Google confirmed that miscreants created a fraudulent account in its Law Enforcement Request System (LERS) portal, which police and other government agencies use to ask for data about Google users. “We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account,” a Google spokesperson told Read more about Google confirms crims accessed portal to share data with cops[…]

Scammers are extorting small businesses worldwide by threatening to flood their Google Maps profiles with fake one-star reviews or demanding payment to remove reviews already posted, according to The New York Times. Fraudsters target service businesses dependent on online ratings — movers, roofers, contractors — demanding hundreds of dollars per incident. The Times story documents Read more about Small Businesses Face a New Threat: Pay Up or Be Flooded With Bad Reviews[…]

Popular media streaming platform Plex has informed its users of yet another data breach, urging them to change their passwords as soon as possible.  Criminals often target media streaming platforms because they deal with sensitive information. Plex has fallen victim to a similar intrusion in the past, and a couple of years ago went through Read more about Plex tells users to reset passwords after new data breach. Again.[…]

Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to its Salesforce instance. Marc Benoit, chief information security officer at PAN, confirmed in a note to clients – seen by The Register – that Read more about Stolen Salesforce Drift OAuth tokens expose Palo Alto customer data[…]

Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information. In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations. TransUnion claimed “no credit information Read more about TransUnion says hackers stole 4.4 million customers’ personal information (breached AGAIN!!!)[…]

China’s Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official. “There’s a good chance this espionage campaign has stolen information from nearly every American,” Michael Machtinger, deputy assistant director for the FBI’s Read more about FBI cyber cop: Salt Typhoon pwned ‘nearly every American’[…]

Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal’s fraud-detection systems. According to the Association of German Banks, the problem hit on Monday when banks noticed a slew of recent unauthorized direct debits from PayPal. The body said the banks Read more about German banks block EUR 10B in ‘unauthorized’ PayPal direct debits[…]

U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 Read more about Farmers Insurance data breach impacts 1.1M people after Salesforce attack[…]

“Sni5Gect [is] a framework that sniffs messages from pre-authentication 5G communication in real-time,” the researchers from the Singapore University of Technology and Design explained of their work, presented this week at the 34th USENIX security bash, “and injects targeted attack payload in downlink communication towards the UE [User Equipment, i.e. a phone].” Designed to take Read more about Boffins release 5G traffic sniffing tool[…]

[…] Zveare, who has found bugs in carmakers’ customer systems and vehicle management systems before, found the flaw earlier this year as part of a weekend project, he told TechCrunch. He said while the security flaws in the portal’s login system was a challenge to find, once he found it, the bugs let him bypass Read more about Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere[…]

Russian hackers took control of a Norwegian dam this year, opening a floodgate and allowing water to flow unnoticed for four hours, Norway’s intelligence service has said. The admission, by the Norwegian Police Security Service (PST), marks the first time that Oslo has formally attributed the cyber-attack in April on Bremanger, western Norway, to Moscow. Read more about Russian hackers seized control of Norwegian dam, spy chief says[…]

European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers’ data stolen by way of a break-in at a third party org. The airlines, which share a parent company, Air France-KLM Group, said in a joint statement that they “detected unusual activity on Read more about KLM, Air France latest major orgs to have data looted[…]

A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company’s computer systems on Monday, Russia’s prosecutor’s office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Read more about Cyberattack on Russian airline Aeroflot causes the cancellation of more than 100 flights[…]

Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack. Lawyers acting on behalf of US-based Allianz Life filed a breach notification with Maine’s attorney general on Saturday, saying the intrusion began on July 16 and was detected a day later. Official Read more about Majority of 1.4M customers caught in Allianz Life data heist[…]

Hacking is hard. Well, sometimes. Other times, you just call up a company’s IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset… and it’s done. Without even verifying your identity. So you use that information to log in to Read more about After $380M hack, Clorox sues its service desk vendor Cognizant for simply giving out passwords[…]

Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove. Ahold Delhaize operates a network of stores in Europe and the US via brands including Food Lion, Stop & Shop and Giant. It also has Read more about Ahold Delhaize says 2.2M affected after cyberattack[…]

[…] , the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned. Our team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed Read more about 16 billion passwords exposed in colossal data breach[…]

https://localmess.github.io/ We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes. These native Android apps receive browsers’ metadata, cookies and commands from the Meta Pixel Read more about Meta, yandex caught spying on android users web activity using Covert Web-to-App Tracking via unprotected Localhost since 2017[…]

A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, Read more about Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump[…]

If you use the internet, you’ve probably had at least some personal information go missing. It’s just the nature of the web. But this latest discovery, as reported by Wired, is something different. Security researcher Jeremiah Fowler found a public online database housing over 180 million records (184,162,718 to be exact) which amounted to more Read more about Someone Found Over 180 Million User Records for all kinds of platforms in an Unprotected Online Database[…]

A “significant amount of personal data” belonging to legal aid applicants dating back to 2010 in the UK was stolen by cybercriminals, the Ministry of Justice (MoJ) confirmed today. The announcement follows the initial news from May 6 of an attack on the UK’s Legal Aid Agency (LAA), an MoJ-sponsored organization that allows legal aid Read more about UK Legal Aid Agency attack involved ‘significant’ data theft[…]

Data breaches are most often the work of external bad actors, but sometimes the call comes from inside the house. Cryptocurrency exchange Coinbase has disclosed that hackers paid off support agents—both employees and contractors located outside the U.S.—who had access to company systems to provide customer data and then demanded a $20 million ransom not Read more about Three Steps Coinbase Users Should Take After a Hack (bribe of support agents) Compromised One Million Accounts[…]

GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure. “On May 5, 2025, Global Crossing Airlines Group learned of unauthorized activity within its computer networks and systems supporting portions of its business applications, which the company determined to be the result of a cybersecurity incident,” Read more about Charter airline helping Trump’s deportation campaign pwned[…]