< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 36 of 40

Weekly Recap: WhatsApp 0-Day, Docker Bug, Breaches

🚨 This weekly recap highlights multiple cross-cutting incidents, from an actively exploited WhatsApp 0‑day to a critical Docker Desktop bug and a Salesforce data-exfiltration campaign. It shows how attackers combine stolen OAuth tokens, unpatched software, and deceptive web content to escalate access. Vendors issued patches and advisories for numerous CVEs; defenders should prioritize patching, token hygiene, and targeted monitoring. Practical steps include auditing MCP integrations, enforcing zero-trust controls, and hunting for chained compromises.
read more →

Ransomware Attack on Swedish Supplier Exposes Worker Data

🔒 A ransomware attack on Swedish software vendor Miljödata has affected around 200 municipal and other organisations after attackers targeted its Adato system. Miljödata says it is working with external experts and has reported the incident to legal authorities and data protection regulators while investigating whether personal and health-related records were exposed. Police say extortionists demanded 1.5 bitcoins (about SEK 1.5M / US$165,000) and national agencies are coordinating the response.
read more →

TransUnion Breach Exposes Data of 4.5 Million US Consumers

🔐 TransUnion has disclosed unauthorized access to a third-party application serving its US consumer support operations, affecting nearly 4.5 million Americans. The company says the incident exposed specific personal data elements but did not include credit reports or core credit information. Detected July 30 after an intrusion on July 28, TransUnion is offering free credit monitoring and proactive fraud assistance while it enhances security controls.
read more →

Nevada Confirms Ransomware Attack, Data Exfiltrated

🔒 Nevada has confirmed a ransomware attack that resulted in data being exfiltrated from state networks. Tim Galluzi, Nevada's chief information officer, said the incident was first detected on August 24 and was disclosed by the governor's office on August 25; he provided an update in a press conference on August 27. Systems and digital services were taken offline to prevent further intrusion, and a forensic investigation involving third-party specialists, the FBI and CISA is ongoing to determine the nature and scope of the stolen information. No criminal actor had claimed responsibility at the time of reporting.
read more →

Whistleblower: DOGE Placed SSA NUMIDENT on Insecure Cloud

⚠️A protected whistleblower alleges that the Department of Government Efficiency (DOGE) copied the Social Security Administration's NUMIDENT database to an unsecured Amazon Web Services test environment, bypassing mandated oversight and authorization. The complaint names several DOGE-affiliated hires and documents approvals and risk assessments dated June 12, June 25, and July 25, 2025. It alleges the move circumvented required FISMA authorization and NIST SP 800-53 controls, exposing sensitive personal data for more than 300 million people and potentially violating the Privacy Act and the CFAA.
read more →

Widespread Data Theft via Salesloft Drift Targets Salesforce

🔒 GTIG warns of a widespread data-theft campaign by UNC6395 that abused compromised OAuth tokens for the Salesloft Drift connected app to export data from multiple Salesforce customer instances between Aug. 8 and Aug. 18, 2025. The actor executed SOQL queries against objects including Accounts, Cases, Users, and Opportunities to harvest credentials and secrets—observed items include AWS access keys, Snowflake tokens, and passwords. Salesloft and Salesforce revoked tokens and removed the Drift app from the AppExchange; impacted organizations should search for exposed secrets, rotate credentials, review Event Monitoring logs, and tighten connected-app scopes and IP restrictions.
read more →

Alleged Mastermind Behind K-Pop Stock Heist Extradited

🔒 South Korean authorities have extradited a 34-year-old suspect from Thailand, accused of masterminding a coordinated campaign that siphoned millions in stocks from celebrities, including Jung Kook. Investigators say the group stole personal data from Korean telecom firms, used it to assume victims' identities and opened brokerage accounts between August 2023 and January 2024. With assistance from Interpol and Thai authorities, officials tracked and arrested the suspect, who has admitted some allegations while denying others.
read more →

Ransomware Disrupts Operations at Data I/O Manufacturer

🔒 Data I/O, a US-based provider of programming solutions for Flash devices, disclosed a ransomware incident on 16 August that forced it to take platforms offline and deploy mitigations. The company said operations including communications, shipping, manufacturing and support functions were temporarily impacted while it restores systems. Costs for remediation and contractor fees are reasonably likely to affect finances. Major customers include Tesla, Panasonic, Amazon, Google and Microsoft.
read more →

Yemen Cyber Army Hacker Jailed for Massive Data Theft

🔒 A 26-year-old man, Al-Tahery Al-Mashriky, has been jailed after UK National Crime Agency investigators linked him to the Yemen Cyber Army and uncovered evidence of widespread website breaches. Arrested in August 2022 in Rotherham, he defaced and compromised sites across North America, Yemen and Israel, including government and faith organisations. Forensically seized devices contained personal data, account credentials and other files that could facilitate fraud; he pleaded guilty and was sentenced to 20 months in prison.
read more →

Analyzing organizational traffic to Leakzone forum

🔍 UpGuard examined a leaked Elastic index containing 22 million client requests to Leakzone.net covering 28 days in June–July 2025. By mapping source IP metadata to known organizations, investigators identified traffic originating from universities, government networks, and private companies, including security vendors and large technology firms. Traffic patterns ranged from steady, automated scanning from services like Censys and SEMRush to bursty, human-like spikes from university and government networks, but the logs do not include request content, so intent remains uncertain.
read more →

Traffic Patterns to Leakzone: Notable Organizations

🔍 UpGuard analyzed 22 million leaked request logs showing client traffic to leakzone.net over 28 days in June–July 2025. The follow-up focuses on requests originating from owned organizational IP ranges — highlighting visits from universities, governments, and private companies. Observed security vendors and SEO crawlers (e.g., Censys, SEMrush, Ahrefs) displayed patterns consistent with automated scanning, while many university and government entries suggested intermittent, likely human-driven visits. The findings emphasize why organizations monitor leak forums for risk and threat intelligence.
read more →

Langflow Misconfiguration Exposes Data of Pakistani Insurers

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.
read more →

Langflow Misconfiguration Exposes 97,000 Pakistani Records

🔒 UpGuard secured an internet-exposed Langflow instance leaking data on roughly 97,000 Pakistani insurance customers, including 945 individuals flagged as politically exposed persons (PEPs). The instance—used by Pakistan-based consultants Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue—contained PII, confidential documents, and plaintext credentials. Access was removed after disclosure; UpGuard found no evidence of active exploitation.
read more →

TeaOnHer App Replicates Tea's Functionality and Breaches

🛡️ TeaOnHer, a recent iOS knock‑off of the controversial dating app Tea, has been found exposing sensitive user data. TechCrunch reported government IDs, driving licences and selfies accessible via a public web endpoint with no authentication, and the app appears to copy wording and features from the original. Newville Media did not respond to disclosure attempts, and an exposed admin credential pair was found on the company server. Until these failures are addressed, users should avoid Tea-related apps.
read more →

Ukraine Claims Hack of Russia's New Nuclear Submarine

🔐 Ukraine's Defence Intelligence agency (HUR) says its hackers exfiltrated classified files and technical documentation related to the newly commissioned Russian nuclear ballistic missile submarine Knyaz Pozharsky. Leaked materials, posted on Telegram, reportedly include combat manuals, schematics of combat and survivability systems, crew lists with qualifications, and operational schedules. Russian authorities have not commented and independent verification by Western intelligence or cybersecurity experts is still pending.
read more →

Thai Hospital Fined After Patient Records Used as Wrappers

📄 A Thai hospital was fined after more than 1,000 patient records, sent for destruction, were found being used as street-food wrappers for crispy crepes. Thailand’s Personal Data Protection Committee (PDPC) determined the documents leaked following handling by a contracted disposal firm that stored them at a private residence. The hospital was fined 1.21 million baht and the disposal business owner received a separate penalty. The episode highlights failures in secure disposal and vendor oversight.
read more →

AggregateIQ Exposure Reveals Canadian Campaign Assets

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.
read more →

AggregateIQ exposure: Canadian political campaign data

🔐 The UpGuard Cyber Risk Team discovered exposed repositories belonging to AggregateIQ that contained website code, backups, credentials and tokens associated with multiple Canadian political campaigns and parties. Exposed artifacts included Stripe secret keys, private SSL keys, NationBuilder/Helcim/SendGrid tokens, WordPress database credentials, and admin accounts tied to aggregateiq.com. The incident highlights third-party vendor risk and the need for tighter controls on credentials and repository configurations.
read more →

July 2025 Cybersecurity Roundup: Key Incidents and Risks

🛡️ In July 2025, ESET Chief Security Evangelist Tony Anscombe highlighted major cybersecurity incidents, including exploitation of ToolShell zero‑day vulnerabilities in on‑premises Microsoft SharePoint and the confirmed return of Lumma Stealer. Other critical stories included a ransomware attack that closed UK transport firm KNP, a massive data exposure in McDonald's hiring chatbot McHire, and the discovery of PerfektBlue Bluetooth flaws affecting vehicles. The UK also proposed banning ransom payments by public bodies.
read more →

HR Data Exposure: How Employees and Clients Are Affected

🔒 UpGuard’s Cyber Risk Research team discovered and secured a public GitHub exposure containing sensitive employee and customer data belonging to OneHalf, a business process outsourcing firm in the APAC region. The principal artifact was the HRIS project, including a 1.2MB database dump (hrisdb-02012018.sql) with detailed personal records for roughly 250 employees, extensive medical histories, emergency contacts, and 300 usernames with plaintext passwords. A related repo, ohserviceform, listed 28 client companies and plaintext banking account numbers, increasing the risk of financial fraud. UpGuard notified OneHalf and the repositories were secured by August 22, 2018.
read more →