Tag: data leak
-
Cloud Gaming Compromise: NVIDIA Partner GFN.am Hit by Data Breach Exposing Millions of Records
NVIDIA has corroborated a data breach involving a subset of GeForce NOW subscribers, though the incursion was notably divorced from the corporation’s internal infrastructure. The compromise originated within the regional architecture of a service ally in Armenia, where GeForce NOW’s cloud gaming operations are facilitated through the local provider, GFN.am. Awareness of the breach emerged…
-
Class Dismissed? ShinyHunters Claims Massive Breach of 280 Million Records from Canvas LMS
Cybersecurity adversaries have asserted a monumental breach of one of the world’s preeminent pedagogical platforms, claiming the exfiltration of sensitive data belonging to hundreds of millions of students and educators. According to the syndicate known as ShinyHunters, approximately 280 million records—associated with 8,809 academic institutions and educational services—were purloined from the infrastructure of Instructure. Instructure…
-
Supply Chain Fallout: LAPSUS$ Leaks 96GB of Stolen Checkmarx Data Following TeamPCP Breach
Checkmarx is grappling with a distressing sequel to its March security breach, as data exfiltrated from a private GitHub repository has surfaced in the possession of the LAPSUS$ collective. The organization posits that the incursion originated from a supply chain offensive involving Trivy, with initial ingress facilitated by compromised administrative credentials. According to the Checkmarx…
-
Under the Ransom Countdown: Everest Group Threatens to Leak Sensitive Data of Major U.S. Banks
Cyber adversaries have issued a menacing ultimatum to disclose sensitive telemetry belonging to two prominent American financial institutions. Having already unveiled a fraction of the purloined intelligence, the marauders have granted a mere six-day window for deliberation. The leak repository of the Everest collective now features entries for the Texas-based Frost Bank and Citizens Financial…
-
Open Source, Open Access: 5 Million Servers Expose Critical Git Metadata and Credentials
Approximately five million web servers globally have been identified as misconfigured, exposing sensitive Git administrative metadata and precipitating an imminent risk of source code exfiltration and credential leakage. This alarming revelation stems from a comprehensive 2026 infrastructure audit conducted by the Mysterium VPN collective. The vulnerability arises when hidden repository directories are inadvertently mapped to…
-
The Gazprom Slip: Georgia Scrambles After State Secrets Leak on Official Portal
For several hours, the official portal of the Georgian government inadvertently hosted sensitive information that authorities would have preferred to remain sequestered from public scrutiny. The disclosure pertained to the procurement of Russian gas from Gazprom. The document was identified by investigators from the OCCRP, and shortly after its details were broadcast, the page vanished…
-
Doomsday for Hackers: 324,000 BreachForums Accounts Exposed in Massive Leak
A comprehensive database associated with BreachForums—one of the most notorious clearinghouses for exfiltrated data and illicit network access—has been leaked online, compromising the credentials of nearly 324,000 accounts. The platform has survived numerous incarnations, tracing its lineage back to the defunct RaidForums, which collapsed following the apprehension of its proprietor. Since that time, BreachForums has…
-
The Octopus Trap: Iranian Hackers Breach Naftali Bennett’s Telegram in Bold Cyber Strike
Former Israeli Prime Minister Naftali Bennett has acknowledged that his Telegram account was accessed without authorization, even though his device itself was not compromised. He made the statement after reports emerged alleging that his iPhone had been hacked and that a data leak was linked to an Iranian hacking group. The remarks followed publications by…
-
Emergency Doxing: Scammers Impersonate Police to Steal Data from Apple, Charter, and Amazon
A scheme is gaining momentum worldwide in which doxers impersonate police officers and use so-called “emergency requests” to coerce major companies into disclosing private personal data within minutes. On September 4, for example, an employee at Charter Communications’ legal response center received what appeared to be an urgent email from “Officer Jason Corse” of the…
-
China’s “King of Vulnerabilities” Hacked: Knownsec Leak Exposes Zero-Day Flaws
A data leak at the Chinese company Knownsec—long heralded as one of the flagships of the nation’s cybersecurity industry—has dealt the firm a reputational blow and forced an unexpected admission of internal weaknesses. In early November, unknown actors published a trove of the company’s internal documents online, revealing that the so-called “king of vulnerabilities” had…
-
New Threat Landscape: AI Browsers Create Agentic Vulnerabilities & Amplified Data Risk
AI-powered browsers are rapidly reshaping the familiar landscape of web browsing, evolving from passive tools for displaying pages into active participants in user interaction. Following the recent launch of Copilot Mode in Microsoft Edge and the integration of ChatGPT Atlas from OpenAI, attention to the security risks surrounding these technologies has sharply increased. Cybersecurity experts…
-
Data Leak in Microsoft Copilot: Emails Exfiltrated via Hidden Mermaid Diagram
A novel vulnerability was discovered in Microsoft 365 Copilot that permitted covert exfiltration of user data via an innocuous-looking Mermaid flowchart. The flaw lay in Copilot’s handling of a specially crafted document: the assistant could execute concealed instructions and leak confidential information to an attacker by abusing the diagram-rendering and CSS features. The exploit began…
-
Microsoft Warns of Shadow AI Risk, Yet Promotes “Bring Your Own Copilot” for Enterprise Users
While Microsoft continues to actively promote its Copilot tools for the corporate sector, the company has also begun warning of the growing dangers of uncontrolled “shadow” AI use among employees. A new report raises alarms over the rapid expansion of so-called “Shadow AI” — cases in which workers employ unauthorized neural networks and bots that…
-
Shocking Discovery: Nearly Half of Geostationary Satellites Leak Unencrypted Military, Corporate, and T-Mobile Data
Satellite communication channels used by government agencies, military organizations, corporations, and mobile operators have become the source of a massive global data leak. Researchers from the University of California, San Diego and the University of Maryland discovered that nearly half of all geostationary satellites transmit data without any form of encryption. Over a span of…
-
OpenAI Patches “ShadowLeak,” a Zero-Click Flaw in Deep Research Agent
OpenAI has patched a critical vulnerability known as ShadowLeak, which allowed its cloud-based agent Deep Research to silently siphon personal data from connected sources and exfiltrate it to external servers—even without the victim opening a malicious email. The zero-click exploit was discovered by researchers at Radware, who promptly disclosed it to the company. Deep Research…
-
The Trojan Horse in Your IDE: How AI Assistants Can Be Tricked into Hacking Your Code
Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based coding assistants. These tools, integrated into IDEs such as GitHub Copilot, can perform a wide range of tasks—from code autocompletion to test generation. Yet the very same functions can be turned to malicious ends: implanting backdoors, exfiltrating…