Instructure
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. [...]
Technology & Software Data Breaches (1146 indexed)
Linux Kernel
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability — Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
Cybercrime Groups Using Vishing and
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.
WebPros cPanel & WHM and WP2 (WordPress Squared)
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability — WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerabil
SAP npm package attack highlights
A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affecte
Polymarket Rejects Data Breach Claims
A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.
ShinyHunters exploit Anodot incident to
The video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails. Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provide
Microsoft Windows
Microsoft Windows Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
ConnectWise ScreenConnect
ConnectWise ScreenConnect Path Traversal Vulnerability — ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and cri
ShinyHunters Leaks Data of Udemy,
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.
Pitney Bowes
8,243,989 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
PyPI package with 1.1M monthly downloads
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
Samsung MagicINFO 9 Server
Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
SimpleHelp SimpleHelp
SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be
Carnival
7,531,359 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 3 more
D-Link DIR-823X
D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to
SimpleHelp SimpleHelp
SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).
Bitwarden CLI password manager trojanized
Researchers warn of a new software supply chain attack that resulted in a malicious version of Bitwarden CLI, the terminal version of the extremely popular open-source password manager. The attack is believed to be relat
Marimo Marimo
Marimo Remote Code Execution Vulnerability — Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
RAMP Uncovered
Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alon
New Checkmarx supply-chain breach affects
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
Microsoft Defender
Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr
BlueLeaks 2.0
Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about
Self-Propagating Supply Chain Worm Hijacks
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been