AI Firm Braintrust Prompts API
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.
Technology & Software Data Breaches (1270 indexed)
BerriAI LiteLLM
BerriAI LiteLLM SQL Injection Vulnerability — BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised acces
Woflow
447,593 records exposed — Email addresses, Names, Phone numbers, Physical addresses
Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with adm
New PCPJack worm steals credentials,
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]
Vimeo data breach
Sergiu Gatlan reports: The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Hav
LegionProxy
10,144 records exposed — Email addresses, Names, Passwords, Purchases
Palo Alto Networks PAN-OS
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un
We Scanned 1 Million Exposed
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM i
Vimeo data breach
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. [...]
Edge browser leaves passwords
A Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the bro
Educational tech firm Instructure data breach may have
Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of
Instructure
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. [...]
Cybercrime Groups Using Vishing and
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.
Linux Kernel
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability — Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
WebPros cPanel & WHM and WP2 (WordPress Squared)
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability — WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerabil
SAP npm package attack highlights
A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affecte
ShinyHunters exploit Anodot incident to
The video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails. Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provide
Polymarket Rejects Data Breach Claims
A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident.
Microsoft Windows
Microsoft Windows Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
ConnectWise ScreenConnect
ConnectWise ScreenConnect Path Traversal Vulnerability — ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and cri
Pitney Bowes
8,243,989 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
PyPI package with 1.1M monthly downloads
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
ShinyHunters Leaks Data of Udemy,
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.