100 links
tagged with data-breach
Click any tag below to further narrow down your results
Links
Billions of stolen cookies are currently for sale online, with a significant percentage remaining active and exploitable, posing serious security risks to users. Cybercriminals can use these cookies to gain unauthorized access to personal accounts and sensitive data, often bypassing traditional security measures like multi-factor authentication. Experts recommend being cautious with cookie acceptance and maintaining updated security practices to mitigate these threats.
A security lapse at HelloGym exposed 1.6 million audio recordings of gym customers and staff, including sensitive personal and financial information, due to an unencrypted and unprotected database. The vulnerability could allow criminals to exploit the recordings for identity theft and social engineering scams, highlighting the importance of data security measures such as encryption and proper data management.
The Scattered Spider ransomware group has decided to cease operations due to intense law enforcement pressure following significant cyberattacks on companies like Jaguar Land Rover and Salesforce. In a farewell message, they apologize to their victims and hint at a possible return with a new venture called "ShinySp1d3r RaaS."
Oracle has informed clients of a second cybersecurity breach in which a hacker stole old client log-in credentials from its systems. The stolen data, which includes credentials from as recently as 2024, is being investigated by the FBI and cybersecurity firm CrowdStrike, with the company assuring clients that the compromised system has not been in use for eight years, minimizing the risk.
Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.
HMRC has reported a loss of £47 million due to a phishing scam that compromised 100,000 taxpayer accounts, although affected individuals will not incur any financial loss. The breach involved organized crime using stolen personal information, but HMRC clarified that it was not a cyber-attack and has since secured the accounts and removed any incorrect information. Affected taxpayers will receive notifications from HMRC in the coming weeks.
The article outlines a timeline of significant events related to SK Telecom's recent data breach, detailing the implications for the company and its customers. It highlights the response measures taken by SK Telecom and the broader impact on the telecommunications industry in South Korea.
Episource has reported a data breach affecting over 5 million patients in the U.S., following a cyberattack that occurred between January 27 and February 6, 2025. The breach exposed various sensitive health information, including names, addresses, and medical records, although no banking or payment card data was compromised. Affected individuals are being notified and advised to monitor for suspicious activity.
Recent reports of a massive credentials leak are misleading, as the exposed data comprises previously stolen credentials collected over time from infostealers and data breaches, rather than a new data breach. Users are advised to maintain good cybersecurity practices, including using unique passwords and enabling two-factor authentication to protect their accounts from potential threats.
Pandora has confirmed a cyber attack that compromised customer data through a third-party vendor. The breach has raised significant security concerns as sensitive information may have been exposed, prompting the company to investigate the extent of the incident and reinforce its data protection measures.
Connex Credit Union has reported a data breach impacting 172,000 individuals, with hackers likely stealing personal information such as names, account numbers, and Social Security numbers. The breach was detected on June 3, and while no unauthorized access to member accounts has been found, the organization is warning customers about potential scam calls and messages.
A significant data breach affecting hotels in Italy has raised concerns over the potential misuse of stolen personal identification information. The Italian data protection authority has initiated an investigation and advised individuals to monitor their documents and report any suspected theft. Malicious actors frequently target the hospitality sector, heightening the urgency for protective measures.
Verizon's report emphasizes a significant oversight in mobile cybersecurity, revealing that organizations often neglect mobile security despite the rise of smishing attacks. With a high percentage of employees falling victim to these attacks, the report calls for better security practices and awareness to mitigate risks associated with personal mobile devices.
WestJet is investigating a cyberattack that disrupted access to its internal systems and app, affecting user logins. The airline has activated specialized teams in collaboration with law enforcement to address the breach while ensuring safety and protecting sensitive data. Although some services have been restored, it remains unclear whether the incident was a ransomware attack or a precautionary shutdown of systems.
A security researcher discovered an SQL injection vulnerability in the Catwatchful stalkerware service, leading to the compromise of over 60,000 user accounts, including plaintext logins and passwords. After reporting the vulnerability, actions were taken to shut down the service and investigate its operators, highlighting the risks associated with such spyware applications.
Hackers have leaked 2.8 million sensitive records from Allianz Life due to a data breach involving Salesforce. The compromised data includes personal information that could pose significant risks to affected individuals. Organizations are urged to enhance data protection measures to prevent similar incidents in the future.
Hawaiian Airlines reported a cybersecurity incident affecting its IT systems, discovered on June 23, but confirmed that flights continue to operate safely. Experts suggest the attack may be linked to the Scattered Spider group, known for targeting various industries, and the airline is working with authorities to investigate the breach.
Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.
DaVita, a leading kidney dialysis provider in the U.S., reported a ransomware attack that encrypted parts of its network and affected some operations over the weekend. The company activated response protocols to contain the incident and continues to provide patient care while investigating the breach's full scope, which may involve stolen patient data.
Valsoft Corporation has reported a data breach affecting over 160,000 individuals, discovered on February 14, 2025. The breach involved unauthorized access to a non-production network of its subsidiary, Aspire USA, where personal information such as names, Social Security numbers, and financial details were compromised. The company is offering 12 months of free credit monitoring and has implemented enhanced security measures following the incident.
PowerSchool has reported that the hacker behind a December cyberattack is now extorting individual school districts, threatening to release stolen student and teacher data unless a ransom is paid. Despite previously paying a ransom to prevent such an incident, PowerSchool acknowledges that the threat actor has not kept their promise to delete the data, leading to renewed extortion attempts against affected schools.
A ransomware group known as Medusa has breached Albavision, a major media company, stealing sensitive data and demanding a ransom for its return. The attack showcases the increasing threat of cybercrime targeting prominent organizations, emphasizing the need for robust cybersecurity measures.
Wealthsimple, a Canadian financial services firm, has reported a data breach affecting the personal data of less than 1% of its customers. The company confirmed that no funds or passwords were compromised, and it is offering affected users two years of complimentary credit monitoring and security advice. The breach was linked to a third-party software package and is not related to ongoing Salesforce data theft incidents.
Rainwalk, a pet insurance provider, has reportedly exposed sensitive customer data related to 158,000 pets, including personal and medical information. This data breach raises significant concerns about privacy and data security within the pet insurance industry as affected customers face potential identity theft and fraud risks.
Kelly Benefits experienced a significant data breach in December that affected over 400,000 individuals. The breach involved the exposure of sensitive personal information, prompting the company to inform affected clients and offer support for identity theft protection.
Insight Partners has confirmed that a ransomware attack in January compromised the personal data of over 12,000 individuals, including employees and limited partners. The breach, initially described as a "sophisticated social engineering attack," involved unauthorized access to HR and finance servers, with details of the stolen data remaining undisclosed. The firm has since enhanced its security measures and offered credit monitoring to those affected.
A critical vulnerability has been discovered in Salesforce's AgentForce, which could potentially allow unauthorized access to sensitive data. This flaw poses significant risks, prompting immediate attention and action from Salesforce to secure their systems and protect user information.
GlobalX, a charter airline involved in deportation flights for the U.S. government, experienced a cybersecurity breach resulting in the potential theft of flight records and passenger manifests. The company has activated its incident response protocols and is investigating the scope of the attack while maintaining that its operations have not been disrupted. Reports suggest the attackers may have already leaked information regarding the incident.
Google has warned users of the Salesloft Drift AI chat agent that their security tokens may be compromised following a breach that allowed attackers to access Google Workspace accounts. The situation is more extensive than initially reported, prompting Google to revoke affected tokens and disable integrations, while Salesloft has not yet updated its security guidance to reflect the new findings.
Bitcoin Depot has disclosed a data breach affecting nearly 27,000 customers, revealing sensitive information such as names, phone numbers, and driver's license numbers. The breach was detected in June 2023, but public notification was delayed due to an ongoing federal investigation. Affected individuals are urged to remain vigilant for fraud, as no identity protection services are being offered.
A company known for selling spyware to monitor sex offenders has reportedly suffered a data breach, exposing sensitive information. The hack raises concerns about the security measures in place for companies dealing with sensitive data related to criminal monitoring.
Onsite Mammography, a Massachusetts medical provider, has reported a data breach that has compromised the personal and health information of over 350,000 patients. The breach, discovered in October 2024, involved unauthorized access to an employee's email account, leading to exposure of sensitive data including Social Security numbers and medical information. The company is offering affected individuals 12 months of free credit monitoring and identity protection services.
A 19-year-old college student, Matthew D. Lane, pleaded guilty to charges related to a cyberattack on PowerSchool that extorted millions by threatening to leak sensitive personal data of millions of students and teachers. The attack involved breaching a telecommunications company to access and steal confidential information before demanding a ransom from PowerSchool and subsequently targeting individual school districts for further extortion.
The Alcohol & Drug Testing Service (TADTS) has reported a data breach affecting approximately 750,000 individuals, following a ransomware attack in July 2024. Compromised data includes sensitive personal information such as Social Security numbers, financial details, and health insurance information.
Sensitive data has been stolen in a ransomware attack on West Lothian Council's education network, prompting the council to inform parents and staff. While the stolen data primarily pertains to operational issues, there is a possibility that personal information, including confidential records, has been compromised. Investigations are ongoing, and the council has advised vigilance against potential misuse of the data.
A hard-coded API key was discovered in an AI note-taking app, leading to the exposure of users' private meeting transcripts. This vulnerability raises significant concerns about data security and user privacy within the application. Immediate actions are needed to address and rectify such security flaws to protect user information.
Laboratory Services Cooperative has reported a significant data breach affecting 1.6 million individuals, with personal and medical information stolen during an October 2024 cyberattack. The organization is providing affected individuals with free credit monitoring and identity protection services while monitoring the dark web for any misuse of the stolen data.
A data breach at Blue Shield of California has exposed the health information of millions of individuals to Google. The breach highlights significant concerns regarding data privacy and the security measures in place within large health insurance companies. Authorities are investigating the incident to assess the extent of the exposure and its implications.
French retailer Auchan has been targeted by a significant cyberattack, resulting in compromised customer data and operational disruptions. The incident highlights the increasing vulnerability of retail businesses to cyber threats, prompting a call for enhanced security measures and response strategies in the industry.
The article discusses a ransomware attack targeting SimpleHelp, compromising its infrastructure and impacting users. This incident highlights the ongoing threats posed by ransomware and the importance of cybersecurity measures for businesses and service providers.
IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.
Plex has notified its users to change their passwords following a recent data breach that may have compromised user account information. The company is taking steps to enhance security and protect user data in light of the incident.
The Zurich-based non-profit health foundation Radix suffered a ransomware attack that compromised the data of several Swiss federal offices. The Sarcoma ransomware group released 1.3TB of stolen data on the dark web after ransom demands were ignored, although the Swiss National Cyber Security Center confirmed that Radix did not have direct access to federal systems.
SK Telecom (SKT) has been fined KRW134.8 billion ($97.2 million) by South Korea's Personal Information Protection Commission for failing to protect customer data after a significant data breach affected 23 million users. The investigation highlighted negligence in security measures and management, leading to a loss of nearly 750,000 subscribers and a forecasted decline in future profits.
A ransomware attack in Ohio has disrupted the operations of a local government agency, affecting over 45,000 residents. The attack has prompted an investigation and raised concerns about cybersecurity measures in place to protect sensitive information.
A significant data breach has been reported at the Bangalore Water Supply and Sewerage Board, compromising the personal information of over 290,000 citizens. The cybersecurity firm CloudSEK discovered this vulnerability, raising concerns about the potential misuse of the sensitive data exposed in the breach.
A Michigan rural health system has notified approximately 140,000 patients of a data breach resulting from a hacking incident. The breach highlights ongoing concerns regarding cybersecurity in the healthcare sector, particularly the risks associated with unauthorized access to protected health information.
Allianz Life has reported a significant data breach affecting approximately 1.1 million customers. The breach allegedly involved unauthorized access to sensitive personal information, raising concerns about data security and privacy for those impacted.
Farmers Insurance has reported a data breach that compromised the personal information of more than one million individuals, including names, addresses, dates of birth, and Social Security numbers. The breach was discovered shortly after the data theft occurred, but it remains unclear whether a third-party vendor was involved in a ransomware attack.
Mainline Health Systems and Select Medical Holdings have reported data breaches affecting over 100,000 individuals. Mainline Health's breach was linked to the Inc Ransom ransomware group, while Select Medical's data exposure resulted from a security incident involving a former vendor.
A hacking group has reportedly stolen over 1 billion records from Salesforce customer databases, raising significant concerns about data security and the potential repercussions for affected companies. The breach underscores the vulnerabilities in cloud services and the ongoing threat posed by cybercriminals.
The article delves into the Gentlemen ransomware, exploring its modus operandi and the tactics employed by its operators. It highlights the impact of such ransomware on victims and discusses the broader implications for cybersecurity and ransomware trends.
Genea IVF has confirmed that sensitive patient health information, including personal and medical details, has been posted on the dark web following a cyber attack five months ago. Patients are now calling for stricter laws to hold companies accountable for data breaches, as the Australian Federal Police continue to investigate the incident.
A critical vulnerability in file transfer protocols has been exploited, leading the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert. The flaw allows unauthorized access and potential data breaches, prompting organizations to update their systems and mitigate risks immediately.
Volvo Group North America has notified employees of a data breach caused by a ransomware attack on third-party supplier Miljödata. The breach, which impacted thousands of individuals, included the theft of sensitive personal information such as names, Social Security numbers, and email addresses. In response, Volvo is offering affected individuals 18 months of free identity protection and credit monitoring services.
Fairmont Federal Credit Union in West Virginia has notified approximately 187,000 individuals of a data breach that exposed sensitive personal information, including Social Security numbers and financial details. The breach, detected in January 2024, is linked to vulnerabilities in third-party software or employee phishing attacks, highlighting the ongoing cybersecurity challenges faced by smaller financial institutions. Affected individuals are being offered credit monitoring services while investigations into potential negligence and class-action claims are underway.
Dell has acknowledged that hackers leaked data from a compromised demo environment, but insists the information is synthetic and does not include any sensitive data. The breach was linked to the WorldLeaks group, which claimed to have stolen 1.3 terabytes of information. Dell emphasizes that the compromised environment is separate from its main systems and contains only non-sensitive information.
M&S confirmed that a sophisticated impersonation attack led to a ransomware breach of their network, attributed to the DragonForce ransomware operation. The attackers tricked a third-party IT support company into resetting an employee's password, allowing access to M&S systems, which resulted in data theft and system shutdowns. M&S has not disclosed whether a ransom was paid or not, citing public interest concerns.
The article discusses the exposure of confidential informants within the Louisiana Sheriff's Office following a significant hack. Sensitive information was leaked, raising concerns about the safety and privacy of those involved in law enforcement operations. The breach highlights vulnerabilities in law enforcement data security and its potential consequences.
French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.
Medusa ransomware has been linked to a significant data breach at Comcast, exposing sensitive customer information. The breach highlights the increasing vulnerabilities of large corporations to cyberattacks and the need for enhanced security measures.
A data breach at Canadian airline WestJet has compromised the personal information of approximately 1.2 million passengers. The airline is investigating the incident and has notified affected individuals about the potential risks to their data security.
A significant data breach at Lotte Card has exposed personal information of over 1 million users, with estimates suggesting the leak could impact several million. The Financial Supervisory Service's investigation revealed the breach was much larger than the initially reported 1.7 GB. Lotte Card is set to apologize and announce response measures on the 18th.
Sotheby's reported a data breach that occurred on July 24, affecting the financial account information and Social Security numbers of two Maine residents. The auction house has implemented safeguards to protect data but is now offering affected individuals 12 months of credit monitoring services following the incident. This breach follows a similar attack on Christie's in 2024, highlighting ongoing vulnerabilities in the auction industry.
The article announces the launch of Have I Been Pwned 2.0, which introduces new features and improvements to the popular data breach notification service. It highlights enhancements in user experience, security, and the addition of new data sources to help users check if their personal information has been compromised.
The University of Maryland Medical Center (UMMC) is facing a class action lawsuit from former and current employees after a pharmacist allegedly used keyloggers and spyware to access personal information and conduct a cyberstalking campaign against approximately 80 female co-workers. The lawsuit claims UMMC failed to implement adequate cybersecurity measures, which allowed the pharmacist to exploit sensitive data over nearly a decade.
Coinbase experienced a significant data breach in 2025 that compromised the personal information of nearly 70,000 users due to unauthorized access by outsourced call center agents in India. The attackers leveraged social engineering tactics, leading to a rise in phishing attempts, while Coinbase faced estimated remediation costs between $180 million to $400 million and launched a bounty for information on the perpetrators. The incident has sparked discussions on the vulnerabilities associated with outsourcing sensitive customer data management.
A 27-year-old former student of Western Sydney University has been arrested for allegedly hacking the university's systems to obtain cheaper parking and access confidential data, affecting hundreds of staff and students. Birdie Kingston faces 20 charges, including unauthorized access and data theft, and is accused of stealing over 100GB of data and manipulating academic records. Despite prior warnings from police, she continued her hacking activities, even threatening to sell stolen student information on the dark web.
Northwest Radiologists has experienced a significant data breach affecting approximately 350,000 patients in Washington. The breach, which involves sensitive personal information, highlights ongoing concerns about data security in the healthcare sector. Affected individuals are being notified and offered assistance to mitigate potential risks.
Google reported that hackers compromised its Salesforce database, resulting in the theft of sensitive customer data. The breach highlights ongoing vulnerabilities in data security systems and raises concerns among Google’s clients regarding the safety of their information.
A ransomware attack on Business Systems House (BSH), a payroll provider previously working with Broadcom, resulted in the theft of employee data. Although Broadcom has since switched payroll providers, the breach exposed sensitive information of current and former employees, prompting notifications and security recommendations from the company and its former payroll partner ADP.
Claims of a data breach at the US Environmental Protection Agency (EPA) are being scrutinized as researchers found that the leaked data primarily consists of biochemical assay information, which is not deemed highly sensitive. Despite the leak suggesting potential unauthorized access to EPA systems, the actual content appears to lack critical private details.
MainStreet Bancshares announced that customer data was stolen during a breach at a third-party vendor, affecting about 4.65% of its customer base. The bank confirmed that its own systems were not compromised and activated its incident response process immediately. Meanwhile, U.S. banking organizations are lobbying the SEC to repeal stringent reporting requirements for cybersecurity incidents introduced in late 2023, arguing they create unnecessary risks and complexities.
A data breach at Harbin Clinic has compromised the financial and personal information of over 210,000 patients, including names, addresses, Social Security numbers, and financial account details. The clinic advises affected individuals to monitor their financial accounts for suspicious activity as stolen data may end up on underground markets, posing risks of identity theft and fraud.
Toys “R” Us Canada has notified customers of a data breach in which threat actors leaked personal customer information, including names, addresses, emails, and phone numbers, but not passwords or credit card details. The breach was discovered on July 30, 2025, when the data was posted on the dark web, prompting the company to enhance its cybersecurity measures and notify regulatory authorities. Customers are advised to be vigilant against phishing attempts following the breach.
Password Monitor is an open-source application that helps users verify if their passwords have been compromised in data breaches by integrating with Have I Been Pwned?. It prioritizes user privacy, does not collect personal data, and allows users to verify the integrity of the application files through SHA-256 hashing. The app features a modern design and supports both light and dark themes without ads.
The Rhysida ransomware group claims to have stolen 2.5 TB of files from the Oregon Department of Environmental Quality (DEQ) after the agency denied any evidence of a data breach. Following a cyberattack that disrupted various services, the hackers threatened to auction the stolen data unless a ransom of 30 bitcoin ($2.5 million) is paid.
DaVita, a kidney dialysis firm, has confirmed that it was the victim of a ransomware attack that compromised the personal data of approximately 2.7 million individuals. The breach has raised significant concerns regarding the protection of sensitive health information and the potential consequences for those affected.
Columbia University experienced a significant data breach in 2025, exposing sensitive financial and academic records of students and alumni. The attack, reportedly linked to politically motivated hackers, compromised data for over 2 million individuals, raising serious concerns about cybersecurity in academia and prompting discussions on the need for improved data protection measures.
Data I/O, a technology manufacturer, has reported a ransomware incident that has caused operational outages, though the full impact of the breach remains unclear. The company recently posted a decrease in sales, reflecting challenges it faces amidst the ongoing cybersecurity threats affecting multiple organizations.
Over 300 entities have been affected by a new variant of the Atomic MacOS Stealer malware in a recent campaign. This malicious software targets MacOS systems to extract sensitive information, raising concerns about the security of Apple devices. Cybersecurity experts are advising users to remain vigilant and implement protective measures.
Hackers have leaked personal data of approximately 86 million AT&T customers, including names, addresses, and decrypted Social Security numbers. The breach has raised significant concerns about data security and the implications for affected individuals. AT&T has not confirmed the authenticity of the leaked data but is investigating the incident.
DraftKings has informed a small number of customers about account breaches resulting from credential stuffing attacks, where attackers used stolen login credentials from other services. Although personal data such as names and addresses may have been accessed, sensitive financial information was not compromised. The company is taking steps to enhance security by requiring password resets and enabling multifactor authentication for affected accounts.
Fully Homomorphic Encryption (FHE) enables computations on encrypted data without decryption, potentially transforming internet privacy by keeping user data encrypted at all times. Despite current limitations in speed and efficiency, rapid advancements suggest FHE could soon support secure cloud computing and confidential transactions, shifting the paradigm from data harvesting to user privacy.
Over 103,000 individuals have been impacted by a data breach at Cornwell Quality Tools, a tool manufacturer based in Ohio. The Cactus ransomware group claimed responsibility for the attack, which involved the publication of sensitive materials, including corporate documents and driver's license copies. This incident follows a previous attack by the Hive ransomware gang in 2022.
McLaren Health Care has reported a significant data breach affecting the personal information of approximately 743,000 individuals. The breach occurred between July and August 2024, following a previous ransomware attack in 2023 that compromised the data of over 2 million people. The exposed information includes names and Social Security numbers among other sensitive details.
LexisNexis, a major data broker, has reported a security breach that compromised the personal information of over 364,000 individuals. The exposed data included sensitive details, raising concerns about data privacy and security practices within the company.
Nippon Steel Solutions has reported a data breach caused by the exploitation of a zero-day vulnerability in their network equipment. Cybercriminals threatened to leak stolen data, but subsequently ceased communication, leaving uncertainty about the breach's details and any potential connection to other incidents.
The Business Council of New York State has disclosed a data breach affecting over 47,000 individuals, with attackers accessing personal, financial, and health information between February 24 and 25. Although the breach was detected six months later, there is currently no evidence of fraud or identity theft related to the incident, and affected individuals will receive free credit monitoring services.
Secure document editing is increasingly vital in today's digital landscape due to rising cyber threats and data breaches. Organizations must prioritize robust security measures to protect sensitive information while enabling collaborative editing and sharing. Implementing encryption, access controls, and regular audits can significantly mitigate risks associated with document handling.
UAP has confirmed a ransomware attack that compromised personal data and email correspondence of its users. The breach raises concerns over data security and the potential misuse of sensitive information. UAP is currently investigating the incident and taking measures to enhance security protocols.
A cybersecurity breach at University of Chicago Medicine may have exposed the personal information of 38,000 patients, including names, Social Security numbers, and medical data. The breach occurred in July 2024 through a third-party vendor, Nationwide Recovery Systems, which has since been terminated. UChicago Medicine is notifying affected patients by mail and has implemented measures to enhance security.
Conduent, a major American business services and government contractor, confirmed that client data was stolen during a cyberattack in January 2025. The breach involved personal information of individuals associated with the company's clients, though there are currently no indications that the data has been made public. Conduent is assessing the impact of the breach and informing clients as necessary.
Coinbase has reported a data breach that affects at least 69,000 customers, potentially exposing sensitive information. The company is investigating the incident and has advised affected users to secure their accounts and monitor for suspicious activity.
Hellcat ransomware has been found targeting firms by stealing Jira credentials, leading to significant data breaches. The malware is designed to extract sensitive information and poses a serious threat to organizations that rely on Jira for project management and collaboration. Cybersecurity experts are urging companies to enhance their defenses against such sophisticated attacks.
Recent cyberattacks on major retailers like United Natural Foods and Marks & Spencer have left customers unable to fulfill orders and resulted in empty store shelves. These breaches not only halt sales but also risk exposing personal customer data, increasing vulnerability to future phishing and fraud attempts.
The National Social Security Fund of Morocco has experienced a significant data breach, compromising sensitive personal information of its beneficiaries. The breach has raised concerns about the security measures in place to protect citizen data and the potential ramifications for those affected.
Bragg Gaming Group has reported a cybersecurity incident that affected its internal IT systems but claims that no customer data was compromised. The company is investigating the breach and continues to operate normally, although it has not disclosed how the attackers gained access or whether any data was stolen.
North Korean hacking group Kimsuky has experienced a significant data breach after two ethical hackers, known as 'Saber' and 'cyb0rg,' leaked 8.9GB of the group's data, exposing their tools and stolen information. The hackers criticized Kimsuky for its politically motivated cyber activities and claimed their actions were aimed at revealing the group's unethical practices. This breach may complicate Kimsuky's operations and disrupt their ongoing campaigns, although its long-term impact remains uncertain.
A security vulnerability in Verizon's Call Filter app allowed unauthorized access to incoming call logs of other users through an unsecured API request. Discovered by researcher Evan Connelly, the flaw was addressed by Verizon in March 2025, but the exposure duration remains unknown, raising concerns about the handling of sensitive user data.