately 2 billion R6 Credits and Renown to accounts worldwide. Ubisoft confirmed the issue at 9:10 AM Saturday, intentionally shut down Siege and its Marketplace while teams investigated, and said transactions since 11:00 UTC will be rolled back. The company stated players will not be punished for spending the granted credits.
read more →

LastPass 2022 Breach Enabled Years-Long Crypto Drains

🔐 TRM Labs says encrypted vault backups stolen in the 2022 LastPass breach have been incrementally cracked by attackers exploiting weak master passwords, resulting in cryptocurrency drains as recently as late 2025. The firm traces over $35 million in siphoned assets, much of it laundered through CoinJoin and Russian-linked exchanges. TRM highlights how demixing and operational analysis linked activity to Russia-associated infrastructure and warns users who did not rotate credentials remain at risk.
read more →

FBI Seizes Domain Hosting Stolen US Bank Credentials

🔒 The FBI has seized the domain web3adspanels.org and the backend database used to host thousands of stolen U.S. bank login credentials collected via phishing ads on Google and Bing. Authorities report confirmed financial losses of about $14.6 million and attempted losses near $28 million, affecting at least 19 victims including two companies in the Northern District of Georgia. The seizure, conducted with help from Estonian and other international partners, removed a server that was active as recently as November; no arrests have been announced.
read more →

Attacks Evolve: Three Practical Protections for 2026

🔐 Small and medium-sized businesses became the primary target of data breaches in 2025, as attackers shifted focus from well-defended large enterprises to higher-volume attacks against smaller organizations. High-profile incidents at Tracelo, PhoneMondo, and SkilloVilla exposed millions of customer records—predominantly names and contact information—raising the risk of follow-on phishing and fraud. To reduce breach risk in 2026, adopt two-factor authentication, enforce the principle of least privilege for access control, and centralize credentials with a secure password manager. These steps are practical, cost-effective, and scalable for SMBs.
read more →

Clop-linked Breach Exposes 3.5M University of Phoenix Data

🔒 University of Phoenix disclosed a breach affecting 3,489,274 individuals after attackers accessed its systems in August and stole sensitive personal and financial data. Investigators say the intrusion targeted the Oracle E-Business Suite, exploiting a zero-day tracked as CVE-2025-61882, active August 13–22 and detected November 21. The university is offering 12 months of credit and dark web monitoring, identity recovery and a $1m fraud reimbursement. The incident is linked to Clop and forms part of a wider campaign that has hit more than 100 organizations.
read more →

Coupang Sued for Delayed SEC Breach Disclosure, Key Failures

🔒 Coupang disclosed a massive breach via a Form 8-K 28 days after discovering unauthorized access on Nov. 18, 2025, prompting a US securities class action that alleges the delay violated SEC rules requiring material incident disclosure within four business days. The complaint asserts CEO Bom Kim and CFO Gaurav Anand knew or recklessly disregarded inadequate cybersecurity controls that allowed a former employee to access customer data for nearly six months. Investigators found signing keys and authentication tokens were not revoked after the employee’s departure, exposing personal information from 33.7 million accounts and revealing systemic failures in key management. Coupang faces parallel scrutiny from South Korean authorities, potential fines, and ongoing litigation.
read more →

Nissan Confirms 21,000 Customers Impacted by Red Hat Breach

🔓 Nissan has disclosed that a third-party breach at Red Hat in September led to the exposure of about 21,000 customer records tied to its Fukuoka sales unit. The carmaker said it was notified by Red Hat on October 3 and has informed the Personal Information Protection Commission while contacting affected individuals. Exposed fields include names, addresses, phone numbers and partial email addresses, but not payment card data. Nissan warned customers to be vigilant for suspicious calls or mail while investigations continue.
read more →

Brushing Scams: Unsolicited Parcels and Fake Reviews

📦Brushing scams involve sellers sending unsolicited, low‑value items to random addresses to create fake purchase histories and post 5‑star reviews. Attackers obtain names and mailing addresses from breaches, people‑search services or public scraping, then use fake buyer accounts to place and rate orders. Parcels can signal compromised data and sometimes include QR codes that lead to phishing or malware. If you receive an unexpected item, check accounts, enable MFA, and report it to the marketplace.
read more →

Baker University 2024 Data Breach Exposes 53,624 Records

🔒 Baker University disclosed a 2024 data breach after attackers accessed its network in December 2024 and exfiltrated records for 53,624 individuals. The compromised information potentially included names, dates of birth, Social Security numbers, driver’s license and passport numbers, financial account details, and medical and insurance information. The university is offering free credit monitoring and says it has engaged external cybersecurity experts and rebuilt a primary compromised platform.
read more →