Tag: breach
-
Cryptohack Roundup: Step Finance, CrossCurve Exploits
Also: US Sanctions UK-Registered Exchanges Over Iran Ties. This week, Step Finance and CrossCurve hacks, the United States sanctioned U.K.-registered exchanges over Iran ties, forfeiture finalization of funds linked to Helix, Coinbase data breach, 2025’s illicit crypto flows and a UK regulator banned Coinbase ads. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-step-finance-crosscurve-exploits-a-30685
-
Proton Warns European Startups: No One Is Too Small to Be Targeted by Hackers
Tags: breach, business, cybercrime, cybersecurity, dark-web, data, hacker, monitoring, privacy, startupSwiss privacy company Proton is urging European startups to rethink their cybersecurity approach after new research based on dark-web breach monitoring found that early-stage companies are increasingly targeted by cybercriminals, with significant consequences for innovation, data protection, and business continuity. The push comes as Proton launches its new initiative, “Build in Private,” aimed at helping…
-
Substack warns customers of data breach following hacker’s dark web claims
Customers of the newsletter platform Substack were notified on Wednesday of a breach, following a hacker’s claims on the dark web of a trove of stolen data. First seen on therecord.media Jump to article: therecord.media/substack-data-breach-notification
-
Data breach at govtech giant Conduent balloons, affecting millions more Americans
The ransomware attack at Conduent allowed hackers to steal a “significant number of individuals’ personal information” from the govtech giant’s systems. Conduent handles personal and health data of more than 100 million people across America. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/05/data-breach-at-govtech-giant-conduent-balloons-affecting-millions-more-americans/
-
Substack confirms data breach affects users’ email addresses and phone numbers
Substack said that customer data was accessed in October 2025, but wasn’t discovered until early February. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-phone-numbers/
-
Newsletter platform Substack notifies users of data breach
Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/newsletter-platform-substack-notifies-users-of-data-breach/
-
The silent security gap in enterprise AI adoption
Tags: access, ai, api, backup, breach, business, cloud, compliance, computer, computing, control, credentials, cryptography, data, data-breach, encryption, exploit, finance, group, healthcare, infrastructure, malicious, risk, service, technology, threat, toolInfoWorld explains in its analysis of why AI is all about inference now.This shift has happened quickly. In many organizations, AI systems have moved from pilot projects to core infrastructure in less than two years. Yet security architectures have not evolved at the same pace. The result is a widening gap between where sensitive data…
-
Data breach at fintech firm Betterment exposes 1.4 million accounts
Hackers stole email addresses and other personal information from 1.4 million accounts after breaching the systems of automated investment platform Betterment in January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-breach-at-fintech-firm-betterment-exposes-14-million-accounts/
-
DragonForce Ransomware Targets Critical Businesses to Exfiltrate Sensitive Data
DragonForce is a ransomware group that emerged in late 2023 and has grown into a serious threat to businesses by combining data theft with file encryption. The group uses dual extortion: it steals sensitive data, encrypts systems, and then threatens to publish the stolen information on dark web leak sites if victims do not pay.”‹…
-
>>Can You Hear Me?<< BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS
The post >>Can You Hear Me?<< BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/can-you-hear-me-bluenoroff-hackers-use-fake-audio-glitch-to-breach-macos/
-
Significant Ransomware Firewall Misconfiguration Breach
When “Secure by Design” Fails at the Edge Firewalls are still widely treated as the first and final line of defense. Once deployed, configured, and updated, they are often assumed to be a stable control that quietly does its job in the background. Recent ransomware incidents suggest that the assumption is becoming dangerous. In early…
-
Hackers publish personal information stolen during Harvard, UPenn data breaches
The prolific cybercrime group ShinyHunters took responsibility for hacking Harvard and the University of Pennsylvania, and published the stolen data on its extortion website. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/04/hackers-publish-personal-information-stolen-during-harvard-upenn-data-breaches/
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
The Double-Edged Sword of Non-Human Identities
Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-double-edged-sword-of-non-human-identities/
-
Big Breach or Smooth Sailing? Mexican Gov’t Faces Leak Allegations
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
-
Big Breach or Nada de Nada? Mexican Gov’t Faces Leak Allegations
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
-
Coinbase confirms insider breach linked to leaked support tool screenshots
Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/
-
Universal £7,500 payout offered to PSNI staff over major data breach
Affected police officers squeezed mental health services, relocated over safety fears First seen on theregister.com Jump to article: www.theregister.com/2026/02/04/psni_breach_compensation/
-
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments
Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trustArchitecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
-
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes
Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach. First seen on hackread.com Jump to article: hackread.com/8-minute-takeover-ai-hijack-cloud-access/
-
Should I stay or should I go?
Tags: access, breach, business, ceo, cio, ciso, communications, compliance, cybersecurity, finance, fraud, insurance, jobs, network, risk, strategy, supply-chain, update, vulnerabilityRed flag: Cognitive disconnect: Lack of access to executives and the board comes up repeatedly in Cybersecurity Ventures reports as a top reason CISO’s decide to leave their jobs, according to Steve Morgan, founder of Cybersecurity Ventures. He cites lack of support as another top reason CISO’s leave.Splunk’s 2025 CISO report found 29% of respondents…
-
Security Researchers Breach Moltbook in Record Time
Security researchers from cloud cybersecurity firm Wiz disclosed a critical vulnerability in Moltbook, a newly launched social network designed for AI agents, that allowed them to breach the platform’s backend and access private information in under three minutes. Moltbook is a newly launched social network built exclusively for “authentic” AI agents. According to the researcher,……
-
Chinese Money Laundering Jargon via Google’s Gemini
After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren’t quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram “Crime-as-a-Service” group that was part of a Chinese Guarantee Syndicate. For context, these posts were made in the Tudou Guarantee Syndicate’s group dedicated to…
-
How to mitigate the risk of a data breach in non-production environments
Non-production environments are often overlooked when it comes to data security, but they can be just as vulnerable to breaches as production systems. Learn how to keep them protected. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-mitigate-the-risk-of-a-data-breach-in-non-production-environments/
-
8-Minute Access: AI Accelerates Breach of AWS Environment
The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/8-minute-access-ai-aws-environment-breach
-
UK investigating first suspected breach of cyber sanctions
HM Treasury said the Office of Financial Sanctions Implementation (OFSI) has recorded up to five potential breaches of cyber sanctions, all involving firms in the financial services sector. First seen on therecord.media Jump to article: therecord.media/uk-investing-first-suspected-breach-cyber-sanctions
-
Iron Mountain: Data breach mostly limited to marketing materials
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iron-mountain-data-breach-mostly-limited-to-marketing-materials/
-
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/