American Addiction Centers (AAC) has disclosed a data breach that compromised the personal information of 422,424 individuals.
Read MoreOn December 23, 2024, CloudSEK's TRIAD team revealed critical security vulnerabilities in Postman Workspaces, with over 30,000 publicly accessible workspaces leaking sensitive data, such as API keys, access tokens, and administrator credentials.
Read MoreAscension Health is notifying approximately 5.6 million individuals of a ransomware attack in May 2024 that compromised their personal, medical, and payment data. The attack occurred on May 8, causing significant service disruptions that led hospitals to revert to downtime procedures and divert emergency services.
Read MoreMcDonald’s India patched critical API vulnerabilities in its McDelivery system that could have enabled free orders, data theft, and driver information leaks.
Read MoreCybersecurity researcher Jeremiah Fowler uncovered a 1.2TB misconfigured database from Builder.ai, exposing over 3 million records without authentication or passwords.
Read MoreThe US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies to patch a critical vulnerability in BeyondTrust's remote access products by December 27. The vulnerability, CVE-2024-12356, is a command injection flaw (CVSS score of 9.8) that can be exploited without authentication and has been actively exploited in the wild.
Read MoreThe Play ransomware group has claimed responsibility for a data breach at Krispy Kreme, threatening to release sensitive internal company data within two days. Known for its double-extortion model, the group exfiltrates and encrypts data, pressuring victims to meet ransom demands or face public exposure of stolen information.
Read MoreAs cryptocurrency adoption grows, so do scams targeting investors and traders. Common threats include phishing, malware, Ponzi schemes, fake wallets, and pump-and-dump frauds. Scammers exploit trust and technical vulnerabilities, often using advanced tactics like deepfakes, fake apps, and AI-generated phishing campaigns.
Read MoreEarth Koshchei, also known as APT29 or Midnight Blizzard, has been linked to a sophisticated rogue Remote Desktop Protocol (RDP) campaign aimed at espionage and data theft. Using tools like commercial VPNs, TOR, and residential proxies, the group obscures their activities to evade detection and attribution.
Read MoreLKQ Corporation, a leading US auto parts provider with 45,000 employees across 1,600 locations globally, disclosed a cyberattack affecting a Canadian business unit. Unauthorized access to IT systems was detected on November 13, causing disruptions for a few weeks, though operations have largely recovered.
Read MoreThe ransomware group Cicada3301 has claimed responsibility for breaching Concession Peugeot, a French automotive dealership, stealing 35GB of sensitive data, including invoices, internal communications, and passport copies.
Read MoreYianni Charalambous, a renowned luxury car customizer in England, is working to make a Tesla Cybertruck road-legal in the UK, which would mark the first such approval in the country.
Read More
