Click any tag below to further narrow down your results
Links
Sax, a major US accounting firm, reported a data breach affecting about 220,000 individuals. The breach went undetected for over a year, raising concerns about the firm's cybersecurity measures and the potential exposure of sensitive personal and financial information.
Microsoft revealed a new side-channel attack called Whisper Leak that enables attackers to infer conversation topics from encrypted traffic between users and language models. The attack works despite HTTPS encryption and can identify sensitive subjects, raising serious privacy concerns. Various AI models have shown vulnerability, prompting some companies to implement countermeasures.
A cybersecurity researcher found a massive data leak from the MagicEdit AI image generator, revealing over a million images, including explicit content and potential deepfakes. The database was unprotected, raising serious privacy and ethical concerns about the misuse of personal images. The leak has been addressed, but the implications for user safety remain significant.
CIRO reported that a cybersecurity breach has compromised data for approximately 750,000 individuals. The incident raises concerns about data security and potential impacts on those affected. More details about the breach and its implications are expected to follow.
A data breach at Eurail has compromised personal information of travelers, including names, contact details, and ID numbers. The company is investigating the extent of the breach and has advised customers to reset passwords and watch for phishing attempts.
A hacktivist scraped over 536,000 payment records from a stalkerware provider, revealing customer email addresses and partial payment details. The data includes transactions for apps like uMobix and Xnspy, which are used to spy on individuals illegally. The breach highlights ongoing security failures within the stalkerware industry.
A security researcher discovered an SQL injection vulnerability in the Catwatchful stalkerware service, leading to the compromise of over 60,000 user accounts, including plaintext logins and passwords. After reporting the vulnerability, actions were taken to shut down the service and investigate its operators, highlighting the risks associated with such spyware applications.
The article discusses the alarming trend of sensitive data leaks associated with AI technologies, particularly through websites that utilize Vibe coding. It highlights the potential risks and implications of these leaks, emphasizing the need for better security measures to protect user information in the evolving digital landscape.
LexisNexis, a major data broker, has reported a security breach that compromised the personal information of over 364,000 individuals. The exposed data included sensitive details, raising concerns about data privacy and security practices within the company.
A cybersecurity breach at University of Chicago Medicine may have exposed the personal information of 38,000 patients, including names, Social Security numbers, and medical data. The breach occurred in July 2024 through a third-party vendor, Nationwide Recovery Systems, which has since been terminated. UChicago Medicine is notifying affected patients by mail and has implemented measures to enhance security.
Over 4 billion user records, including sensitive financial, WeChat, and Alipay data, were exposed in what is believed to be the largest data leak in China’s history. The dataset, comprising 631 gigabytes, was left unprotected and is thought to have been collected for surveillance and profiling purposes. Affected individuals face significant risks with no clear recourse due to the anonymity of the data's source.
Hong Kong's privacy authority is investigating a data breach at Louis Vuitton that has affected approximately 419,000 customers. The leaked data includes personal details such as names, passport information, addresses, and shopping history, although no payment information was compromised. The investigation will assess whether there were delays in notifying the authorities about the breach.
Over 40,000 security cameras worldwide are accessible via the internet, allowing potential hackers to exploit them for spying and other malicious activities. The cybersecurity firm Bitsight warns that these cameras, often used in homes and small offices, are at risk due to inadequate security measures, making them targets for cyberattacks. Users are advised to implement stronger security practices to protect their devices.
A former security chief of WhatsApp, Attaullah Baig, has filed a whistleblower lawsuit against Meta, alleging that the company failed to address significant cybersecurity flaws that jeopardized user data privacy. The lawsuit claims that around 1,500 engineers had unrestricted access to personal user information, violating a previous Federal Trade Commission order. Meta has denied the allegations presented in the lawsuit.
Legends International has informed customers and employees of a data breach resulting from a cyberattack. Compromised information includes personally identifiable information such as Social Security numbers, dates of birth, and payment details, although the specifics of the attack and the number of affected individuals remain unclear.
Insikt Group has uncovered new infrastructure related to the Candiru spyware vendor, revealing eight operational clusters linked to its DevilsTongue malware. The report highlights ongoing threats from mercenary spyware, emphasizing the need for heightened security measures and regulatory action as the spyware market evolves and targets individuals of high intelligence value.
A significant data breach involving Prephero has compromised sensitive information, raising concerns about the security of user data. The incident highlights the ongoing risks associated with digital privacy and the need for enhanced cybersecurity measures.
Western Sydney University has experienced a significant data breach, marking the second such incident within a short period. The breach has raised concerns about the university's data security measures and the potential impact on affected individuals.
The article delves into the concept of localhost tracking, explaining its implications for privacy and data collection practices. It highlights how this form of tracking operates behind the scenes and the potential risks associated with it for users and developers alike. The piece emphasizes the importance of understanding these mechanisms to safeguard personal data.
A new malware, identified as CL-STA-0969, has been discovered that covertly installs itself on targeted systems, posing a significant threat to users' security and privacy. Researchers warn that this malware is capable of evading detection by traditional antivirus software, making it particularly dangerous. Users are advised to enhance their security measures to protect against this emerging threat.
Faculty at the University of California are expressing strong opposition to a cybersecurity mandate involving Trellix software, fearing it could grant unauthorized access to their computers. Despite assurances from university officials that user content will remain protected, concerns persist about potential government overreach and the implications for academic freedom. The resistance has led to petitions and calls for unionization among faculty.