< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 8 of 40

Toxic Cross-App Permissions: AI Agents Create Risk

🔐 Researchers disclosed a major data exposure at Moltbook on January 31, 2026, revealing 35,000 emails and 1.5 million agent API tokens across 770,000 agents. Private messages contained plaintext third-party credentials, including OpenAI API keys, creating what the article calls a toxic combination — cross-app permissions that compound risk. The piece urges shifting review from single apps to the bridges between them and highlights procedural controls and dynamic SaaS security platforms like Reco to monitor runtime trust relationships and revoke risky tokens before exfiltration.
read more →

French ANTS Confirms Data Breach; Hacker Claims Sale

🛡️ France's government agency ANTS confirmed a data breach after a threat actor claimed to have stolen citizen records in an intrusion last week. The agency says exposed fields may include login IDs, full names, email addresses, dates of birth, unique account identifiers and, for some individuals, postal addresses, places of birth and phone numbers. ANTS has notified CNIL, the Paris prosecutor and involved ANSSI, is informing affected users and warns the data could be used for phishing and social engineering.
read more →

North Korea-Linked Lazarus Suspected in $290M KelpDAO Heist

🔒 State-backed North Korean actors are the primary suspects in a roughly $293m theft from KelpDAO, which paused operations after detecting suspicious cross-chain activity involving rsETH. Attackers exploited LayerZero verifier infrastructure by poisoning downstream RPCs, swapping op-geth binaries and executing an RPC‑spoofing attack to forge a cross-chain message. They routed stolen funds through Tornado Cash, while Arbitrum's Security Council has frozen about 30,766 ETH (~$71m). LayerZero contends KelpDAO ran a single-DVN configuration against best practices; KelpDAO blames LayerZero's infrastructure.
read more →

KelpDAO Hit by $290M Heist, Lazarus Group Suspected

🔒 KelpDAO reported a cross-chain exploit on April 18 that resulted in the theft of roughly 116,500 rsETH (about $293 million), funds which were then routed through Tornado Cash. The attacker compromised the verifier's RPC nodes in the DVN layer, feeding falsified chain data while DDoS-ing healthy nodes to force reliance on poisoned endpoints and accept a forged cross-chain message. LayerZero, Unichain and partners assisted in the investigation, which attributed the operation to the state-sponsored Lazarus Group, and KelpDAO paused rsETH contracts across Ethereum mainnet and L2s.
read more →

Seiko USA Website Defaced; Hacker Claims Customer Data Theft

🔒Seiko USA's website was briefly defaced over the weekend, showing a page titled 'HACKED' in the Press Lounge that replaced normal content with an extortion notice. The attackers claimed they had accessed the company's Shopify backend and exfiltrated the entire customer database, including names, email addresses, phone numbers, order history, shipping data, and account details. The message instructed Seiko to contact a specific customer account (ID 8069776801871) and warned of a 72-hour deadline before publishing the alleged data; Seiko has removed the message and has not publicly confirmed the incident.
read more →

Attackers Abuse AI OAuth to Breach Vercel Internal Systems

🔒 Vercel disclosed a data breach after a compromised third-party AI application, Context.ai, abused Google Workspace OAuth to access an employee account and read environment variables that were not marked as 'sensitive'. Vercel says variables designated as 'sensitive' are stored unreadable and there is no evidence those values were accessed. A limited subset of customers had credentials exposed and have been contacted to rotate secrets. Vercel is working with Mandiant, other cybersecurity firms and law enforcement while urging customers to review logs, enable sensitive-variable protections and rotate tokens.
read more →

Grinex Claims Western Spies Behind $13M Crypto Theft

🔐 Grinex, a Kyrgyzstan-based exchange believed to be the successor to Garantex, said a "large-scale cyber-attack" by foreign intelligence agencies last week resulted in the theft of one billion rubles (about $13.2m) from Russian customers and forced it to suspend operations. The firm said it filed a criminal complaint and published the crypto address where the funds were allegedly deposited after being converted to TRX. Blockchain forensics firm Chainalysis disputed the account, noting the rapid swap into TRX via a Tron-based DEX mirrors known laundering tactics and raised the possibility of a false-flag operation or an insider exit scam.
read more →

Vercel Breach Linked to Compromised Context.ai Systems

🔒 Vercel disclosed a security breach tied to a compromised Context.ai account used by an employee, which enabled an attacker to take over the employee's Vercel Google Workspace account. The actor accessed some Vercel environments and environment variables that were not marked sensitive, while encrypted sensitive variables show no evidence of exposure. Vercel is working with Mandiant, law enforcement and Context.ai, and has contacted affected customers to rotate credentials and investigate further.
read more →

Vercel Confirms Breach; Hackers Claim to Sell Data

🔒 Vercel has disclosed an unauthorized access incident that affected a limited subset of customers and certain internal systems. The company says its public services remain operational while it investigates the incident with external incident response experts and law enforcement. Vercel is notifying impacted customers and urging them to review environment variables, enable the sensitive environment variable feature where available, and rotate secrets or tokens if there is any suspicion of exposure.
read more →

Sanctioned Grinex Exchange Halts After $13.74M Hack

🚨 Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S., said it is suspending operations after reporting a $13.74 million theft it attributes to Western intelligence agencies. The company alleges the attack, which it says demonstrates unprecedented technical sophistication, stole over 1 billion rubles from user accounts on April 15, 2026. Blockchain investigators at Elliptic, TRM Labs, and Chainalysis report the funds were rapidly routed to TRON and Ethereum addresses and swapped into non‑freezable tokens, complicating asset recovery.
read more →

Grinex Exchange Suspends Operations After $13.7M Hack

🚨 Kyrgyzstan-based cryptocurrency exchange Grinex has suspended operations after reporting a $13.7 million theft from wallets used by Russian customers. The platform, believed to be a rebrand of Garantex, enables ruble-crypto flows and used a ruble-backed stablecoin A7A5. Grinex alleges the attack shows signs of involvement by 'foreign intelligence agencies', while blockchain analysts traced funds to TRON and Ethereum addresses and conversion via SunSwap; independent reports have not publicly confirmed the exchange's attribution.
read more →

Beware Fake Data Breach Notifications: Spot and Avoid Scams

🔔 As data breach notices become common, fraudsters increasingly send fake alerts or piggyback on real incidents to trick recipients into clicking malicious links or divulging credentials. These scams often demand immediate action, use spoofed sender addresses, and lack personal account details. Verify any notice by logging into the real account or contacting the organization through trusted channels, and reduce exposure with a password manager and MFA.
read more →

Cookeville Medical Center: 337,917 Patients Exposed

🔒 Cookeville Regional Medical Center has notified 337,917 patients that personal and medical data were accessed during a July 11–14, 2025 intrusion tied to the ransomware group Rhysida. The hospital began mailing breach letters in April 2026, roughly nine months after detection, and said files may include Social Security numbers, driver’s license data, treatment and insurance information. Rhysida claimed the attack in August 2025 and posted sample files; it demanded 10 Bitcoin. CRMC is offering 12 months of identity protection through Experian and reports additional security measures are in place.
read more →

McGraw Hill Salesforce Misconfiguration Exposes 13.5M Accounts

🔒 The ShinyHunters extortion group has published data tied to 13.5 million McGraw Hill user accounts after exploiting a misconfiguration in a Salesforce-hosted webpage. McGraw Hill confirmed unauthorized access to a limited set of data and said its internal systems, courseware and customer databases were not affected. Leaked files — over 100GB by Have I Been Pwned — contain names, email addresses, phone numbers and physical addresses that could be used for targeted spear‑phishing.
read more →

EssentialPlugin WordPress Suite Compromised, Malware Push

🔐 More than 30 plugins in the EssentialPlugin package were found to contain a backdoor that grants unauthorized access to sites. The malicious code was introduced after the project's acquisition in August 2025 but remained dormant until recently, when updates delivered a downloader that injects malware into wp-config.php. The payload selectively displayed spam to Googlebot and used an Ethereum-based C2 for evasion. WordPress.org closed the affected plugins and issued a forced update, though configuration files may still be infected.
read more →

Kraken Faces Extortion After Insider Access to Support Data

🔒 Kraken says a criminal group is attempting to extort the exchange by threatening to release videos that show internal support systems containing client data. The company says the incident resulted from an insider threat, with two instances of improper access by support employees and exposure limited to client support data. About 2,000 accounts (0.02% of users) were affected; Kraken says funds were never at risk. The exchange will not pay or negotiate and is working with federal law enforcement.
read more →

McGraw-Hill Confirms Limited Data Exposure via Salesforce

🔒 McGraw-Hill says unauthorized actors accessed a limited set of data hosted on a Salesforce webpage after a platform misconfiguration. The company emphasized this did not involve unauthorized entry to its Salesforce accounts, customer databases, courseware, or internal systems, and that exposed information was non-sensitive. McGraw-Hill secured the pages, engaged external cybersecurity experts, and is working with Salesforce to strengthen protections amid an extortion claim by ShinyHunters.
read more →

Campaign of 108 Malicious Chrome Extensions Exposes Data

🚨Research by Socket uncovered a coordinated campaign of 108 malicious Chrome extensions that affected about 20,000 users. Distributed across gaming, social media and translation categories, these extensions appear legitimate while quietly harvesting sensitive data, including Google profiles and active web sessions. Operators used a single command-and-control infrastructure and shared code, complicating detection and enabling a Malware-as-a-Service model.
read more →

Basic-Fit data breach exposes personal details of 1M

🔒 Basic-Fit, one of Europe's largest gym operators, disclosed unauthorized access to the system that records members' visits and said about 1 million members across the Netherlands, Belgium, Luxembourg, France, Spain and Germany were affected. The intrusion was detected and stopped within minutes, but investigators determined the attacker exfiltrated data including full name, address, email, phone number, date of birth, bank account details and membership information. Franchise-held customer records were stored separately and were not exposed. Basic-Fit says no identification documents or account passwords were accessed, and the company has notified regulators and continues to monitor the situation with external experts.
read more →

Rockstar Games analytics data leaked after Anodot breach

🔓 A data set allegedly belonging to Rockstar Games was published by the ShinyHunters extortion group after they say authentication tokens were stolen from Anodot and used to access connected Snowflake accounts. The leak reportedly contains more than 78.6 million records of internal analytics — including in‑game revenue, purchase metrics, player behavior, and game economy data for GTA Online and Red Dead Online — plus Zendesk support analytics. Rockstar said only a limited amount of non‑material company information was accessed and that the incident does not affect players.
read more →