Summary: A recent attack campaign has compromised at least 16 Chrome browser extensions, exposing over 600,000 users to data theft through a sophisticated phishing scheme targeting extension publishers. The attackers exploited OAuth permissions to inject malicious code into legitimate extensions, leading to significant user data exposure.…
Key Points :
A misconfiguration in Cariad’s software exposed the location data of approximately 800,000 electric vehicles. The breach was discovered by the Chaos Computer Club, which reported the vulnerability on November 26th.…Key Points :
ZAGG Inc. experienced a data breach affecting customer credit card data. The breach was caused by a compromise in a third-party application, FreshClick, from e-commerce provider BigCommerce.…Key Points :
Over 30,000 publicly accessible Postman workspaces exposed sensitive information.…Key Points :
A data breach has compromised the CRM database of Kaizen Pharmaceuticals. The incident raises concerns about the security of sensitive customer and corporate information.…Key Points :
A data breach has exposed the personal information of 35 million individuals in Italy. The exposed data includes phone numbers and names, raising privacy concerns.…Key Points :
A data breach has compromised sensitive information from the Xtream.cloud database. The incident raises significant concerns about the security of cloud-based platforms. Exposed data could lead to unauthorized access and phishing attempts.…Summary: Cybersecurity expert Brian Krebs highlights the alarming rise of sophisticated phishing scams that exploit emotional manipulation and technical precision, leading to significant financial losses for victims. The stories of Adam Griffin and Tony illustrate the devastating impact of these attacks on individuals’ cryptocurrency holdings.…
Summary: A sophisticated phishing campaign disguised as Zoom meeting invitations has led to significant cryptocurrency theft, exploiting user trust in communication platforms. The attackers deployed malware that compromised systems and siphoned sensitive data, including cryptocurrency wallets.
Threat Actor: Russian-speaking cybercriminals | Russian-speaking cybercriminals Victim: Cryptocurrency users | cryptocurrency users
Key Point :
Phishing links mimicked legitimate Zoom invitations, directing users to a fraudulent domain.…Summary: A newly discovered SSRF vulnerability in Invoice Ninja could allow attackers to read sensitive files from the host server, posing significant risks to users and organizations. This flaw, tracked as CVE-2024-53353, can be exploited through the platform’s PDF generation feature by both local and low-privileged users.…
Summary: A Brazilian man has been indicted for cyber extortion after allegedly stealing sensitive customer data from a US-based company’s Brazilian subsidiary and demanding a ransom in bitcoin. The case highlights the increasing risks associated with data breaches and cyber threats targeting corporations.…
Key Points :
Data breach exposed sensitive information of approximately 200,000 records. The breach involved the hosting control panel Plesk. Plesk is known for its user-friendly GUI for managing web services.…Key Points :
A data breach has compromised sensitive customer information from Ekonika.ru. The incident raises concerns about the security of user data in the e-commerce industry. Affected users are advised to update passwords and monitor accounts for suspicious activity.…Key Points :
385,000 cleaned and scraped B2B email records were leaked. The leak raises significant concerns about the privacy and security of business correspondence.…Key Points :
A data breach has compromised sensitive information from Tayfa Denizcilik’s database. The incident raises significant concerns about data security in the maritime industry.…Key Points :
A data breach has compromised sensitive information from Suno India’s database. The incident raises concerns about the security of user data and privacy safeguards.…Key Points :
A data breach has compromised sensitive information from Pharmanewsonline.com. The incident raises concerns about data privacy and security in the healthcare industry. Pharmanewsonline.com has not yet issued an official statement regarding the breach.…Key Points :
177,000 records exposed from Cambodia’s governmental platform. Compromised data dates back to 2022. Raises concerns about the security of government-managed databases. Highlights the need for robust cybersecurity measures.…Summary: A critical vulnerability in the libxml2 XML parsing library could enable attackers to exploit systems and access sensitive data. This flaw, tracked as CVE-2024-40896, poses significant risks due to its potential for Remote Code Execution and Denial of Service attacks.
Threat Actor: Unknown | unknown Victim: Various applications | libxml2 applications
Key Point :
The vulnerability affects libxml2 versions prior to 2.11.9, 2.12.9, and 2.13.3.…Summary: North Korean threat actors are leveraging a new malware named OtterCookie in their ongoing Contagious Interview campaign, which targets software developers with fake job offers. This campaign has evolved to include various malware strains, highlighting the attackers’ adaptability and focus on cryptocurrency data theft.…