All news with #data leak tag

Pixnapping vulnerability: Android screen-snooping risk

🔒 A newly disclosed exploit named Pixnapping (CVE-2025-48561) allows a malicious Android app with no special permissions to read screen pixels from other apps and reconstruct sensitive content. The attack chains intent-based off-screen rendering, translucent overlays, and a GPU compression timing side channel to infer pixel values. Google issued a September patch but researchers bypassed it, and a more robust fix is planned.

Qilin Ransomware Activity Surges, Targeting SMEs in 2025

🔐 Researchers at S-RM report a surge in activity by the Qilin ransomware-as-a-service operation, which leverages unpatched VPNs, single-factor remote access and exposed management interfaces to gain initial access. While some high-profile incidents hit healthcare, most victims are small-to-medium businesses in construction, healthcare and finance. S-RM also observed affiliates from Scattered Spider using Qilin’s platform, and noted new extortion channels including Telegram and public leak sites. The firm urges routine patching, widespread MFA adoption, network segmentation and proactive monitoring.

GlobalLogic warns 10,000 employees of Oracle data theft

🔒 GlobalLogic is notifying 10,471 current and former employees that personal data was stolen after attackers exploited an Oracle E-Business Suite zero-day. The compromised HR information includes names, contact details, birthdates, passport and tax identifiers, salary and bank account information. The incident aligns with a wider extortion campaign linked to the Clop ransomware group exploiting CVE-2025-61882.

Konni Exploits Google's Find Hub to Remotely Wipe Devices

⚠️ The North Korea-linked Konni threat actor has been observed combining spear-phishing and signed installers to compromise Windows and Android systems and exfiltrate credentials. Genians Security Center reports attackers used stolen Google account credentials to access Google Find Hub and remotely reset devices, causing unauthorized data deletion. The campaign, detected in early September 2025, uses malicious MSI packages and RATs including EndRAT and Remcos to maintain long-term access and propagate via compromised KakaoTalk sessions.

Yanluowang Broker Pleads Guilty to Ransomware Access

🔒 Aleksey Olegovich Volkov, a Russian national who used aliases including chubaka.kor and nets, has agreed to plead guilty to acting as an initial access broker for the Yanluowang ransomware group. Between July 2021 and November 2022 he sold credentials that enabled intrusions at eight U.S. companies and facilitated ransom demands ranging from $300,000 to $15 million. FBI warrants seized server logs, stolen data, chat histories and iCloud records linking Volkov to the scheme and to partial Bitcoin payments. He faces up to 53 years in prison and must pay more than $9.1 million in restitution.

Ludwigshafen City Administration Faces Extended IT Outage

🚨 Ludwigshafen's city administration shut down its IT systems on 6 November after monitoring tools flagged serious anomalies, leaving online services and phone and email communications unavailable. A specialist internet-forensics firm was engaged overnight and reported a cyberattack could not be ruled out; officials say indicators have since intensified. There is currently no evidence of citizen data exfiltration, and backups and emergency plans operated as intended while investigations continue.

ID Verification Laws Fueling a New Wave of Breaches

🔒 The proliferation of age and identity verification laws is forcing organizations to retain sensitive government-issued IDs, increasing breach risk. A recent Discord incident exposed ID images via a compromised third-party provider, showing how regulatory mandates can create high-value data stores. The article advises that MSPs and affected organizations adopt natively integrated platforms and a single-agent, single-console approach to reduce attack surface, simplify operations and centralize visibility to mitigate these new risks.

Email Blackmail and Scams: Regional Trends and Defenses

🔒 Most email blackmail attempts are mass scams that exploit leaked personal data and fear to extort cryptocurrency from victims. The article outlines common themes — fake device hacks, sextortion, and even fabricated death threats — and describes regional campaigns where attackers impersonate law enforcement in Europe and CIS states. It highlights detection signs and practical defenses, urging verification, use of reliable security solutions, and reporting threats through official channels.

U.S. Congressional Budget Office Hit by Cyberattack

🔒 The U.S. Congressional Budget Office confirmed a cybersecurity incident after a suspected foreign hacker breached its network. The agency says it acted quickly to contain the intrusion, implemented additional monitoring and new security controls, and is investigating the scope of the compromise. Officials warned that emails and exchanges between CBO analysts and congressional offices may have been exposed, prompting some offices to halt communications with the agency.

Hackers Blackmail Massage Parlour Clients in Korea

🔒 South Korean police uncovered a criminal network that used a malicious app to steal customer data from massage parlours and extort clients. The group tricked nine business owners into installing software that exfiltrated names, phone numbers, call logs and text messages, then sent threatening messages claiming to have video footage. About 36 victims paid between 1.5M and 47M KRW, with attempted extortion near 200M KRW. Authorities traced activity to January 2022 across Seoul, Gyeonggi and Daegu and made arrests in August 2023.

Phishing Campaign Targets Booking.com Partners and Guests

🔒 A large-scale phishing operation targeted Booking.com partner accounts and hotel staff, using impersonated emails and compromised hotel accounts to lure victims into running malicious commands. Attackers relied on redirection chains and the ClickFix social engineering tactic to execute PowerShell that delivered PureRAT. The remote access trojan enabled credential theft, screenshots and exfiltration, with stolen access sold or used to perpetrate payment fraud against guests.

Nikkei Slack Account Compromise Exposes Employee Data

🔒 Nikkei disclosed that unauthorized actors used malware to infect an employee’s computer, obtain Slack credentials, and access accounts on the company's Slack workspace. The firm reports that data for possibly more than 17,000 employees and business partners — including names, email addresses and chat logs — may have been stolen. Nikkei discovered the incident in September and implemented password resets and other remediation measures. The company said there's no confirmation that sources or journalistic activities were affected.

ThreatsDay Bulletin: Cybercrime Trends and Major Incidents

🛡️ This bulletin catalogues a broad set of 2025 incidents showing cybercrime’s increasing real-world impacts. Microsoft patched three Windows GDI flaws (CVE-2025-30388, CVE-2025-53766, CVE-2025-47984) rooted in gdiplus.dll and gdi32full.dll, while Check Point warned partial fixes can leave data leaks lingering. Threat actors expanded toolsets and infrastructure — from RondoDox’s new exploits and TruffleNet’s AWS abuse to FIN7’s SSH backdoor and sophisticated phishing campaigns — and law enforcement action ranged from large fraud takedowns to prison sentences and cross-border crackdowns.

Organized fraud ring abused payment providers, stole €300M

🔍 Authorities across three continents executed coordinated raids and arrests in a probe that uncovered an organized fraud network accused of using stolen credit‑card data to create over 19 million fake subscriptions and siphon more than €300 million. Investigators say suspects exploited vulnerabilities at multiple payment service providers, operated hundreds of sham websites offering porn, dating and streaming services, and used small recurring charges with opaque descriptions to avoid detection. The operation, named Operation Chargeback, was halted in 2021 and is the focus of ongoing international legal assistance.

Google: Cyber-Physical Attacks to Rise in Europe 2026

🚨 Google Cloud Security's Cybersecurity Forecast 2026 warns of a rise in cyber-physical attacks across EMEA targeting energy grids, transport and digital infrastructure. The report highlights increased state-sponsored espionage from Russia and China and anticipates these operations may form hybrid warfare combined with information operations to erode public trust. It also flags supply-chain compromises of managed service providers and software dependencies, and notes that cybercrime — including ransomware aimed at ERP systems — will remain a major disruptive threat to ICS/OT. Analysts further expect adversaries to increasingly leverage AI and multimodal deepfakes.

SonicWall Attributes September Backup Breach to State Actor

🔐 SonicWall has confirmed a state-sponsored threat actor was responsible for a September breach that exposed cloud-stored firewall configuration backup files. The company said the unauthorized access used an API call against a specific cloud environment and affected backups for fewer than 5% of customers. SonicWall engaged Google-owned Mandiant, implemented recommended mitigations, and released an Online Analysis Tool and a Credentials Reset Tool. Customers are advised to log in to MySonicWall.com to review devices and reset impacted credentials.

Hyundai AutoEver America: SSNs and IDs Exposed in Systems

🔐 Hyundai AutoEver America (HAEA) says hackers breached its IT environment, with the intrusion discovered on March 1, 2025. The investigation found unauthorized access dating back to February 22, 2025, and last observed activity on March 2, 2025. Affected data reportedly includes names and, according to the Massachusetts portal, Social Security numbers and driver's licenses. HAEA engaged external cybersecurity experts and law enforcement; the scope and number of individuals impacted remain unclear.

Half of Satellite Traffic Unencrypted, Exposing Data

🔭 Researchers at UC San Diego and the University of Maryland showed that a <$750 motorized satellite‑TV kit can intercept large volumes of geostationary traffic. They captured 3.7TB from 411 transponders across 39 satellites and found roughly half of sensitive streams — including VoIP, SMS, in‑flight Wi‑Fi and military telemetry — were unencrypted. Some operators patched rapidly, but many did not respond. Users should adopt VPNs, end‑to‑end messaging and prefer encrypted cellular services.

SonicWall: State-Sponsored Hackers Behind September Breach

🔒 SonicWall says a Mandiant-led investigation concluded that state-sponsored actors accessed cloud-stored firewall configuration backup files in September. The company reports the activity was isolated to a specific cloud environment and did not affect SonicWall products, firmware, source code, or customer networks. As a precaution, customers were advised to reset account credentials, temporary access codes, VPN passwords, and shared IPSec secrets. SonicWall also stated there is no connection between the breach and separate Akira ransomware activity.

Operation Chargeback: Dismantling Global Card-Fraud Rings

🔍 Operation Chargeback led to coordinated raids and arrests targeting three alleged international fraud and money-laundering networks that exploited stolen payment data from more than 4.3 million cardholders across 193 countries. Authorities executed 60 searches and 18 arrest warrants after nearly five years of investigation, seizing assets and digital evidence. Investigators say the groups generated roughly 19 million fraudulent subscription charges, abused payment-provider systems and used shell companies to launder proceeds while masking low-value recurring fees to avoid detection.