All news with #data leak tag

Human Cost of UK Government's Afghan Data Leak Exposed

🔓 A leaked Ministry of Defence spreadsheet in February 2022 exposed thousands of Afghan nationals who assisted UK forces, and research from the charity Refugee Legal Support shows the fallout continues. Survivors report murder, torture, repeated home searches and persistent Taliban threats; 49 people are reported to have lost relatives or colleagues. Only a minority were offered relocation to the UK, underscoring how data leaks and inadequate responses can cause real, ongoing harm.

Proton Finds 300M+ Records Linked to 794 Breaches Worldwide

🔎 Proton and Constella Intelligence have launched the Data Breach Observatory, a real‑time dark‑web monitoring service that has identified more than 300 million compromised records tied to 794 incidents so far this year. The service combines automated crawlers, curated feeds and human analysts to surface breached data and alert affected parties. Proton says small and medium businesses are heavily targeted, with email addresses, names and contact details the most commonly exposed items. If aggregated datasets are included, Proton reports incidents rise to 1,571 and exposures reach hundreds of billions of records.

LinkedIn to Use EU, UK and Other Profiles for AI Training

🔒 Microsoft-owned LinkedIn will begin using profile details, public posts and feed activity from users in the UK, EU, Switzerland, Canada and Hong Kong to train generative AI models and to support personalised ads across Microsoft starting 3 November 2025. Private messages are excluded. Users can opt out via Settings & Privacy > Data Privacy and toggle Data for Generative AI Improvement to Off. Organisations should update social media policies and remind staff to review their advertising and data-sharing settings.

Smashing Security Podcast 441: Poker, F1 Data Risks

🎧 In episode 441 Graham Cluley and guest Danny Palmer discuss an alleged poker scam that reportedly involved basketball players working with organised crime to cheat high‑stakes games using hacked shufflers, covert cameras and an X‑ray card table. Researchers also uncovered that an FIA driver portal could be probed to expose personal details of Formula 1 stars. The hosts close with Graham’s “Pick of the Week,” a surreal CAPTCHA browser game, and a lighter cultural segment.

Plugin Flaw Lets Subscribers Read Any Server File Now

⚠️ The Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions up to 4.23.81) contains a vulnerability (CVE-2025-11705) that allows low-privileged subscribers to read arbitrary files on the server. The issue is caused by missing capability checks in the GOTMLS_ajax_scan() AJAX handler, enabling attackers who can obtain a nonce to access sensitive files like wp-config.php. The developer released v4.23.83 on October 15, which adds a proper capability check via a new GOTMLS_kill_invalid_user() function; administrators of membership sites should update immediately.

Ransomware Hits Swedish Grid Operator Svenska kraftnät

🔒 On October 25, 2025 the ransomware group Everest listed state grid operator Svenska kraftnät on its darknet leak site, claiming about 280 GB of stolen data. Svenska kraftnät confirmed on October 26 that attackers accessed certain sensitive information via an isolated external file-transfer solution and said investigations are underway. The utility — which operates roughly 16,000 km of high-voltage lines — said there is currently no indication the physical grid was affected and that it is coordinating with police and national cybersecurity authorities.

Dentsu Confirms Data Breach at U.S. Subsidiary Merkle

🔒 Dentsu disclosed a cybersecurity incident at its U.S. subsidiary Merkle, saying attackers accessed and stole files containing client, supplier, and employee information. The company detected abnormal activity, proactively took certain systems offline, and initiated incident response procedures while engaging third‑party responders. A circulated memo indicated exposed payroll and bank details, salary and National Insurance numbers, and personal contact details; impacted individuals are being notified and authorities in affected countries have been informed. Dentsu said Japan-based systems were not impacted and that the full scope and financial impact remain under investigation; no ransomware group has claimed responsibility so far.

Building Data Security from the Inside Out: Hybrid Focus

🛡️ Cybersecurity Awareness Month underscores that protecting organizational data requires attention to internal handling as well as external threats. Fortinet’s 2025 Insider Risk Report found 77% of organizations experienced insider-related data loss in the past 18 months, with nearly half of incidents tied to simple negligence. The report highlights mounting GenAI concerns and recommends a layered approach combining visibility, behavioral analytics, and real-time coaching to prevent accidental and malicious loss.

Copilot Mermaid Diagrams Could Exfiltrate Enterprise Emails

🔐 Microsoft has patched an indirect prompt injection vulnerability in Microsoft 365 Copilot that could have been exploited to exfiltrate recent enterprise emails via clickable Mermaid diagrams. Researcher Adam Logue demonstrated a multi-stage attack using Office documents containing hidden white-text instructions that caused Copilot to invoke an internal search-enterprise_emails tool. The assistant encoded retrieved emails into hex, embedded them in Mermaid output styled as a login button, and added an attacker-controlled hyperlink. Microsoft mitigated the risk by disabling interactive hyperlinks in Mermaid diagrams within Copilot chats.

Volvo Third-Party Breach Highlights Forensic Readiness Gaps

🔒 In August 2025 Volvo Group North America disclosed a breach that originated in its third‑party HR provider, Miljödata, and a slow timeline of detection and notification has raised questions about forensic readiness. Reported exposed records included Social Security numbers and sensitive employee identifiers, and Volvo offered 18 months of identity‑protection services. The author provides five practical recommendations to preserve evidentiary integrity: embed forensics from day zero, align IR and forensic priorities, automate collection and triage, contractually manage vendor response, and coordinate legal messaging to reduce litigation and regulatory risk.

Google Refutes False Claims of Massive Gmail Breach

🔒 Google says reports of a massive Gmail data breach are false and that the coverage mischaracterizes a large compilation of exposed credentials. The 183 million-account figure reflects aggregated infostealer databases and credential dumps compiled over years, not a single Gmail compromise. Troy Hunt added the dataset to Have I Been Pwned, which found 91% of entries were previously seen; 16.4 million addresses were newly observed. Users should check their accounts, run antivirus scans, and change any compromised passwords.

Ransomware Payments Plunge as Victims Stop Paying Ransoms

🔒 Coveware reports ransomware payment rates have fallen to a record low — just 23% of victims paid in Q3 2025, continuing a multi-year decline from 28% in Q1 2024. Over 76% of incidents now involve data exfiltration, and theft-only cases see payments drop to 19%. Average and median ransoms fell to $377,000 and $140,000, respectively, as attackers pursue more targeted victims.

Qilin Ransomware: Over 40 Victims Listed Monthly in 2025

🔒 Cisco Talos reports that Qilin ransomware sustained a surge through the second half of 2025, publishing more than 40 victim listings per month on its leak site and peaking at roughly 100 postings in June and August. The group uses a double-extortion model, encrypting systems and threatening to publish stolen data if ransoms are not paid. Operating as a RaaS, Qilin and its affiliates have heavily targeted manufacturing, professional/scientific services and wholesale trade. Investigators observed use of Cyberduck, standard Windows utilities for file viewing, and dual encryptors that spread laterally via PsExec and encrypt multiple network shares.

Ransomware Recovery Failures: Paying Often Doesn't Work

🔐 A Hiscox survey of 1,000 mid-sized firms finds ransomware remains a major risk: 27% of organizations reported attacks in the past year and 80% of victims paid ransom. Yet only 60% of those who paid recovered data fully or partially. Experts cite faulty encryptors, unreliable decryptors, corrupted backups and double/triple extortion as common causes. Industry specialists recommend tested recovery plans, retainers with incident response teams, and robust cyber insurance rather than relying on ransom payments.

Qilin Ransomware: Attack Methods and TTPs Exposed Globally

🔍 Cisco Talos details widespread Qilin ransomware operations observed in late 2025, highlighting persistent leak-site activity and sustained victim publication. The analysis links many intrusions to exposed administrative credentials and unprotected remote access, with manufacturing, professional services, and wholesale trade heavily affected. Talos documents abuse of open-source exfiltration tools (notably Cyberduck), dual-encryptor deployment patterns, credential harvesting with mimikatz and SharpDecryptPwd, and numerous defense-evasion techniques, recommending layered controls such as MFA, credential monitoring, and hardened backups.

Ransomware recovery falters: 40% of paying victims lose data

🔒 Two in five companies that pay ransomware attackers still fail to recover their data, according to a Hiscox survey of thousands of SMEs. The study found 27% of businesses were hit in the past year and 80% of affected firms paid a ransom, yet only 60% recovered all or part of their data. Experts blame flawed encryptors, corrupted or compromised backups, and complex double- or triple-extortion tactics. Organisations are urged to maintain tested recovery plans, forensic validation, and incident response retainers rather than rely on payment.

Toys R Us Canada confirms customer data leak; regulators

🔔 Toys R Us Canada has notified customers that a threat actor leaked records taken from its database after a posting on the dark web on July 30, 2025. An investigation with third-party cybersecurity experts confirmed the data's authenticity and found exposed fields may include full name, physical address, email, and phone number, while passwords and payment card details were not exposed. The retailer says it has strengthened IT security, is notifying Canadian privacy regulators, and warns customers to beware of phishing attempts.

Threat Source: SharePoint Exploits and Patch Urgency

⚠ Cisco Talos reports a sharp increase in attacks against public-facing applications, with the ToolShell chain exploiting unpatched Microsoft SharePoint servers rising to over 60% of IR cases this quarter. Ransomware-related incidents fell to about 20% but show evolving tactics, including leveraging legitimate tools and compromised internal accounts for persistence and phishing. Organizations are urged to prioritize rapid patching, robust network segmentation, centralized logging, MFA, and user education to reduce exposure.

ThreatsDay: Widespread Attacks Exploit Trusted Systems

🔒 This ThreatsDay bulletin highlights a series of recent incidents where attackers favored the easiest paths in: tricking users, abusing trusted services, and exploiting stale or misconfigured components. Notable items include a malicious npm package with a post-install backdoor, a CA$176M FINTRAC penalty for missed crypto reporting, session hijacking via MCP (CVE-2025-6515), and OAuth-based persistent backdoors. Practical defenses emphasized are rapid patching, disabling risky install hooks, auditing OAuth apps and advertisers, and hardening agent and deserialization boundaries.

Serious F5 Breach: Build System and BIG-IP Code Compromised

⚠️ F5 disclosed a major intrusion in which a sophisticated, likely nation-state threat actor maintained long-term access to its internal network. During the compromise the attackers gained control of the build and distribution environment for BIG-IP updates and exfiltrated proprietary source code, documentation of unpatched vulnerabilities, and customer configuration files. F5 warned this data could enable widespread supply-chain and targeted attacks against many sensitive networks.