Key Points :
A data breach at FunFun688.com has compromised the personal data of 130,000 users. The leaked database includes sensitive information such as names, phone numbers, and password hashes.…Key Points :
A data breach has compromised the database of NRJ Mobile, a telecommunications provider in France. The incident raises significant concerns about user privacy and the security of telecommunications data.…Key Points :
A data breach has compromised the official database of Trifecta.com. The breach has exposed sensitive user information, raising privacy concerns. Affected users are advised to update their credentials and enable two-factor authentication.…Key Points :
A reported data breach has compromised the database of Yaaka.fr, exposing sensitive user information. The incident raises serious concerns about the platform’s data security measures and user privacy protection.…Key Points :
Over 30,000 publicly accessible Postman workspaces exposed sensitive data. Data leaks could lead to massive data breaches and unauthorized misuse.…Summary: CrushFTP has issued a critical security advisory regarding a vulnerability (CVE-2024-53552) that could allow attackers to take over user accounts through manipulated password reset links. Users are urged to update to the latest versions immediately to mitigate this risk.
Threat Actor: Cybercriminals | cybercriminals Victim: CrushFTP Users | CrushFTP users
Key Point :
Vulnerability CVE-2024-53552 has a CVSS score of 9.8, indicating high severity.…Summary: The emergence of the Holy League, a hacktivist group formed from the merger of pro-Russian and pro-Palestinian factions, marks a significant shift in cyber warfare targeting Western nations. Their coordinated attacks and sophisticated propaganda highlight their intent to disrupt political and economic systems globally.…
Summary: Security researchers have identified critical vulnerabilities in the WPLMS and VibeBP plugins for WordPress, which could lead to unauthorized access and data breaches. These vulnerabilities have now been patched, but users are urged to update their systems immediately.
Threat Actor: Unknown | unknown Victim: WPLMS and VibeBP Users | WPLMS and VibeBP Users
Key Point :
Critical vulnerabilities included arbitrary file uploads, privilege escalation, and SQL injection.…Summary: A critical command injection vulnerability (CVE-2024-12828) in the widely used web-based system administration tool Webmin could allow attackers to gain control of servers, affecting an estimated one million installations globally. The flaw, which has a CVSS score of 9.9, allows even less-privileged users to escalate their privileges and execute arbitrary code.…
Summary: A critical vulnerability (CVE-2024-30085) in the Windows Cloud Files Mini Filter Driver allows local attackers to escalate privileges to SYSTEM level, posing a significant security risk. The flaw stems from improper validation of user-supplied data, enabling potential exploitation.
Threat Actor: Local Attackers | Local Attackers Victim: Windows 11 Users | Windows 11 Users
Key Point :
Vulnerability rated with a CVSS score of 7.8, indicating a high severity level.…Summary: The Hail Cock botnet, a variant of Mirai, is actively exploiting vulnerabilities in outdated devices like the DigiEver DS-2105 Pro DVR, highlighting the risks associated with unsupported hardware. This botnet employs advanced encryption techniques to evade detection and maintain persistence.
Threat Actor: Hail Cock botnet | Hail Cock botnet Victim: DigiEver DS-2105 Pro DVR | DigiEver DS-2105 Pro DVR
Key Point :
The Hail Cock botnet exploits a remote code execution vulnerability in the DigiEver DS-2105 Pro DVR through the /cgi-bin/cgi_main.cgi…Key Points :
Kiswire.com experienced a data breach in 2024. The breach exposed sensitive corporate and user information. It raises concerns about data privacy and security protocols of global corporate platforms.…Key Points :
A data breach at BrownPacking.com has exposed sensitive information. Exposed data includes Social Security Numbers (SSNs). The incident highlights vulnerabilities in protecting personal and corporate data.…Key Points :
A data breach at Beverly.org compromised sensitive information. 100 data rows, 51 email addresses, and 94 Social Security Numbers were exposed.…Key Points :
A data breach at VESD.net has compromised 3,367 data rows. 110 email addresses were exposed during the incident. 2,709 Social Security Numbers (SSNs) were leaked.…Key Points :
A total of 3,367 data rows were compromised in the breach. 110 email addresses were exposed. 2,709 Social Security Numbers (SSNs) were included in the compromised data.…Key Points :
1,765 data rows compromised, including 1,340 Social Security Numbers. 28 email addresses were also exposed in the breach. The incident raises significant concerns about data privacy and security.…Summary: The Italian Data Protection Authority has imposed a €15 million fine on OpenAI for data protection violations related to ChatGPT, alongside a public awareness campaign about its data collection practices. The investigation revealed failures in legal compliance and age verification mechanisms.…
Summary: A critical vulnerability (CVE-2024-56145) in Craft CMS allows unauthenticated remote code execution due to improper handling of command-line options in a web context. This flaw poses a significant risk to over 150,000 websites using the platform, necessitating immediate updates or mitigations.…
Summary: Flagstar Bank has been fined $3.5 million by the SEC for making misleading statements regarding a cyberattack in 2021 that compromised the personal information of 1.5 million customers. The bank’s failure to disclose the full impact of the breach led to allegations of negligence in its communications.…