< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 6 of 40

RansomHouse Claims Breach of Trellix Source Code Repository

🔒 RansomHouse has claimed responsibility for last week's intrusion into Trellix's source code repository, publishing a small set of images as proof of access to the vendor's appliance management system. Trellix confirmed unauthorized access on May 1 and said it immediately engaged leading forensic experts and notified law enforcement. The company reported no evidence so far that its source code release or distribution process was affected and continues to investigate.
read more →

Zara Data Breach Exposes Personal Data of 197,000 Customers

🔓 Have I Been Pwned says hackers exfiltrated data tied to Zara affecting 197,400 unique email addresses and associated order SKUs, order IDs, market information, and support tickets. Inditex confirmed the compromised databases were hosted by a former technology provider but said attackers did not access names, phone numbers, postal addresses, credentials, or payment card data. The extortion group ShinyHunters claimed responsibility and posted a 140GB archive allegedly taken from BigQuery using compromised Anodot tokens.
read more →

Canvas Breach and Extortion Disrupts US Schools Nationwide

🔒 Instructure's Canvas platform was taken offline on May 7 after the cybercrime group ShinyHunters defaced login pages and posted a ransom demand claiming to hold data on 275 million students and faculty at nearly 9,000 institutions. Instructure had acknowledged a breach on May 6, saying the stolen records include names, email addresses, student ID numbers and user messages but not passwords or financial information. The outage, timed during many institutions' final exams, disrupted coursework while schools and the vendor evaluated exposure and potential extortion responses.
read more →

ShinyHunters Defaces Canvas Login Portals at Scale

🔒 The ShinyHunters extortion group defaced Canvas login portals for roughly 330 colleges and universities, replacing standard pages with an extortion message that demanded payment by May 12, 2026. The same message also appeared in the Canvas app and was visible for about 30 minutes before being taken offline. Instructure has taken Canvas offline while confirming that data was stolen and continuing its investigation. BleepingComputer reports the group claims the theft includes extensive student and staff records.
read more →

MAXHUB Pivot Client Vulnerability Exposes Emails Now

⚠️The MAXHUB Pivot client (versions prior to v1.36.2) contains a vulnerability (CVE-2026-6411) that can expose tenant email addresses and related metadata in cleartext due to a hardcoded AES key embedded in the application. An attacker who obtains the encrypted data can decrypt it, and the product's MQTT enrollment mechanism may be abused to register multiple unauthorized devices, potentially causing denial of service. MAXHUB released v1.36.2 via OTA; update immediately.
read more →

Daemon Tools Confirms Malware-Backdoored Installer

🛡️ Disc Soft has confirmed that certain Daemon Tools Lite installers were Trojanized and released in a compromised build (version 12.5.1) after unauthorized interference in its build environment. The company released a malware-free update, Version 12.6, within 12 hours of notification and says the incident is contained. Users who installed the impacted release are advised to uninstall the application, run a full system scan with trusted security software, and reinstall only the verified package from the official site.
read more →

CallPhantom Android Scam: Fake Call Logs, Real Charges

🔍 ESET Research uncovered a cluster of fraudulent Android apps, dubbed CallPhantom, that promised call histories, SMS records and WhatsApp logs for any phone number but delivered fabricated entries and charged users for access. The apps collectively amassed over 7.3 million downloads on Google Play before ESET reported them on 16 December 2025 and the identified packages were removed. Operators used varied payment flows—official Play subscriptions, third‑party UPI links and embedded card checkouts—making refunds and cancellations difficult for many victims.
read more →

Meta smart glasses, Copy Fail bug, and deepfake hire

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.
read more →

ShinyHunters Claims 280M Records Stolen from Instructure

🔒 Instructure says it is investigating a breach after the extortion group ShinyHunters claimed to have stolen 280 million records tied to students, teachers, and staff across 8,809 colleges, school districts, and online education platforms. The actors allege they accessed names, email addresses, private messages and enrollment data by abusing Canvas export features such as DAP queries, provisioning reports and user APIs. Instructure has acknowledged the incident but has not provided detailed public answers; several universities have begun their own inquiries.
read more →

Vimeo Data Breach Exposes 119,000 Users' Personal Data

🔒 Vimeo disclosed an April breach tied to compromised Anodot credentials that allowed the ShinyHunters extortion group to exfiltrate data. After failed extortion, the group published a 106GB archive and Have I Been Pwned says roughly 119,200 email addresses and some names were exposed. Vimeo states that user login credentials, payment card data, and video content were not accessed, and it disabled the Anodot integration while engaging third-party investigators and notifying law enforcement.
read more →

Trellix confirms unauthorized access to source code

🔒 Trellix disclosed on May 4 that threat actors gained unauthorized access to a portion of its source code repository and that it has notified law enforcement while working with leading forensic experts. The company, formed from the merger of McAfee Enterprise and FireEye, said it has found no evidence that its source code release or distribution process was affected or exploited. Trellix sells threat intelligence and AI-powered detection services including NDR and EDR and will share further details once the investigation concludes.
read more →

Trellix Confirms Source Code Repository Breach Disclosure

🔒Trellix disclosed unauthorized access to a portion of its source code repository and says it is working with outside forensic experts to investigate the incident. The company reports it has found no evidence so far that the accessed code was altered, exploited, or that its release and distribution processes were affected, and it has notified law enforcement. Trellix intends to share further details as appropriate once the investigation concludes. Formed from McAfee Enterprise and FireEye, Trellix protects over 200 million endpoints and serves more than 50,000 customers, and this event follows recent breaches at other security vendors.
read more →

Instructure Confirms Data Breach; ShinyHunters Claims

🔒 Instructure confirmed a cybersecurity incident that exposed personal information after the extortion group ShinyHunters posted claims of a large data theft. Company updates indicate affected data may include names, email addresses, student ID numbers, and private messages, while no evidence so far points to leaked passwords, dates of birth, government identifiers, or financial data. Instructure says it has patched the reported vulnerability, rotated application keys, increased monitoring, and requires customers to re-authorize API access as part of its response while third-party experts and law enforcement investigate.
read more →

Trellix Confirms Unauthorized Access to Source Code

🔐 Trellix has confirmed an incident that allowed unauthorized access to a portion of its source code repository. The company said it recently identified the compromise, engaged leading forensic experts, and notified law enforcement while pursuing an internal investigation. Trellix did not disclose the specific data accessed or an attribution, but stated there is currently no evidence that its source code was released, distributed, or exploited. Additional information will be shared as the investigation progresses.
read more →

Instructure Discloses Cybersecurity Incident, Investigates

🔐 Instructure has disclosed a cybersecurity incident and says it is actively investigating the impact with outside forensics experts. The company, best known for the Canvas learning platform, indicated some services have been under maintenance since May 1 and customers may experience issues with tools that rely on API keys. Instructure said it is working to understand the extent of the incident, minimize impact, and will provide updates as they become available.
read more →

30,000 Facebook Accounts Hacked via AppSheet Phishing Relay

🔐 A Vietnamese-linked operation used a Google AppSheet address as a phishing relay to distribute credential-harvesting pages and compromise roughly 30,000 Facebook accounts. Guardio, calling the scheme AccountDumpling, says stolen accounts are resold via an illicit storefront after exfiltration to Telegram channels. Lures hosted on Netlify, Vercel and Google Drive, plus Canva-generated PDFs, were used to harvest passwords, 2FA codes, IDs and business data, leaving many victims locked out.
read more →

15-Year-Old Detained Over ANTS Data Breach in France

🔒 French authorities have detained a 15-year-old on suspicion of selling data stolen from France Titres (ANTS) after the agency detected suspicious activity on April 13 and alerted prosecutors on April 16. Investigators say a user going by the alias breach3d offered between 12 and 18 million records on a cybercriminal forum; ANTS later reported 11.7 million impacted accounts. Exposed fields include full names, email addresses, dates of birth, postal addresses, and phone numbers, although ANTS said the stolen data could not be used for unauthorized access. Prosecutors are seeking formal charges and judicial supervision; the alleged offenses carry up to seven years’ imprisonment and a €300,000 fine.
read more →

PyTorch Lightning PyPI Compromise Pushes Malicious Releases

⚠️ A supply chain attack delivered two malicious PyPI releases of PyTorch Lightning (versions 2.6.2 and 2.6.3) published on April 30, 2026; the packages execute automatically on import to harvest credentials. The malicious build hides a _runtime directory with a downloader that fetches the Bun JavaScript runtime and runs an obfuscated 11MB payload that validates GitHub tokens against the api.github[.]com/user endpoint and injects worm-like commits across writable branches. The threat also tampers with local npm packages by adding postinstall hooks, incrementing patch versions, repacking .tgz files, and enabling accidental republishing back to npm. PyPI has quarantined the project; maintainers are investigating, and users should block the affected releases, downgrade to 2.6.1, and rotate any exposed credentials.
read more →

UK Education Sector Sees Sharp Rise in Cyber Breaches

📚 The UK public education sector experienced a marked increase in reported cyber breaches in the Cyber Security Breaches Survey 2025/2026, published on 30 April by the Department for Science, Innovation and Technology (DSIT) and the Home Office. The report's Education Annex records rises across primary, secondary, further and higher education — notably higher education breaches climbed from 91% to 98% and secondary schools from 60% to 73%. While national breach levels for businesses and charities remained broadly stable, the education surge, falling small-business cyber hygiene and the low uptake of Cyber Essentials are being flagged as significant resilience concerns.
read more →

Developer's Roblox cheat triggers $2M data breach

🔒 A developer at an AI startup downloaded a dubious Roblox script onto a work laptop, a single error that cascaded into a costly breach and caused roughly $2 million in remediation. The episode also highlights the long-standing SS7 telecom weakness that enables pervasive mobile tracking and interception. Host Graham Cluley and guest James Ball interview Rob Edmondson of CoreView about how to lock down Microsoft 365 before misconfigurations are exploited.
read more →