Threat Actor: USDoD | USDoD Victim: CrowdStrike | CrowdStrike Price: Not specified Exfiltrated Data Type: Threat actor list and indicators of compromise (IOCs)
Key Points :
The hacktivist group USDoD claims to have breached CrowdStrike, a leading cybersecurity firm. They allege to have exfiltrated CrowdStrike’s entire threat actor list and accompanying indicators of compromise (IOCs).…Threat Actor: Unknown | Unknown Victim: Red Art Games | Red Art Games Price: Not disclosed Exfiltrated Data Type: Personal customer information
Key Points :
Red Art Games announced a large-scale cyberattack compromising customer data. Order processing and returns are suspended during the investigation. The company’s website is currently closed and displays a notification about the attack.…Threat Actor: Oracle | Oracle Victim: 220 million users | 220 million users Price: $115 million Exfiltrated Data Type: User data
Key Points :
Oracle has agreed to pay $115 million to settle a class-action lawsuit regarding improper user data use. The settlement compensates 220 million affected users.…Threat Actor: Unidentified | Unidentified Victim: MSI | MSI Price: Not mentioned Exfiltrated Data Type: Customer information (real names, phone numbers, addresses)
Key Points :
MSI experienced a security breach similar to Zotac, where detailed customer information was leaked due to improper server permissions. Through MSI’s after-sales service site, anyone could download and export user data submitted since 2017, including real names, phone numbers, and addresses.…Threat Actor: Unknown | Unknown Victim: ZOTAC Customers | ZOTAC Price: Not mentioned Exfiltrated Data Type: Customers’ names, phone numbers, email addresses, and shipping addresses
Key Points :
ZOTAC faced a security breach that exposed sensitive customer information. The compromised data includes customers’ personal details such as names, phone numbers, email addresses, and shipping addresses.…Threat Actor: DoNex Ransomware | DoNex Ransomware Victim: Various victims | DoNex Ransomware victims Price: Free Exfiltrated Data Type: N/A
Key Points :
Avast researchers have discovered a critical flaw in the cryptographic schema of DoNex ransomware and its predecessors. The weakness lies in the encryption keys generation and use, allowing Avast to provide a decryptor to DoNex ransomware victims since March 2024.…Threat Actor: Cybercriminals | Cybercriminals Victim: Singaporeans | Singaporeans Price: Varying prices based on source and quality of data Exfiltrated Data Type: Singpass credentials, biometric data, forged documents
Key Points :
Cybercriminals are selling stolen digital identities of Singaporeans on the Dark Web. The trade of sensitive personal information, including Singpass credentials, biometric data, and forged documents, has surged by 230% compared to the previous year.…Threat Actor: Unknown | Unknown Victim: Indian citizens | Indian citizens Price: £6 Exfiltrated Data Type: Sensitive information such as fingerprints, iris records, name, phone number, email address, address, photos, and other data submitted to UIDAI.
Additional Information:
The Aadhaar Citizen Database in India has been sold online for £6.…Threat Actor: Unknown | Unknown Victim: OnePlus | OnePlus Price: Not specified Exfiltrated Data Type: Credit card information
Additional Information :
OnePlus is investigating a leak of credit card information from its official website. Users reported that their credit card information was stolen after making a purchase on the Canadian official website.…Threat Actor: OnePlus | OnePlus Victim: Users of OnePlus devices | OnePlus Price: Not specified Exfiltrated Data Type: User data, including IMEI and manufacturer details
Additional Information :
Security researcher Elliot Alderson discovered a file called “badword.txt” in the OnePlus clipboard application. The file contains a large number of Chinese phrases, suggesting that user data is being sent to Chinese servers without consent.…Threat Actor: Hackers | Hackers Victim: Apple | Apple Price: Not specified Exfiltrated Data Type: iPhone iOS source code
Additional Information:
The leaked iBoot code may be exploited by hackers to find loopholes in the iOS system or jailbreak it. Jonathan Levin, an author of programming books for iOS and macOS systems, described this leak as the biggest in history.…Threat Actor: Cambridge Analytica | Cambridge Analytica Victim: Facebook | Facebook Price: N/A Exfiltrated Data Type: Facebook user data
Additional Information:
The Israeli Justice Ministry has launched an investigation into the leakage of Facebook user data to confirm if Israeli user information was stolen. The Israel Ministry’s Privacy Protection Authority has informed Facebook about the potential illegal “stealing” of personal information and other possible violations of Israel’s privacy laws.…Threat Actor: Cyber hacker suspected to be living in China’s Zhejiang Province | Cyber hacker suspected to be living in China’s Zhejiang Province Victim: Japanese netizens | Japanese netizens Price: $150 Exfiltrated Data Type: Personal identity information (PII)
Additional Information :
The data sets were discovered in early 2017.…Threat Actor: Unknown | Unknown Victim: Dixons Carphone | Dixons Carphone Price: Not specified Exfiltrated Data Type: Customer data
Additional Information:
Dixons Carphone, a UK multinational telecommunications company, announced on the 13th that it is investigating a data breach where customer data has been illegally accessed.…Threat Actor: Facebook, Google, and Microsoft | Facebook, Google, and Microsoft Victim: Norwegian Consumer Council | Norwegian Consumer Council Price: N/A Exfiltrated Data Type: Personal data
Additional Information :
The study found that Facebook, Google, and Microsoft have enabled privacy-intrusive settings by default. These companies use words that can be misunderstood, giving users an illusion of controlling personal data.…Threat Actor: Unknown | Unknown Victim: Reddit | Reddit Price: Not specified Exfiltrated Data Type: Emails and encrypted passwords
Additional Information:
The hacker obtained a copy of an old database backup containing user data from 2005 to May 2007. The stolen data includes email addresses and encrypted passwords.…Threat Actor: Government agencies | Government agencies Victim: Individuals and organizations | Individuals and organizations Price: N/A Exfiltrated Data Type: Various types of data
Additional Information :
Printers can contain trackers that can be used to identify individuals. Government backdoor demands compromise the privacy and security of printers.…Threat Actor: Hackers | hackers Victim: LastPass | LastPass Price: Not specified Exfiltrated Data Type: Software source code and proprietary technical documentation
Additional Information:
LastPass disclosed a security breach in which hackers gained access to portions of the LastPass development environment. The breach was initiated through a single compromised developer account and resulted in the theft of fragments of software source code and proprietary technical documentation.…Threat Actor: Money Message | Money Message Victim: MSI | MSI Price: $4 million ransom Exfiltrated Data Type: Source code
Additional Information:
The cyberattack was perpetrated by the ransomware group Money Message. The attack targeted MSI’s internal systems and exfiltrated 1.5TB of data, mainly comprising source code.…Threat Actor: Unknown | Unknown Victim: Hugging Face | Hugging Face Price: Not specified Exfiltrated Data Type: Spaces secrets
Additional Information:
The security breach affected Hugging Face’s Spaces platform. Unauthorized access to Spaces secrets was detected. A subset of Spaces’ secrets may have been compromised. Hugging Face revoked many HF tokens associated with the potentially accessed secrets.…