Pitney Bowes
8,243,989 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
Latest Disclosures
Home security giant ADT data
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I B
Widely Used Browser Extensions Selling
Dozens of browser extensions openly sell user data via privacy policy disclosures
82 Chrome Extensions Found Selling
LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices.
Medtronic
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]
Major critical infrastructure supplier
Itron, which makes devices that measure energy usage and control other infrastructure, said its operations were continuing, despite the intrusion.
LINKEDIN BROWSERGATE
BrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergat
ShinyHunters Leaks Data of Udemy,
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.
BlackFile Group Targets Retail and
Researchers uncover a new data theft and extortion group dubbed “BlackFile”
Vidar Infostealer Spreads via Fake
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.
ADT
5,488,888 records exposed — Dates of birth, Email addresses, Names, Partial government issued IDs and 2 more
Regulator fines Fidelity Brokerage Services
Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that re
Medtronic
Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to
Energy and Water Management Firm
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13. The post Energy and Water Management Firm Itron Hacked appeared first on SecurityWeek.
PyPI package with 1.1M monthly downloads
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
Udemy
1,401,259 records exposed — Email addresses, Employers, Job titles, Names and 3 more
TH: Hacker steals personal data
The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in
KR: Data of 100,000 leaked
Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after
D-Link DIR-823X
D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to
SimpleHelp SimpleHelp
SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).
Samsung MagicINFO 9 Server
Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
In Other News
Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security. The post In Other News: Unauthorized Mythos Access, Planke
Hasbro expects March cyberattack to
The toy maker is reviewing files and working to fully bring certain systems back online. The company will incur some costs related to the investigation.
SimpleHelp SimpleHelp
SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be