Category: data breach
-
Smashing Security podcast #470: This AI security flaw might be impossible to fix
Smashing Security podcast #470: This AI security flaw might be impossible to fix A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers…
-
Police arrest man following hack of Ajax football club
Police arrest man following hack of Ajax football club Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog. Graham Cluley…
-
MyPillow listed on ransomware gang’s leak site, but denies it has been breached
MyPillow listed on ransomware gang’s leak site, but denies it has been breached A notorious ransomware gang claims to have stolen MyPillow’s private data, but CEO Mike Lindell calls it a politically motivated “hit job.” With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article…
-
Smashing Security podcast #469: What your Oura ring won’t tell you
Smashing Security podcast #469: What your Oura ring won’t tell you CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and…
-
Defenders fall behind, as AI rewrites the rules of a data breach
Defenders fall behind, as AI rewrites the rules of a data breach For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that’s no longer the case. Read more in my article on the Fortra blog. Graham Cluley Go…
-
CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository
CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository A major security lapse has exposed highly sensitive U.S. government cloud credentials after a contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) accidentally published them in a public GitHub repository. The repository, named “Private-CISA,” remained publicly accessible until mid-May 2026 and contained a…
-
Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase
Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase A threat actor infiltrated Grafana Labs’ GitHub environment, stealing a privileged token to download the company’s private codebase, and then attempted to extort the open-source observability giant with an unanswered ransom demand. Grafana Labs disclosed on May 16, 2026, that an unauthorized party obtained…
-
When ransomware gets physical: cybercriminals turn to threats of violence
When ransomware gets physical: cybercriminals turn to threats of violence Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed.…
-
NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users
NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users A data breach at GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming service provider operating under “GFN CLOUD INTERNET SERVICES” LLC, has exposed personal information belonging to registered users. The company disclosed the incident on May 5, 2026, revealing that unauthorized access to its database…
-
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read…
-
Trellix Source Code Breach – Hackers Gain Unauthorized Access to Repository
Trellix Source Code Breach – Hackers Gain Unauthorized Access to Repository Cybersecurity giant Trellix has disclosed a significant security incident involving unauthorized access to a portion of its source code repository. The company confirmed the breach in an official statement published on its website, stating it immediately engaged leading forensic experts upon discovering the intrusion.…
-
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Alleged Silk Typhoon hacker extradited to the United States to face charges
Alleged Silk Typhoon hacker extradited to the United States to face charges A man accused of working as a hacker for China’s Ministry of State Security has been extradited to the USA from Italy, and faces – if found guilty – the prospect of decades behind bars. Read more in my article on the Hot…
-
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of…
-
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western…
-
ADT Confirms Data Breach Following ShinyHunters Data Leak Claim
ADT Confirms Data Breach Following ShinyHunters Data Leak Claim Home security giant ADT Inc. has confirmed a data breach after the notorious threat group ShinyHunters claimed to have stolen over 10 million records and issued a ransom ultimatum — “Pay or Leak.” ADT, headquartered in Boca Raton, Florida, disclosed the incident via a Form 8-K…
-
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not A company that ran anonymous tip lines for 35,000 American schools – handling reports of bullying, weapons, and self-harm – boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called…
-
Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say
Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say Freelance service platform Fiverr is facing a significant privacy incident after researchers discovered that sensitive customer files are publicly accessible and indexed by Google search. According to a recent disclosure on Hacker News, an insecure file-hosting configuration has exposed personal identifiable information (PII), including completed…
-
Sometimes changing the password on your email mailbox isn’t enough
Sometimes changing the password on your email mailbox isn’t enough Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the…
-
CERT-EU Confirms Trivy Supply Chain Attack Led to European Commission AWS Breach
CERT-EU Confirms Trivy Supply Chain Attack Led to European Commission AWS Breach The European Commission’s primary web platform, “europa.eu,” recently suffered a severe data breach stemming from a supply-chain compromise involving the popular open-source vulnerability scanner, Trivy. On April 3, 2026, CERT-EU published an official advisory detailing how a threat actor known as TeamPCP exploited…
-
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a fortune worth $400 million. There’s just one small problem: the access codes were tucked inside his fishing rod case,…
-
Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft
Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft Mercor AI has officially confirmed a severe data breach following claims by the notorious Lapsus$ hacking group that they stole 4 terabytes of sensitive company data. The incident, stemming from a recent supply chain attack on the open-source LiteLLM project, has exposed proprietary…
-
Iranian hackers breach FBI director’s personal email, and post his CV and photos online
Iranian hackers breach FBI director’s personal email, and post his CV and photos online It’s not every day that you read that the head of America’s top law enforcement agency has been hacked, but then – these aren’t ordinary times. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
World Leaks data extortion: What you need to know
World Leaks data extortion: What you need to know World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called…
-
Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data
Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data A threat actor has allegedly exfiltrated approximately 100 GB of personally identifiable information (PII) from Crunchyroll, the Sony-owned anime streaming giant, after gaining access through a compromised employee at the platform’s outsourcing partner, Telus. The breach, which reportedly occurred on March…
-
Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients
Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients TriZetto Provider Solutions, a healthcare technology subsidiary of the IT services giant Cognizant, has officially disclosed a massive cybersecurity data breach affecting the sensitive health information of 3,433,965 patients. The healthcare organization recently filed a formal data breach notification revealing that malicious threat actors…
-
1 Million Records from Dutch Telco Odido Published Online After Extortion Attempt
1 Million Records from Dutch Telco Odido Published Online After Extortion Attempt A major data breach has hit Odido, one of the Netherlands’ prominent telecommunications providers, with cybercriminals publishing over one million customer records online following a failed extortion attempt in February 2026. The threat actor group ShinyHunters is believed to be behind the attack,…
-
ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido
ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido The notorious cybercriminal group has claimed responsibility for a massive data breach targeting the Dutch telecommunications company Odido and its brand BEN. The group ShinyHunters claims to have stolen 21 million records from 8 million customers, suggesting the incident is far more severe than previously…
-
PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months
PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months PayPal has issued a formal data breach notification disclosing that a coding error in its PayPal Working Capital (PPWC) loan application exposed the personally identifiable information (PII) of an undisclosed number of customers for approximately six months, from July 1, 2025,…
-
Dutch police arrest man for “hacking” after accidentally sending him confidential files
Dutch police arrest man for “hacking” after accidentally sending him confidential files Police in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking… after police officers accidentally sent him a link granting him access to their own confidential documents Read more in my article on the Hot for Security blog. Graham…
-
Odido Telecom Suffers Cyberattack – 6.2 Million Customer Accounts Affected
Odido Telecom Suffers Cyberattack – 6.2 Million Customer Accounts Affected Odido Telecom, a leading Dutch telecommunications provider, confirmed on February 12, 2026, that hackers accessed personal data from 6.2 million customer accounts in a major cyberattack. The breach, detected over the February 7-8 weekend, has raised alarms about phishing risks despite no disruption to services.…
-
Polish hacker charged seven years after massive Morele.net data breach
Polish hacker charged seven years after massive Morele.net data breach A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
AI Chat App Exposes 300 Million Messages from 25 Million Users
AI Chat App Exposes 300 Million Messages from 25 Million Users The popular mobile application “Chat & Ask AI” has inadvertently exposed hundreds of millions of private user conversations. The app, which boasts over 50 million users across the Google Play and Apple App stores, failed to secure its backend database, allowing unauthorized access to…
-
Nike Allegedly Hacked by WorldLeaks Ransomware Group
Nike Allegedly Hacked by WorldLeaks Ransomware Group Athletic footwear and apparel manufacturer Nike has become the latest victim of WorldLeaks, a financially motivated ransomware group known for data extortion attacks. The group announced the breach on its darknet leak site on January 22, claiming responsibility for the incident and threatening to release stolen data on…
-
European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data
European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data It has just been a few weeks since reports emerged of the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse. Read more in my article on the Hot for Security blog.…
-
Smashing Security podcast #451: I hacked the government, and your headphones are next
Smashing Security podcast #451: I hacked the government, and your headphones are next In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss…
-
Hackers get hacked, as BreachForums database is leaked
Hackers get hacked, as BreachForums database is leaked Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Data Breach at Texas Gas Station Operator Exposes Info of 377,000+ Customers
Data Breach at Texas Gas Station Operator Exposes Info of 377,000+ Customers A cybersecurity incident at Gulshan Management Services, Inc., a gas station operator based in Sugar Land, Texas, has compromised the personal information of over 377,000 customers. The breach, discovered on September 27, 2025, exposed sensitive data over 10 days from September 17 to…
-
Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts
Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts A significant security breach has compromised approximately 17.5 million Instagram user accounts, exposing sensitive personal information that is now circulating on the dark web. The incident reported earlier this week by cybersecurity firm Malwarebytes raised urgent concerns about user privacy and account security. What Data Was…
-
pcTattletale founder pleads guilty in rare stalkerware prosecution
pcTattletale founder pleads guilty in rare stalkerware prosecution The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges – marking one of the few successful US prosecutions of a stalkerware operator. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Crimson Collective Claims to have Disconnected Many Brightspeed Home Internet Users
Crimson Collective Claims to have Disconnected Many Brightspeed Home Internet Users Crimson Collective, an emerging extortion group, claims to have breached U.S. fiber broadband provider Brightspeed, stealing data on over 1 million residential customers and disconnecting many from home internet service. The group posted screenshots on Telegram detailing the alleged compromise and urging Brightspeed employees…
-
Coinbase insider who sold customer data to criminals arrested in India
Coinbase insider who sold customer data to criminals arrested in India Police in India have arrested a former Coinbase customer service agent who is believed to have been bribed by cybercriminal gangs to access sensitive customer information. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Condé Nast, the parent company. The threat actor “Lovely” claims this is just the start, promising to release up to 40 million more records from brands like…
-
Spotify Music Library With 86M Music Files Scraped by Hacktivist Group
Spotify Music Library With 86M Music Files Scraped by Hacktivist Group The shadow library known as Anna’s Archive has executed a massive scrape of Spotify, releasing a torrent collection containing approximately 86 million audio tracks and metadata for 256 million songs. The group, which typically focuses on archiving academic papers and books, claims this unauthorized…
-
University of Sydney Hacked – Students and Staff Data Exposed
University of Sydney Hacked – Students and Staff Data Exposed The University of Sydney has confirmed a significant data breach affecting thousands of current and former staff members, as well as students and alums. In a message to the university community, Vice-President (Operations) Nicole Gower revealed that suspicious activity was detected in an online IT…
-
Smashing Security podcast #448: The Kindle that got pwned
Smashing Security podcast #448: The Kindle that got pwned Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an attacker break into your account and seize control of your credit card. Plus a…
-
SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data
SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data SoundCloud has confirmed a security incident involving unauthorized access to user data, revealing that hackers exfiltrated email addresses and public profile information from approximately 20% of its user base. The company disclosed the breach in a transparency blog post on December 15, 2025, emphasizing that…
-
PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen
PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen The notorious hacking collective ShinyHunters has claimed responsibility for a major data breach at Mixpanel, a popular analytics provider, exposing limited user data tied to Pornhub Premium accounts. The incident, which has only affected select Premium subscribers, has raised concerns within the cybersecurity community. Although…
-
Gartner tells businesses to block AI browsers now
Gartner tells businesses to block AI browsers now Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked “for the foreseeable future.” Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Four years later, Irish health service offers €750 to victims of ransomware attack
Four years later, Irish health service offers €750 to victims of ransomware attack Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021? Four years on, and it seems victims who had their data exposed will finally receive compensation. Read more in my article on the Hot for Security blog.…
-
Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack
Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack A leading contract research organization specializing in pharmaceutical drug discovery and development services disclosed a significant data breach stemming from a ransomware attack that occurred in early August 2025. The Inotiv company announced the cybersecurity incident in its fiscal 2025 financial results disclosure. Revealing that threat…
-
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in…
-
Asahi cyber attack spirals into massive data breach impacting almost 2 million people
Asahi cyber attack spirals into massive data breach impacting almost 2 million people Asahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data breach that affects more than 1.5 million customers and approximately 275,000…
-
Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data
Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data A threat actor known as “zestix” has claimed responsibility for a significant data breach affecting Mercedes-Benz USA (MBUSA), allegedly exfiltrating 18.3 GB of sensitive legal and customer information. The threat actor posted the dataset for sale on a dark web forum, pricing the complete…
-
French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls
French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls The French Football Federation (FFF) has confirmed a significant cybersecurity incident resulting in the theft of personal data belonging to members and licensees. The federation revealed that cybercriminals had infiltrated the centralized administrative software used by football clubs across the country to…
-
Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach
Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach The company has agreed to pay a $1.5 million fine to settle a Federal Communications Commission investigation into a data breach that exposed personal information from over 237,000 customers. Reuters reports that the FCC announced the settlement on…
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. Read more in my article…
-
OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed
OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API product. The company emphasized transparency in its announcement, assuring users that the breach did not compromise…
-
Smashing Security podcast #445: The hack that brought back the zombie apocalypse
Smashing Security podcast #445: The hack that brought back the zombie apocalypse America’s airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.…
-
Shadow AI security breaches will hit 40% of all companies by 2030, warns Gartner
Shadow AI security breaches will hit 40% of all companies by 2030, warns Gartner Shadow AI – the use of artificial intelligence tools by employees without a company’s approval and oversight – is becoming a significant cybersecurity risk. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Salesforce Confirms that Customers’ Data Was Accessed Following the Gainsight Breach
Salesforce Confirms that Customers’ Data Was Accessed Following the Gainsight Breach Salesforce has issued a critical security alert identifying “unusual activity” involving Gainsight-published applications connected to customer environments. The CRM giant’s investigation indicates that this activity may have enabled unauthorized access to Salesforce data through the applications’ external connections. In an immediate response to contain…
-
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that?
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that? Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. We examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig…
-
A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research
A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research One of the sad truths about this world of seemingly endless hacks and data breaches is that companies just won’t apologise. Even when customers, partners, and employees are left wondering when their data will be published by…
-
Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach
Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach The notorious Everest ransomware group has claimed responsibility for a major cyber breach against Under Armour, the global sportswear giant, alleging the theft of 343 GB of internal data that could impact millions of customers and employees worldwide. The announcement,…
-
Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack
Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied to CVE-2025-61882, marks another high-profile victim in Cl0P’s relentless assault on organizations using Oracle’s enterprise…
-
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know Many of the world’s top artificial intelligence companies are making a simple but dangerous mistake. They are accidentally publishing their passwords and digital keys on GitHub, the popular code-sharing website that is used by millions of developers…
-
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach
Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach The notorious Akira ransomware group announced on October 29, 2025, that it successfully breached the systems of Apache OpenOffice, exfiltrating a staggering 23 gigabytes of sensitive corporate data. The group, known for its aggressive double-extortion tactics, posted details on its dark web leak site,…
-
The human cost of the UK Government’s Afghan data leak
The human cost of the UK Government’s Afghan data leak Can data leaks do real harm? Yes, they can. And so can a failure to respond appropriately. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull…
-
Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen
Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in retail data security. In emails dispatched to affected individuals this morning, the popular toy retailer revealed that unauthorized…
-
John Bolton charged over classified emails after Iranian hack of his AOL account
John Bolton charged over classified emails after Iranian hack of his AOL account Former US national security adviser John Bolton is the latest in a line of Donald Trump’s critics to find themselves on the sharp end of charges from the US Department of Justice. Bolton, who left the White Hose in 2021 and wrote…
-
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign
American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS). The breach, first highlighted by the notorious Clop ransomware group, underscores the growing risks facing enterprise software in the aviation sector.…
-
BreachForums seized, but hackers say they will still leak Salesforce data
BreachForums seized, but hackers say they will still leak Salesforce data Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience
Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience Your computer’s mouse might not be as innocent as it looks – and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into…
-
Salesforce data breach: what you need to know
Salesforce data breach: what you need to know The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Discord users’ data stolen by hackers in third-party data breach
Discord users’ data stolen by hackers in third-party data breach Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click
New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft. Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL to extract…
-
Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked
Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs. The incident did not compromise Discord’s main systems, and the unauthorized access…
-
Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site
Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site A cybercrime collective known as Scattered LAPSUS$ Hunters has launched a new data leak site on the dark web, claiming it holds nearly one billion records from Salesforce customers. The group is orchestrating a widespread blackmail campaign, setting a ransom deadline of October 10,…
-
Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories
Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories An extortion group known as the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories. This data theft is being regarded as one of the most significant…
-
Smashing Security podcast #437: Salesforce’s trusted domain of doom
Smashing Security podcast #437: Salesforce’s trusted domain of doom Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communicationss still default…
-
Hackers Breach Active Directory to Exfiltrate NTDS.dit Leads to Full Domain and Credential Compromise
Hackers Breach Active Directory to Exfiltrate NTDS.dit Leads to Full Domain and Credential Compromise Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise. Attackers leveraged native Windows utilities to dump and exfiltrate NTDS.dit,…
-
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai…
-
INC ransomware: what you need to know
INC ransomware: what you need to know INC is the name of a ransomware-as-a-service (RaaS) operation that first appeared in late summer 2023. Learn more about what it has been up to, and how to protect against its attacks, in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
European Airport Disruptions Caused by Sophisticated Ransomware Attack
European Airport Disruptions Caused by Sophisticated Ransomware Attack Over the weekend, a sophisticated ransomware attack compromised Collins Aerospace’s Muse check-in and boarding systems, forcing key hubs including Heathrow, Brussels, and Berlin to return to manual processes. Airlines reported hundreds of delayed and cancelled flights as security teams raced to contain the breach, restore encrypted data,…
-
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach 28-year-old Daniel Lee Newhard, an American citizen living in Estonia, has been charged in relation to the notorious hack of Vastaamo, the biggest data breach in Finnish history. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
“Pompompurin” resentenced: BreachForums creator heads back behind bars
“Pompompurin” resentenced: BreachForums creator heads back behind bars Conor Brian Fitzpatrick, the creator of the notorious BreachForums hacking forum, has been resentenced to three years in prison after a US appeals court overturned his prior sentence of time served and 20 years of supervised release. Read more in my article on the Hot for Security…
-
FinWise Insider Breach Exposes 700K Customer Records to Former Employee
FinWise Insider Breach Exposes 700K Customer Records to Former Employee American First Finance, LLC, a Dallas-based financial services firm, suffered a significant insider breach when a recently terminated employee exploited unauthorized access to its production database. The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer records nearly 689,000 names, Social…
-
Luxury fashion brands Gucci, Balenciaga and Alexander McQueen hacked – customer data stolen
Luxury fashion brands Gucci, Balenciaga and Alexander McQueen hacked – customer data stolen Luxury fashion group Kering – owner of the prestigious Gucci, Balenciaga, and Alexander McQueen brands, amongst others – has confirmed that hackers stole customer data from its systems in June 2025. Read more in my article on the Hot for Security blog.…
-
Great Firewall of China’s Sensitive Data of Over 500GB+ Leaked Online
Great Firewall of China’s Sensitive Data of Over 500GB+ Leaked Online The Great Firewall of China (GFW) suffered its largest-ever internal data breach. More than 500 GB of sensitive material—including source code, work logs, configuration files, and internal communications—was exfiltrated and published online. The breach stems from Geedge Networks and the MESA Lab at the…
-
British rail passengers urged to stay on guard after hack signals failure
British rail passengers urged to stay on guard after hack signals failure Passengers of the UK’s state-owned London North Eastern Railway (LNER) have been warned to be vigilant after cybercriminals accessed traveller’s contact details and some information about past journeys. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #434: Whopper Hackers, and AI Whoppers
Smashing Security podcast #434: Whopper Hackers, and AI Whoppers Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did – and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon. Meanwhile, over in Silicon…
-
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago American furniture maker Lovesac, known for its modular couches and comfy beanbags, has warned customers that their data was breached by hackers earlier this year, and that they should remain vigilant to the threat of identity theft. Read more in my…
-
HackerOne Confirms Data Breach – Hackers Gained Unauthorized Access To Salesforce Instance
HackerOne Confirms Data Breach – Hackers Gained Unauthorized Access To Salesforce Instance HackerOne has confirmed it was among the companies affected by a recent data breach that provided unauthorized access to its Salesforce instance. The access was gained through a compromise of the third-party application Drift, which Salesloft owns. The bug bounty platform announced the…
-
Dynatrace Confirms Data Breach: Hackers Accessed Customer Data From Salesforce
Dynatrace Confirms Data Breach: Hackers Accessed Customer Data From Salesforce Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact information stored in its Salesforce CRM. The company confirmed that the incident was limited to its CRM platform and did…