All posts in Breach
A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. Malaysia Airlines sent out an email to frequent flyer program members assuring them that there’s “no evidence” their personal data has been misused in the wake of a supply-chain attack via a third-party . . . Read more
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results. Yet another human-related error — this time a flaw in a health department website in the state of Bengal, India — has exposed . . . Read more

Quickbooks malware targets tax data for attackers to sell and use in phishing scams. Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker. Attackers use email to deliver the malware, which the . . . Read more

The threat actors stole data and used Clop’s leaks site to demand money in an extortion scheme, though no ransomware was deployed. Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the . . . Read more
Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs. Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that . . . Read more

In a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.” Yandex – one of Europe’s largest internet companies – is warning of a data breach that compromised 4,887 email accounts. The breach stems from an insider threat. Yandex is the . . . Read more

Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack. Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked . . . Read more

CD Projekt Red was hit with a cyberattack, and the attackers are threatening to release source code for Witcher 3, corporate documents and more. CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the wildly popular Witcher series, has suffered a ransomware attack that could soon result in troves . . . Read more
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated. A threat actor hacked into the computer system of the water treatment facility in Oldsmar, Fla., and . . . Read more
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection. A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext . . . Read more