< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 4 of 40

The Great Messaging Heist: Organized Scam Ecosystem

📩 Kaspersky examines how everyday messaging channels like SMS, WhatsApp, and email are being exploited by organized scam cartels that use speed, familiarity, and AI to trick victims. The research shows average losses of $733 per victim, rapid attack timelines often under 30 minutes, and widespread emotional damage eroding trust in digital communications. The post highlights common schemes, platform distribution, and recommendations to protect yourself.
read more →

California AG Sues 23andMe Over 2023 Data Breach

🔒 Attorney General Rob Bonta has sued 23andMe (now Chrome Holding Co.) for failing to protect sensitive genetic and personal information after a 2023 breach exposed data of nearly 7 million customers, including 855,541 Californians. The suit alleges inadequate safeguards against credential-stuffing, missed detection opportunities, a coding error in the DNA Relatives feature, and misleading public statements about security. It seeks injunctions and statutory penalties under multiple California laws, including CCPA and the California Genetic Information Privacy Act.
read more →

Charter Communications breach exposes 4.9M accounts

🔒 The ShinyHunters extortion gang claims to have stolen personal details from 4.9 million Charter Communications accounts after a vishing attack in early April that compromised an employee's Microsoft Entra account. Charter confirmed the incident but says no sensitive PII or CPNI was exfiltrated, while Have I Been Pwned verified leaked records containing names, emails, addresses, phone numbers and some job titles. The group published stolen Salesforce data after a ransom was refused.
read more →

Dutch police arrest suspect in Ajax app hack

🔒 Dutch police arrested a 35-year-old suspect in Buren for allegedly accessing Ajax football club IT systems, after vulnerabilities in the official Ajax app exposed supporter data. The breach, initially described as affecting a few hundred fans, may have put around 300,000 registered supporters at risk, including email addresses and ticket information. The flaw also allowed manipulation of the club's ban list, potentially harming innocent people, and Ajax says it has patched the vulnerabilities with external help.
read more →

MyPillow and Play gang dispute over alleged breach

🛏️ The Play ransomware group claims to have stolen confidential MyPillow data and threatened a public dump, while CEO Mike Lindell denies any breach and calls the allegations politically motivated. Lindell says MyPillow stores no sensitive data internally and has received no ransom demands, attributing data handling to third parties. The Play group's leak portal set a deadline for release, leaving the truth pending until the deadline passes. The article warns that third-party handling of data still exposes organisations and individuals to meaningful risk.
read more →

Romanian sentenced for hacking Oregon government network

🔒 A Romanian national was sentenced to 56 months in federal prison after pleading guilty to aggravated identity theft and unauthorized access to an Oregon state government computer network. The 46-year-old, known online as "inthematrixl," also sold access and stolen personal data from other U.S. victims, causing at least $250,000 in losses. Authorities coordinated internationally to arrest and extradite him, and the court ordered forfeiture of cryptocurrency and supervised release.
read more →

Carnival Cruise Confirms Breach Impacting Millions

🛳️ Carnival Corporation confirmed a data breach affecting nearly 6 million customers after attackers used social engineering to access an employee account on April 10, 2026. The company began notifying 5,995,277 individuals and engaged third-party security experts while blocking the unauthorized activity. Analysis of leaked data indicates exposed names, dates of birth, emails, genders, locations, and loyalty program details tied to Holland America’s Mariner Society.
read more →

Grandoreiro and BTMOB campaigns target Latin Europe

🛡️ WatchGuard and ESET report two active campaigns spreading Windows and Android banking trojans across Latin America and Europe. The Grandoreiro campaign leverages DLL side-loading, WebRTC/STUN/ICE communications, and phishing to target Portuguese banks and international financial services. ESET details BTMOB, a rapidly evolving Android RAT sold as a service with an APK builder that enables mass phishing-based distribution and remote device control.
read more →

Dutch police arrest suspect in Ajax football hack

🔒 The Dutch National Police arrested a 35-year-old man from Buren suspected of multiple unlawful intrusions into AFC Ajax's computer systems earlier this year. The intrusions allowed access to data belonging to a few hundred individuals, modification of fewer than 20 stadium bans, and reassignment of purchased tickets. Ajax patched the exploited vulnerabilities, reported the breach to the Dutch Data Protection Authority and police, and the investigation remains ongoing.
read more →

Charter Confirms Breach After ShinyHunters Extortion

🔒 Charter Communications confirmed a data breach after the ShinyHunters extortion group claimed to have stolen millions of customer records. The company says it is notifying authorities and maintains that No sensitive personal information (PI) or CPNI was exfiltrated. ShinyHunters alleges the intrusion began via a vishing attack that compromised an employee's Microsoft Entra account and allowed access to Salesforce data.
read more →

7‑Eleven Breach Exposes Personal Data of 185K

🔍 7‑Eleven disclosed that an unauthorized party accessed franchisee document systems on April 8, 2026, resulting in a data theft. Have I Been Pwned analyzed the leaked files and found 185,300 unique email addresses and accompanying personal details, including names, dates of birth, phone numbers, and physical addresses. The ShinyHunters extortion gang claimed responsibility after publishing a large archive they said came from 7‑Eleven's Salesforce environment.
read more →

Weekly Cyber Recap: Supply Chain and Active Flaws

⚡ This week's recap covers supply-chain compromises, resurfacing legacy bugs, and security tools themselves being targeted. Key incidents include a poisoned Nx Console VS Code extension leading to a GitHub breach, new active exploitation of Microsoft Defender flaws, and a nine-year-old Linux kernel privilege bug. Teams face increasing targeted phishing and widespread botnet scanning, while organizations scramble to patch critical CVEs and secure exposed services.
read more →

Apple blocks $2.2bn in App Store fraud attempts

🔒 Apple reports it prevented more than $2.2bn in fraudulent App Store transactions over the past year and blocked over 1.1 billion fraudulent account creations. By combining human review with machine learning and AI models, Apple says it accelerated fraud detection and disrupted new deceptive tactics. In 2025 the company also terminated 193,000 developer accounts, deactivated 40.4 million user accounts, and prevented use of 5.4 million stolen credit cards.
read more →

Ukrainian Police ID Infostealer Operator Behind Massive Theft

🔍 Ukrainian cyberpolice, working with U.S. law enforcement, say they identified an 18-year-old from Odesa suspected of running an infostealer operation that infected customers of a California online store between 2024 and 2025. The malware harvested browser sessions, credentials, and payment information, compromising 28,000 accounts. Attackers used 5,800 accounts to make unauthorized purchases totaling about $721,000, and authorities executed searches seizing phones, computers, storage media, bank cards, and cryptocurrency-related evidence while the investigation continues.
read more →

GitHub Confirms Major Breach of 3,800 Internal Repos

⚠ GitHub confirmed attackers exfiltrated code from roughly 3,800 internal repositories after a compromised employee device and a poisoned VS Code extension were used to gain access. The company detected and contained the compromise on May 19, removed the malicious extension, isolated the endpoint, and began incident response. A threat actor calling itself TeamPCP posted lists of stolen repos and claimed responsibility, threatening to leak the data if not sold. GitHub is rotating secrets, analyzing logs, and said it will publish a full incident report when investigations conclude.
read more →

Grafana breach traced to missed GitHub token rotation

🔐 Grafana confirmed its recent data breach stemmed from a single missed GitHub workflow token that was exfiltrated after malicious TanStack npm packages executed in its CI/CD environment. The company detected the intrusion on May 1, rotated most tokens, and launched its incident response, but one token was overlooked and allowed attackers repository access. Grafana says source code wasn't altered and no customer production systems were impacted.
read more →

GitHub Confirms Breach After Malicious VS Code Extension

🔒 GitHub confirmed that a third party accessed roughly 3,800 internal repositories after a likely “poisoned” Visual Studio Code extension was found on an employee device on May 19. The intrusion was claimed by the TeamPCP group, which posted on the Breached forum and linked the access to private source code. GitHub says it has contained the incident, removed the malicious extension, isolated the endpoint and prioritized rotation of critical secrets. The company will publish a more detailed report when its investigation is complete.
read more →

Verizon DBIR: Exploitation Replaces Credential Abuse

🔍 Verizon's latest DBIR reports that vulnerability exploitation has become the top initial access vector, accounting for 31% of breaches compared with 13% for credential abuse. The study links this shift to slower patching—only 26% of CISA KEV critical flaws were fully remediated—and a larger backlog of critical vulnerabilities. It also warns that threat actors may be using AI to scale discovery and exploitation, and highlights rising supply-chain incidents, increased shadow AI adoption, and persistent human-factor risks.
read more →

FBI Issues Advisory After ShinyHunters Breach of Canvas LMS

⚠️ The FBI's IC3 issued an advisory on 15 May 2026 about the ShinyHunters extortion gang breaching an online learning management system used by US educational institutions. Although the advisory avoided naming the vendor, reporting and Instructure's confirmation made clear Canvas was affected and the company reportedly paid a ransom after receiving alleged 'shred logs'. The FBI warns victims not to engage with extortionists, enable multi‑factor authentication, and remain vigilant against phishing, harassment, and swatting; students and staff should assume their data may be exposed and await official guidance.
read more →

GitHub Breach: ~3,800 Repos Stolen via VS Code Extension

🔒 GitHub confirmed that roughly 3,800 internal repositories were breached after an employee installed a trojanized VS Code extension; the company removed the malicious version from the Marketplace and isolated the compromised device. It says its current assessment indicates exfiltration was limited to GitHub-internal repositories and that it has found no evidence so far of customer data outside the affected repos being impacted. The incident is under active investigation while GitHub continues incident response.
read more →