All news with #data leak tag

🔒 InfoGuard Labs disclosed multiple critical vulnerabilities in SEPPMail Secure E-Mail Gateway that allow unauthenticated remote code execution, path traversal, deserialization flaws, and exposure of sensitive server data. Researchers demonstrated an exploit chain leveraging the LFT path traversal (CVE-2026-2743) to overwrite syslog configuration and obtain a Perl reverse shell, enabling full appliance takeover and mail interception. SEPPmail has released fixes across versions 15.0.2.1, 15.0.3 and 15.0.4 and urges administrators to apply updates immediately.

🚨 US Marines stationed near the Persian Gulf reported receiving chilling WhatsApp messages beginning Monday that urged them to call home and make final goodbyes. The messages were signed by the Iran-linked Handala hacking group and allegedly originated from a Bahraini phone number that was likely spoofed or hijacked. A day later, Handala posted that it had published names and phone numbers of 2,379 Marines and boasted of possessing addresses, family details and daily routines. While authorities caution that such claims may rely on scraped or recycled data rather than a fresh breach, the campaign’s intent to intimidate service members is clear.

🔒 Apple released an emergency update to fix a Notification Services logging flaw that allowed deleted alerts to remain stored on devices, potentially exposing message content. Tracked as CVE-2026-28950, the vulnerability is resolved in iOS 26.4.2 and iPadOS 26.4.2, with backports provided for older supported releases. Apple said the root cause was a logging issue and that improved data redaction prevents notifications marked for deletion from persisting. The company did not confirm whether the flaw was exploited or how long retained data could remain accessible.

🔐 The FBI reportedly extracted copies of incoming Signal messages from an iPhone’s internal push notification database after the app was deleted. The extraction occurred during a criminal case where physical access allowed forensic tools to retrieve notification previews stored by iOS. The case underscores the privacy risk when message previews are enabled and the importance of disabling notification previews within Signal or device settings.

🛡️ A security researcher says Microsoft’s Windows Recall feature remains vulnerable to quiet exfiltration of everything it captures by malware running in the same user context. Alexander Hagenah published a proof-of-concept called TotalRecall Reloaded and disclosed the issue to Microsoft on March 6; Microsoft reviewed and closed the report April 3, calling the behavior "by design." Hagenah says the gap lies not in encryption but in how decrypted screenshots and text are handled and displayed in an unprotected process, allowing same-user code to read Recall data without admin rights or kernel exploits.

🔒 Google Threat Intelligence reports a sharp rise in data leak site (DLS) activity targeting Germany, with German victim posts growing 92% in 2025—triple the European average. Attackers have shifted focus to the digitized industrial base and the Mittelstand, exploiting mid‑tier DLS groups such as SAFEPAY and Qilin. GTI observed forum recruitment and extortion tactics traced to actors like Sarcoma. Caveats note that DLS counts often reflect failed negotiations and are one signal among many; GTI recommends proactive third‑party risk management, multifactor authentication, and endpoint hardening.

🔓Anthropic confirmed that internal source code for its coding assistant Claude Code was inadvertently published after a packaging error when version 2.1.88 was released to npm. The package included a source map exposing nearly 2,000 TypeScript files and over 512,000 lines of code; the release has since been removed. Anthropic says no customer data or credentials were exposed and is implementing measures to prevent recurrence.

🔓 An Anthropic employee accidentally published a source map in a public npm package, which allowed the proprietary source for Claude Code to be reconstructed. Anthropic says this was a release packaging error and that no sensitive customer data or credentials were exposed, and that it is rolling out measures to prevent recurrence. Security experts warn that source maps reveal original code, comments, internal constants and prompts, making vulnerabilities and secrets easier to find; the same mistake reportedly occurred previously.

🚨 Anthropic says it accidentally published the closed-source Claude Code source when an NPM release (v2.1.88) included a 60MB cli.js.map file that embedded original sources. The reconstructed tree contains roughly 1,900 files and 500,000 lines of code, and the leak has spread across GitHub and other platforms. Anthropic confirmed no customer data or credentials were exposed, called the incident a packaging error caused by human mistake, and is issuing DMCA takedowns while rolling out measures to prevent recurrence.

🔒 England Hockey is investigating claims that the AiLock ransomware gang stole approximately 129GB of data and listed the organization on its leak site, threatening to publish files unless a ransom is paid. The governing body says it has prioritized an inquiry involving internal teams, external specialists, and cooperation with law enforcement. England Hockey cannot yet provide specifics while the investigation continues and urges members to remain vigilant for phishing and suspicious account activity.

🔒 Tenable Research disclosed nine cross-tenant vulnerabilities, collectively named LeakyLooker, in Looker Studio that could allow attackers to run arbitrary SQL and access datasets across tenants. The flaws affected connectors including BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets and Cloud Storage and involved SQL injection, data leaks via report elements and a BigQuery denial-of-wallet issue. Google has applied global fixes to its fully managed service and no customer action is required, though organisations should review sharing settings and limit unused connectors.

🔒 Microsoft Defender investigated malicious Chromium browser extensions that impersonated legitimate AI assistant tools to collect LLM chat histories and browsing telemetry. Distributed via the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, the extensions captured full URLs and chat snippets from platforms such as ChatGPT and DeepSeek, reaching roughly 900,000 installs and activity in over 20,000 enterprise tenants. Microsoft provides detections, hunting queries, and mitigation guidance to contain exposure and remediate affected devices.

🔑 South Korea's National Tax Service (NTS) accidentally included a photograph in a press release that exposed a handwritten cryptocurrency mnemonic seed phrase next to a seized Ledger device. Within hours the wallet holding roughly 4 million PRTG tokens (about US $4.8M) was emptied. The NTS removed the release and issued an apology; the incident underscores that publishing a wallet's seed phrase instantly nullifies any cold-storage security.

🔒 Cloud Imperium Games (CIG), developer of Star Citizen and Squadron 42, disclosed a breach discovered on 21 January 2026 in which attackers accessed certain backup systems. The company says unauthorized access affected limited user personal data — primarily account metadata and contact details such as username, name and date of birth. CIG states no credentials or payment information were stored in the affected systems, access was read-only, and it has found no evidence of data modification or public leakage while it continues to monitor and investigate the incident.

🔒 Data leak sites (DLSs) have become the backbone of modern ransomware's double‑extortion strategy, combining data theft with public blackmail to force payment. Attackers publish carefully curated samples, use timers and deadlines, and exploit urgency to magnify reputational, regulatory, and financial harm. Law enforcement agencies and security teams warn that DLS content fuels follow‑on crimes like phishing and identity fraud. Organizations are urged to adopt EDR/XDR, Zero Trust, patched systems, resilient air‑gapped backups, and targeted user training.

📰 In episode 453 of Smashing Security, Graham Cluley and guest Tricia Howard examine how sloppy redaction and a mix of AI and open social profiles can deanonymise documents once thought obscured. They discuss real-world incidents including malware delivery via a compromised Notepad++ installer, a sex-addiction app leaking intimate user data, and a problematic AV update used to distribute malware. The episode also highlights insider-threat risks after a senior US cybersecurity official uploaded sensitive government material into a public ChatGPT instance, and explores how broken trust can have lasting reputational consequences for vendors and organisations.

🔐 In late 2025, Flare researchers discovered over 10,000 Docker Hub images containing exposed production secrets — from API keys and cloud tokens to CI/CD credentials and AI model access tokens. The report frames non-human identities — tokens, service accounts and workload identities — as persistent, highly privileged artifacts that often outlive their creators and bypass traditional controls. It highlights incidents including the Snowflake breach, a long-lived Home Depot GitHub token exposure, and a Red Hat GitLab compromise, and urges teams to adopt automated secret scanning, short-lived credentials, and continuous monitoring of public registries.

🔍 A security researcher published evidence that some Instagram private profiles returned links to user photos and captions inside the page HTML, making them visible to unauthenticated visitors on certain mobile devices. Researcher Jatin Banga showed the polaris_timeline_connection JSON object embedded encoded CDN links pointing to images that should have been private. In tests of private accounts he controlled or had permission to use, about 28% exposed captions and CDN links. Banga reported the issue to Meta on October 12, 2025; Meta later closed the report as "not applicable" and did not provide a root-cause analysis, though the behavior ceased roughly October 16.

🔍 Elliptic reports that Tudou Guarantee, a Telegram-based guarantee marketplace, has effectively ceased processing transactions through its public Telegram groups after rapid growth and is estimated to have handled over $12 billion, ranking it among the largest illicit marketplaces. Some operations, notably gambling services, remain active, so Elliptic says this may be a staged shutdown or a strategic pivot. The pause in public activity coincides with law enforcement moves tied to the arrest and extradition of Prince Group CEO Chen Zhi.

🛡️ The growing use of generative AI in the workplace is raising security concerns as many employees access tools via personal accounts. Netskope's 2026 Cloud and Threat Report found 47% of workplace generative AI usage occurs through personal ChatGPT, Google Gemini or Microsoft Copilot accounts, reducing visibility and controls. Reported data-policy violations tied to LLMs have doubled, averaging 223 incidents per month and involving sensitive source code, intellectual property and credentials. Organizations are starting to curb Shadow AI use, but the report warns that stronger governance and employee education remain essential.