All Malware Data Breach Privacy APT Vulnerability General
Krebs on Security Data Breach

Lessons Learned from CISA’s Recent GitHub Leak

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by Kr

Dark Reading Data Breach

Attackers Seize Exposed AI Endpoints to Power Offensive Ops

Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.

Dark Reading Data Breach

'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows

The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.

Dark Reading Data Breach

Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.

The Hacker News Data Breach

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been insta

The Hacker News Data Breach

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken into, but the expo

The Hacker News Data Breach

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environment

The Hacker News Data Breach

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separa

The Hacker News Data Breach

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries.

Krebs on Security Data Breach

Canvas Breach Disrupts Schools & Colleges Nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand tha

Dark Reading Data Breach

If AI's So Smart, Why Does It Keep Deleting Production Databases?

The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testing.

Dark Reading Data Breach

76% of All Crypto Stolen in 2026 Is Now in North Korea

North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.

1 2 3 ... 7 Next