Dell
September 25, 2024
•[ leak, technology ]
The threat actor going by the handle of 'grep' claims to have breached Dell for the third time and leaks 500 MB of sensitive data.
Deloitte
September 24, 2024
•[ leak, misconfiguration, technology ]
The threat actor known as IntelBroker announces late last week on the BreachForums cybercrime forum the availability of internal communications obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. However the company replies that there is no thret to sensitive data.
Lebanon’s telecoms networks
September 23, 2024
•[ hack, technology ]
Israeli military officials warn residents in southern Lebanon and parts of Beirut to evacuate villages and neighbourhoods, sparking concerns that Israel had hacked into its northern neighbours telecommunications networks.
Dell
September 22, 2024
•[ hack, technology ]
Grep, the threat actor who claimed to have breached Dell, now claims to have breached the same company again.
Dell
September 19, 2024
•[ leak, technology ]
Dell confirms to be investigating recent claims that it suffered a data breach after a threat actor dubbed "grep" leaked the data for over 10,000 employees.
Muah.AI
September 17, 2024
•[ leak, technology ]
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
Experience Engine
September 16, 2024
•[ leak, technology ]
The threat actor known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.
Radio Geretsried
September 15, 2024
•[ ransomware, malware, technology ]
Radio Geretsried, a local station in Germany, has blamed unknown attackers from Russia after an apparent ransomware incident left it broadcasting music from emergency backups.
Fortinet
September 12, 2024
•[ leak, misconfiguration, technology ]
Fortinet confirms it suffered a data breach after a threat actor with the moniker of "Fortibitch" claims to have stolen 440GB of files from the company's Microsoft Sharepoint server.
Cisco
September 4, 2024
•[ leak, malware, technology ]
Ciscos site for selling company-themed merchandise is offline and under maintenance due to threat actors compromising it with JavaScript code that steals sensitive customer details provided at checkout exploiting CVE-2024-34102.
VK
September 3, 2024
•[ leak, technology ]
A threat actor using the alias HikkI-Chan leaks the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. The data was stolen from a third-party.
Tracelo
September 2, 2024
•[ leak, technology ]
A threat actor using the alias Satanic claims to have breached Tracelo, a smartphone geolocation tracking service. As a result, the hacker has leaked the personal details of over 1.4 million individuals (1,459,014) on the notorious Breach Forums.
Fur Affinity
August 22, 2024
•[ hack, phishing, technology ]
Fur Affinity, a popular social networking website for the furry community, is compromised, after threat actors successfully gained control of the websites domain, redirecting users to phishing sites, crypto scams and other malicious content.
Zee Media Corporation Limited
August 21, 2024
•[ hack, misconfiguration, technology ]
A group of Bangladeshi hacktivists, operating under the alias SYSTEMADMINBD, defaces the official website of Zee Media Corporation Limited, accusing the media giant of making fun of the situation in Bangladesh, referring to the ongoing floods caused by heavy rainfall.
MC2 Data
August 18, 2024
•[ leak, misconfiguration, technology ]
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
Multiple organizations
August 15, 2024
•[ hack, misconfiguration, technology ]
Researchers at Sysdig discover a large-scale malicious operation named "EmeraldWhale" scanning for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.
Explore Talent (August 2024)
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.
Tracki
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
X
August 12, 2024
•[ hack, technology ]
Elon Musks interview with US Presidential candidate Donald Trump on the X social media platform is impacted by technical glitches and what is a cyberattack.
Not SOCRadar
August 3, 2024
•[ leak, misconfiguration, technology ]
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
