U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 Read more about Farmers Insurance data breach impacts 1.1M people after Salesforce attack[…]

“Sni5Gect [is] a framework that sniffs messages from pre-authentication 5G communication in real-time,” the researchers from the Singapore University of Technology and Design explained of their work, presented this week at the 34th USENIX security bash, “and injects targeted attack payload in downlink communication towards the UE [User Equipment, i.e. a phone].” Designed to take Read more about Boffins release 5G traffic sniffing tool[…]

[…] Zveare, who has found bugs in carmakers’ customer systems and vehicle management systems before, found the flaw earlier this year as part of a weekend project, he told TechCrunch. He said while the security flaws in the portal’s login system was a challenge to find, once he found it, the bugs let him bypass Read more about Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere[…]

Russian hackers took control of a Norwegian dam this year, opening a floodgate and allowing water to flow unnoticed for four hours, Norway’s intelligence service has said. The admission, by the Norwegian Police Security Service (PST), marks the first time that Oslo has formally attributed the cyber-attack in April on Bremanger, western Norway, to Moscow. Read more about Russian hackers seized control of Norwegian dam, spy chief says[…]

European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers’ data stolen by way of a break-in at a third party org. The airlines, which share a parent company, Air France-KLM Group, said in a joint statement that they “detected unusual activity on Read more about KLM, Air France latest major orgs to have data looted[…]

A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company’s computer systems on Monday, Russia’s prosecutor’s office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Read more about Cyberattack on Russian airline Aeroflot causes the cancellation of more than 100 flights[…]

Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack. Lawyers acting on behalf of US-based Allianz Life filed a breach notification with Maine’s attorney general on Saturday, saying the intrusion began on July 16 and was detected a day later. Official Read more about Majority of 1.4M customers caught in Allianz Life data heist[…]

Hacking is hard. Well, sometimes. Other times, you just call up a company’s IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset… and it’s done. Without even verifying your identity. So you use that information to log in to Read more about After $380M hack, Clorox sues its service desk vendor Cognizant for simply giving out passwords[…]

Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove. Ahold Delhaize operates a network of stores in Europe and the US via brands including Food Lion, Stop & Shop and Giant. It also has Read more about Ahold Delhaize says 2.2M affected after cyberattack[…]

[…] , the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned. Our team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed Read more about 16 billion passwords exposed in colossal data breach[…]

https://localmess.github.io/ We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes. These native Android apps receive browsers’ metadata, cookies and commands from the Meta Pixel Read more about Meta, yandex caught spying on android users web activity using Covert Web-to-App Tracking via unprotected Localhost since 2017[…]

A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, Read more about Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump[…]

If you use the internet, you’ve probably had at least some personal information go missing. It’s just the nature of the web. But this latest discovery, as reported by Wired, is something different. Security researcher Jeremiah Fowler found a public online database housing over 180 million records (184,162,718 to be exact) which amounted to more Read more about Someone Found Over 180 Million User Records for all kinds of platforms in an Unprotected Online Database[…]

A “significant amount of personal data” belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ) confirmed today. The announcement follows the initial news from May 6 of an attack on the UK’s Legal Aid Agency (LAA), an MoJ-sponsored organization that allows legal aid Read more about UK Legal Aid Agency attack involved ‘significant’ data theft[…]

Data breaches are most often the work of external bad actors, but sometimes the call comes from inside the house. Cryptocurrency exchange Coinbase has disclosed that hackers paid off support agents—both employees and contractors located outside the U.S.—who had access to company systems to provide customer data and then demanded a $20 million ransom not Read more about Three Steps Coinbase Users Should Take After a Hack (bribe of support agents) Compromised One Million Accounts[…]

GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure. “On May 5, 2025, Global Crossing Airlines Group learned of unauthorized activity within its computer networks and systems supporting portions of its business applications, which the company determined to be the result of a cybersecurity incident,” Read more about Charter airline helping Trump’s deportation campaign pwned[…]

TeleMessage, a communications app used by former Trump national security adviser Mike Waltz, has suspended services after a reported hack exposed some user messages. The breach follows controversy over Waltz’s use of the app to coordinate military updates, including accidentally adding a journalist to a sensitive Signal group chat. From the report: In an email, Read more about Messaging App Used by Mike Waltz, Trump Deportation Airline GlobalX Both Hacked in Separate Breaches[…]

In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database allegedly belonging to Boulanger Electroménager & Multimédia purportedly exposing 5 Million of their customers. What is Boulanger Electroménager & Multimédia? Boulanger Electroménager & Multimédia is a French company that specializes in the sale of Read more about 1 Million customers from French Boulanger’s Customers Exposed Online for free[…]

[…]The IT break-in occurred between April 20 and April 22, last year, according to a notification filed this month with the US state’s attorney general’s office. California Cryobank spotted unauthorized activity on certain computers on April 21, isolated the affected machines, and launched an investigation. The sperm bank hasn’t disclosed how many individuals were affected, Read more about Personal info feared stolen from sperm bank California Crybank[…]

The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info. The nonprofit, which represents more than 178,000 education professionals in the US state of Pennsylvania, confirmed data was stolen during a July 6 attack. According to The Read more about Cyberattack on nonprofit affects over 500k PA school workers[…]

According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high Read more about Thousands of TP-Link routers have been infected by a botnet to spread malware[…]