Topic: data exposure
-
Your Employees Are Leaking Secrets to AI—And They Can't Get Them Back
Employees are increasingly inputting sensitive corporate data into public AI platforms, often without the ability to recover or delete it, and many organizations lack technical measures to monitor or restrict this behavior. A significant gap exists between leadership's perceived oversight and act...
Read More » -
India's Income Tax Portal Security Flaw Exposed Taxpayer Data
A security flaw on India's official income tax e-Filing portal allowed logged-in users to access other taxpayers' confidential data, including bank details and government ID numbers, by manipulating web requests. The vulnerability, identified as an insecure direct object reference (IDOR), was rep...
Read More » -
Adobe Analytics Bug Exposed Customer Data to Other Users
A software bug during a system upgrade on September 17, 2025, caused Adobe Analytics to inadvertently share customer data across different organizational accounts, affecting 3-5% of collected data. The incident impacted multiple Adobe services, including Data Collection and Customer Journey Analy...
Read More » -
17 Million Hit by Prosper Data Breach Exposing Personal Info
A data breach at Prosper exposed the personal information of about 17.6 million customers, including sensitive details like names, Social Security numbers, and government IDs. The breach was caused by unauthorized database queries, but the company quickly revoked access and reported no disruption...
Read More » -
WestJet Data Breach Impacts 1.2 Million Travelers
WestJet experienced a data breach affecting approximately 1.2 million travelers, exposing personal details like names, addresses, and sensitive travel documents such as passports, but no payment card information was stolen. The breach resulted from hackers using social engineering to access an em...
Read More » -
Neon App Shut Down After Major Security Breach Exposes User Data
The Neon app, which paid users to record calls for AI data sales, was abruptly taken offline after a major security breach exposed all users' private call recordings, transcripts, and phone numbers. A critical vulnerability allowed any logged-in user to access others' sensitive data due to a lack...
Read More » -
SonicWall Urges Password Reset Following Security Breach
SonicWall has advised customers to reset passwords after detecting unauthorized access to firewall configuration backup files in some MySonicWall accounts, which contain sensitive data like credentials and tokens. The company confirmed this was not a ransomware attack but a series of targeted bru...
Read More » -
Old Windows Flaws Still Leak Your Passwords
Outdated Windows protocols like LLMNR and NBT-NS pose a security threat by allowing credential theft through inherent design flaws, not software vulnerabilities, as they automatically trust any responding device on the network. Attackers can use tools like Responder to intercept authentication da...
Read More » -
A Dangerous Worm Is Infecting Software Packages
A self-replicating worm named Shai-Hulud has infected hundreds of open-source JavaScript packages on NPM, actively seeking credentials to spread further and escalating software supply chain risks. Major U.S. tech firms like IBM and Microsoft have supplied surveillance technology to China, support...
Read More » -
AI Adoption Fuels Surge in Critical Security Flaws
A significant surge in hardware, API, and network vulnerabilities is creating unprecedented risks, driven by IoT proliferation and resulting in an 88% increase in hardware flaws and a doubling of network vulnerabilities. The rapid integration of AI into software development is expanding the attac...
Read More » -
Weak Passwords Caused Ascension's Catastrophic Data Breach
A call for an FTC investigation into Microsoft's cybersecurity has highlighted Ascension's own security failures, including weak passwords that enabled a ransomware attack. The breach began when a contractor downloaded malware via Bing, allowing attackers to compromise Ascension's Active Director...
Read More » -
Massive Data Breach Exposes 31,000 in South Carolina Schools
A South Carolina school district experienced a cybersecurity breach potentially affecting over 31,000 individuals, compromising sensitive data including Social Security numbers and financial information. The district responded by engaging cybersecurity experts, offering affected individuals free ...
Read More » -
AI Ignites the Next Generation of Browser Wars
OpenAI's Atlas browser, powered by ChatGPT, introduces natural language web surfing and autonomous task completion, marking a significant shift in browser technology. Security vulnerabilities in Atlas could compromise sensitive user information, highlighting the challenge of balancing innovation ...
Read More » -
SonicWall Firewall Backups Compromised by Attackers
SonicWall confirmed that attackers used brute-force methods to access its cloud backup API, compromising configuration backup files for all customers who used the service, contradicting earlier statements about a limited impact. The compromised files contain sensitive data like network settings, ...
Read More » -
Red Hat Admits GitLab Hack, User Data Stolen
Red Hat confirmed a security breach of an internal GitLab system used by its Consulting team, initially misreported as targeting GitHub, where a cybercriminal group claimed to have stolen substantial proprietary data. The attackers, Crimson Collective, allegedly exfiltrated around 570 GB of compr...
Read More » -
OnePlus SMS Vulnerability Puts Your Phone at Risk
A serious security vulnerability in OnePlus smartphones running OxygenOS 12 or newer allows apps to silently access SMS and MMS messages without user permission, posing a major privacy risk. The flaw stems from OnePlus's modifications to an Android core component and has been acknowledged by the ...
Read More » -
Prosper Data Breach Exposes 17.6 Million Accounts
Prosper, a peer-to-peer lending platform, experienced a data breach compromising the personal details of approximately 17.6 million individuals, including current customers and loan applicants. Sensitive information such as Social Security numbers, names, addresses, and financial data was exfiltr...
Read More »
