There was a way to run malicious code on a dev's device remotely by chaining an old vulnerability with a new one.

"It's not ours," says Okta, suggesting hackers picked the data up elsewhere on the internet.

Unsurprisingly, a scheme which involved developing tools to steal API keys and access Microsoft servers without permission isn’t faring well in a Virginia court.

Brave is getting rid of its Strict fingerprint protection mode, as it's breaking websites and actually making users more identifiable.

GPS data, emails, and employee credentials found publicly accessible following Moonly leak.

AngelSense was leaking names, location data, and more to anyone with a browser and knowledge of the right IP address.

The number of victims is not in the hundreds, they say, but rather in the dozens.

Details of attack are beginning to emerge, as Greylock McKinnon Associates notifies affected individuals.

An unprotected APIsec database was found sitting on the internet, and was subsequently locked down.

Several apps from developer M.A.D Mobile had unprotected image servers that stored private and explicit photos without password protection.

Young Consulting sends out breach notification letters, warning individuals about the breach.

More than a million people had their data stolen, as PandaBuy remains silent.

Data stolen in January 2024 breach is basically being given away, as hacker offers it for $2 and change.

Popular clothing company Halara investigating a potential breach as the hacker shares customer data online.

ClaimPix kept an open database full of sensitive information.

A hacker is selling a database, claiming it was stolen from AT&T years ago, but the telecom giant says it's not theirs.

Attackers accessed AMEOS' network "briefly" despite "extensive" security measures.

IMDataCenter confirmed holding an unprotected database containing millions of PII records.

IntelBroker and friends are selling yet another archive and Cisco is taking notice.

Swedish citizens' and organizations' data exposed in a massive database left exposed on the open web.

Scattered Lapsus$ Hunters are urging victims to step forward and negotiate a deal.

The Internet Archive failed to rotate API keys, which meant attackers still had some level of access.

Someone's compiling data leaked in different breaches, with around 1.2 billion users possibly at risk

Hackers know which numbers are used for Twilio's Authy service, increasing the chances of successful smishing attacks.

Hackers had easy access to people's driver's license info, and more, courtesy of circulating admin credentials.

They're selling it for $5,000 but no one knows where they stole it from.

Job seeker data belonging to Alltech Consulting Services left exposed in online database.

BreachForums leak includes crypto wallets and private messages, allegedly leaked to help criminals improve their opsec.

Along with WordPress websites, dozens of devices were also infected with cryptojackers.

In an apparent advertising stunt, a threat actor is leaking FortiGate data for free.