All news with #data leak tag

Cyber Risk Assessments: Making CISO Efforts Visible

🛡️ Cyber Risk Assessments enable CISOs to quantify enterprise cyber risk and demonstrate the impact of security work. They uncover vulnerabilities across infrastructure, networks and cloud data, helping teams prioritize remediation and allocate resources where they matter most. Assessments also support compliance with regulations such as GDPR and PCI DSS, delivering actionable reports that document progress for management.

Mass Exposure of Indian Bank NACH Transfer PDFs Repository

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing roughly 273,160 PDF documents formatted as NACH MANDATE records that documented bank transfers in India. The files exposed unredacted bank account numbers, transaction amounts and, in many cases, individuals’ names, phone numbers and email addresses. A 55K-file sample (~42 GB) showed 38 financial institutions represented, with AyeFin appearing in nearly 60% of sampled records. UpGuard notified AyeFin and NPCI, escalated to CERT‑IN when the bucket continued to grow, and verified the repository was secured on September 4.

Malicious npm 'postmark-mcp' Release Exfiltrated Emails

📧 A malicious npm package posing as the official postmark-mcp project quietly added a single line of code to BCC all outgoing emails to an external address. Koi Security found the backdoor in version 1.0.16 after prior releases through 1.0.15 were verified clean. The tainted release was available for about a week and logged roughly 1,500 downloads. Users are advised to remove the package, rotate potentially exposed credentials, and run MCP servers in isolated containers before upgrading.

Co-op Reports £80M Operating Loss After Cyberattack

🔒 The Co-operative Group reported an £80 million operating profit loss in H1 2025 after an April cyberattack disrupted systems and trading. Management attributed the shortfall to £20 million of one‑off remediation costs and £60 million in lost sales while systems were offline, and said revenue fell by £206 million. The breach, linked to DragonForce and affiliates of Scattered Spider, exposed personal data for all 6.5 million members; four suspects have since been arrested. Despite the impact, Co-op reported £800 million of available liquidity and no immediate funding concerns.

Malicious MCP Server Update Exfiltrated Emails to Developer

⚠️ Koi Security has reported that a widely used Model Context Protocol (MCP) implementation, Postmark MCP Server by @phanpak, introduced a malicious change in version 1.0.16 that silently copied emails to an external server. The package, distributed via npm and embedded into hundreds of developer workflows, had more than 1,500 weekly downloads. Users who installed v1.0.16 or later are advised to remove the package immediately and rotate any potentially exposed credentials.

Salesforce Patches Critical 'ForcedLeak' Prompt Injection Bug

⚠️ Salesforce has released patches for a critical prompt-injection vulnerability dubbed ForcedLeak that could allow exfiltration of CRM data from Agentforce. Discovered and reported by Noma Security on July 28, 2025 and assigned a CVSS score of 9.4, the flaw affects instances using Web-to-Lead when input validation and URL controls are lax. Researchers demonstrated a five-step chain that coerces the Description field into executing hidden instructions, queries sensitive lead records, and transmits the results to an attacker-controlled, formerly allowlisted domain. Salesforce has re-secured the expired domain and implemented a Trusted URL allowlist to block untrusted outbound requests and mitigate similar prompt-injection vectors.

North Korean hackers deploy new AkdoorTea backdoor

🛡️ ESET attributes a widespread recruitment-based intrusion campaign to the North Korea-linked cluster tracked as DeceptiveDevelopment, revealing a previously undocumented Windows backdoor called AkdoorTea. Active since late 2022, the operation targets software developers on Windows, Linux, and macOS, particularly in cryptocurrency and Web3, using fake recruiter outreach, video assessments and coding tasks to deliver multi-platform malware such as BeaverTail, TsunamiKit and Tropidoor. The group favors scale and social engineering while reusing dark-web projects and rented malware rather than developing wholly novel toolsets.

Critical Salesforce Flaw Could Leak CRM Data in Agentforce

🔒 A critical vulnerability in Salesforce Agentforce allowed malicious text placed in Web-to-Lead forms to act as an indirect prompt injection, tricking the AI agent into executing hidden instructions and potentially exfiltrating CRM data. Researchers at Noma Security showed attackers could embed multi-step payloads in a 42,000-character description field and even reuse an expired whitelisted domain as a data channel. Salesforce patched the issue on September 8, 2025, by enforcing Trusted URL allowlists, but experts warn that robust guardrails, input mediation, and ongoing agent inventorying are needed to mitigate similar AI-specific risks.

Co-op Reports £206m Revenue Loss After Cyberattack

🛒 The Co-op revealed a £206m revenue shortfall resulting from a “malicious” cyber-attack in April after it temporarily shut down multiple systems to contain the threat. The retailer recorded an overall six-month loss of £80m to 5 July 2025 and said sales disruption is likely to continue into H2 2025. No remediation breakdown was provided, although a one-off non-underlying cost of £20m was logged. The intrusion has been linked to Scattered Spider, and UK authorities have made several arrests related to this and similar retail attacks.

Report: Many Indian Suppliers Pose Global Supply Risks

🔍 SecurityScorecard's assessment found that 53% of selected Indian vendors experienced at least one third-party breach in the past year, with outsourced IT operations and managed service providers representing 63% of those incidents. The study evaluated 15 prominent Indian suppliers across 10 industries using security ratings based on patching cadence, DNS health, IP reputation, and endpoint, network and app security, and concluded that 27% of vendors received an F while 25% earned an A. It recommends continuous monitoring of third- and fourth-party ecosystems, prioritizing certificate management and patching, and using cybersecurity ratings to inform procurement and ongoing vendor oversight.

Ransomware-Enabled Heist and npm Worm Supply-Chain Threats

🔒 Ransomware can do more than encrypt files — it can disable alarms and create physical security vulnerabilities. In a recent episode of the Smashing Security podcast, hosts discuss how a ransomware-related outage at the Natural History Museum in Paris preceded a late-night theft of €600,000 in gold. The show also covers a new npm supply-chain worm dubbed Shai Hulud that has infected over 180 packages and quietly exfiltrated secrets, plus odd stories about ads appearing on consumer appliances.

Obscura: New Ransomware Variant Targeting Domains Globally

🔒 On 29 August 2025 Huntress analysts identified a previously unseen ransomware variant they named Obscura after its embedded ransom note. The binary was placed in the domain NETLOGON scripts folder, enabling propagation via AD replication, and the actor created scheduled tasks to run it across hosts. Obscura requires administrative privileges, attempts to delete volume shadow copies and terminates roughly 120 security and backup processes. It uses Curve25519/X25519 key exchange and XChaCha20 for file encryption and writes a decoded ransom note to C:\README-OBSCURA.txt.

Two critical Wondershare RepairIt flaws risk data and AI

⚠️ Trend Micro disclosed two critical authentication-bypass vulnerabilities in Wondershare RepairIt that exposed private user files, AI models, and build artifacts due to embedded overly permissive cloud tokens and unencrypted storage. The flaws, tracked as CVE-2025-10643 (CVSS 9.1) and CVE-2025-10644 (CVSS 9.4), allow attackers to circumvent authentication and potentially execute arbitrary code via supply-chain tampering. Trend Micro reported the issues through ZDI in April 2025 and warns users to restrict interaction with the product until a vendor fix is issued.

Lovense app flaws let attackers deanonymize, hijack

🔒 Researchers disclosed two critical vulnerabilities in Lovense remote-control software that exposed real user email addresses and allowed attackers to generate authentication tokens using only an email, without passwords. Combined, these flaws enabled account takeover across multiple products including Lovense Remote, Lovense Connect and streaming extensions. Reported in spring 2025, fixes were delayed and fully applied only after public disclosure; users should consider separate emails and strong, unique passwords.

Ransomware Speed Crisis: Defending at Machine Pace

⚠️ Ransomware attacks have accelerated to machine speed, often completing exfiltration and impact in minutes rather than days. Unit 42 research documents a dramatic decline in mean time to exfiltrate, driven by AI automation, initial access brokers and RaaS, which together enable highly targeted, fast-moving campaigns. Organizations now need AI-powered detection, automated containment and unified XDR visibility across endpoints, network and cloud to stop threats in real time. Human analysts remain vital but must operate alongside automated systems to focus on hunting and strategic response.

Boyd Gaming Reports Cyber Incident Exposing Employee Data

🔒 Boyd Gaming Corporation disclosed a cybersecurity incident in an SEC 8-K filing, saying an unauthorized third party accessed its internal IT systems and removed certain data. The company said the breach involved employee information and a limited number of other individuals, though it did not specify the data types or number affected. Boyd said operations were not impacted and it is working with cybersecurity experts and federal law enforcement while notifying regulators.

Allianz: Attackers Shift From Large Firms to Easier Targets

🛡️ Allianz warns that cybercriminals are increasingly shifting focus from well‑defended large organizations to smaller, less secure firms and to regions beyond the US and Europe. The insurer's Cyber report says customer losses in H1 2025 were about half those in H1 2024, even as active ransomware groups may have risen by roughly 50%. Double extortion and data theft now account for a growing share of large losses, and attackers often exploit third‑party IT providers to reach hardened targets.

Boyd Gaming Reports Data Breach After Cyberattack, SEC Filing

🔒 Boyd Gaming Corporation disclosed it suffered a cyberattack that resulted in unauthorized access to its IT systems and the removal of certain data, including employee information and data for a limited number of other individuals. The company said it engaged external cybersecurity experts and notified law enforcement, and that it is notifying impacted individuals and regulators as required. Boyd Gaming reported operations were not affected, does not expect a material adverse financial impact, and expects its cybersecurity insurance to cover related costs.

Microsoft Purview Study: 30% Reduction in Breach Risk

🔒 The Forrester Total Economic Impact™ study commissioned by Microsoft found that Microsoft Purview reduced the likelihood of data breaches by 30% for a composite organization, yielding more than $225,000 in annual savings from avoided incidents and fines. The report credits unified governance, automated classification, and fine‑tuned DLP policies with a 75% reduction in investigation time and 75% time savings for users searching and classifying data. Over three years the study shows $3.0M in benefits versus $633,000 in costs (NPV $2.3M; ROI 355%).

Data Loss Rises Despite Increased Security Spending

🔒 The 2025 Data Security Report from Fortinet and Cybersecurity Insiders finds that data loss is increasing even as organizations shift to programmatic approaches and boost budgets for insider risk and data protection. Legacy DLP tools, designed for perimeter-era environments, lack visibility into employee interactions across SaaS, cloud, and generative AI, and they fail to provide the context needed to separate accidents from real threats. The report urges adoption of behavior-aware, unified platforms—such as FortiDLP integrated with identity and activity telemetry—to turn alerts into actionable risk narratives and reduce costly insider incidents.