Skip to main content

Tag: data leak

26 articles

CISA Leak Exposes Gaps in Incident Response, Key Management

CISA Leak Exposes Gaps in Incident Response, Key Management

A staggering 844 MB of sensitive CISA data was left exposed in a public GitHub repository for almost six months, revealing critical gaps in incident response and key management. The leak included admin credentials and plaintext passwords for internal CISA systems, raising serious concerns about security protocols.

Analyst 207
Government office interior with concerned officials in a public records room.

US County Pays $1M to Cyber Extortionists Amid Data Leak Threat

A US county recently made a shocking decision to pay $1 million to cyber extortionists, despite lacking concrete proof that the hackers had deleted the stolen data, after a month-long negotiation that began with a hefty demand of $3 million. The extortion group, Kairos, had threatened to leak sensitive information, prompting the county to make a counteroffer that was ultimately outweighed by the threat.

Analyst 207
GitHub issue page on laptop with public repository and subtle hint of private content exposure.

GitHub Agentic Workflows Exposed to Data Leak Threat via Public Issues

GitHub's Agentic Workflows are vulnerable to a data leak threat, as researchers have demonstrated a clever technique called GitLost that tricks AI agents into spilling private content from secure repositories into public comments. All it takes is a simple public issue to launch the attack, with no stolen credentials or special access required.

Analyst 207
Secure facility interior with a symbolic payment terminal or encrypted data storage device.

US Government Entity Pays $1 Million to Thwart Data Leak

A US government entity was forced to pay a hefty $1 million ransom to prevent a massive data leak, after a group called Kairos threatened to release 1.6 million files unless their demand was met. The payment was the culmination of a month-long negotiation that began with a $3 million opening demand.

Analyst 207
Passport lies on a plain surface surrounded by blurred cannabis dispensary items, hinting at a security breach.

Massive Passport Leak Exposes Sensitive Traveler Data

A staggering leak of almost a million passport records from around the world has put sensitive traveler data at risk. The breach, linked to a low-security ID verification system for cannabis dispensaries, exposed passports as a vulnerable weak point in authentication processes.

Analyst 207
Dimly lit office cubicle with scattered papers, open laptop, and concerned coworkers in the background.

Huntress Insider Leak Exposes Potential Security Breach

A shocking security breach at Huntress has come to light, with a former analyst claiming that a colleague may have compromised the company's integrity by passing sensitive law enforcement communications to a notorious cybercriminal. The explosive allegations have left many questions unanswered about the breach and its potential impact.

Analyst 207
Dimly lit server room with rows of computer servers and storage equipment, some screens displaying abstract interfaces.

Shadow AI Exposes 2,000 Vibe-Coded Apps with Sensitive Data

A shocking discovery by Red Access revealed over 2,000 apps with sensitive corporate, operational, or personal data exposed online, leaving countless organizations vulnerable to risk. These apps, found on popular vibe-coding platforms, were often deployed without basic security controls, granting open access to sensitive information.

Analyst 207
A somber-colored file folder lies on a desk with a blurred computer screen in the background.

US Bank Self-Reports Data Leak to Unauthorized AI App

A US bank has taken swift action, self-reporting a data leak that exposed sensitive customer information to an unauthorized AI app, sparking concerns over the volume and sensitivity of the compromised data. The bank's proactive disclosure to regulators and customers highlights its commitment to transparency in the face of a data-handling lapse.

Analyst 207
Laptop screen on a plain surface with a blurred office background and subtle cloud connection hint.

Instructure Pays Ransom to ShinyHunters to Prevent 3.65TB Canvas Data Leak

In a stunning move, Instructure paid a ransom to the notorious ShinyHunters group to prevent a massive 3.65TB data leak from its Canvas learning-management system. The Utah-based company reached a deal with the hackers, securing the safe return of stolen data and a guarantee that its customers wouldn't be extorted individually.

Analyst 207
Empty college corridor with students and faculty showing subtle concern.

Instructure Discloses Double Breach Amid ShinyHunters' Data Leak Threat

In a shocking security breach, Instructure, the creator of Canvas, revealed not one, but two separate intrusions into its system, leaving thousands of schools and students scrambling for access to crucial course materials during final exams. The breaches come as an extortion group, ShinyHunters, threatens to leak a massive 3.65 TB of stolen data.

Analyst 207
Rows of computer servers with flickering screens and dimmed lights suggest a breach or disruption in a technology company's…

RansomHouse Hackers Claim Breach of Trellix Source Code

Trellix has confirmed a breach of its source code repository, with hackers from the notorious RansomHouse group claiming to have accessed and encrypted sensitive data on April 17. The group has even posted leaked screenshots to back up its claims.

Analyst 207
Brightly-lit video editing workspace with equipment and subtle hints of email materials.

ShinyHunters Leak Exposes 119K Vimeo Emails

A massive data leak, allegedly perpetrated by the threat actor group ShinyHunters, has put 119,000 Vimeo email addresses at risk, according to a recent report. This alarming breach raises serious concerns about online data security and user privacy.

Analyst 207
Computer screen displays blurred Excel spreadsheet in brightly-lit office with DevOps folder visible in background.

Fintech Firm Exposes Database Credentials in Shared Spreadsheet

A fintech firm's most sensitive secrets were left exposed in a shared spreadsheet, with a password that was embarrassingly simple - literally a combination of the company's name and the year. The shocking discovery was made by Stanislav Kazanov during a routine compliance audit, when he stumbled upon a widely accessible SharePoint folder containing a file ominously titled Prod_DB_Root_Creds_DO_NOT_SHARE.xlsx.

Analyst 207
Large, empty development environment with rows of code on sleek computer screens against a neutral background.

Checkmarx GitHub Data Leaked by LAPSUS$ Hackers

Checkmarx confirmed that hackers from the LAPSUS$ group breached its GitHub repository on March 23, 2026, and published stolen data on April 22, after a series of supply-chain and credential-theft events. The attackers used the access to publish malicious code to certain artifacts, compromising the integrity of Checkmarx's software development process.

Analyst 207
Shattered padlock on cracked digital surface with error message and accusatory finger in background.

Lovable Disputes Data Leak, Shifts Blame to HackerOne

Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.

Analyst 207
A broken padlock lies on a dark, cracked surface with scattered credentials and a laptop screen glowing in the background.

Vercel Discloses Credential Breach Tied to OAuth Mishandling

Vercel recently disclosed a credential breach affecting some customer credentials, which they attribute to an outside developer platform, Context.ai, citing an OAuth mishandling issue. The incident highlights the risks of complex authentication processes and the importance of secure credential management.

Analyst 207
Shattered padlock and scattered papers near laptop glow, cityscape visible through cracked window, conveying vulnerability.

McGraw Hill Data Leak Exposes 13.5M Records After Salesforce Misconfiguration

McGraw Hill, a leading publisher of educational materials, recently suffered a significant data leak, exposing a staggering 13.5 million records due to a misconfigured Salesforce-hosted page. This alarming breach highlights the importance of robust data security measures, even for companies with a traditional focus like textbook publishing.

Analyst 207
Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion

Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion

Ransomware attacks have taken a sinister turn, now using stolen data to blackmail victims into paying up - not just by encrypting their files, but by threatening to expose sensitive information to the world. This double extortion tactic adds a whole new level of pressure, forcing victims to weigh the cost of a data breach against the cost of a ransom.

Analyst 207
FBI System Breach Exposes Sensitive Data

FBI System Breach Exposes Sensitive Data

A major breach of an FBI system has sent shockwaves through the cybersecurity landscape, leaving organizations and individuals wondering if they're prepared for the worst. This alarming incident is just the latest in a string of high-profile hacks, including a data leak affecting 450,000 Lloyds records and a breach at the Dutch treasury.

Analyst 207
Proton Mail Faces Alarming Data Leak to Authorities

Proton Mail Faces Alarming Data Leak to Authorities

Proton Mail, a popular encrypted email service, has faced a concerning data leak to authorities, raising questions about the balance between user privacy and cooperation with law enforcement. This recent revelation has sparked debate about the feasibility of upholding the fundamental human right to privacy in the digital age.

Analyst 207
Critical ChatGPT Flaw Exposed Alarming Data Leak Vulnerability

Critical ChatGPT Flaw Exposed Alarming Data Leak Vulnerability

A recent flaw in ChatGPT has exposed a startling vulnerability, allowing data to be secretly leaked through a clever technique - leaving users wondering if their conversations with AI are truly secure. This alarming discovery serves as a wake-up call for the industry, highlighting the urgent need for robust security measures in AI systems.

Analyst 207
Legacy systems failing: Exclusive ministers vow no repeat

Legacy systems failing: Exclusive ministers vow no repeat

Ministers promise no repeat, but ageing, brittle IT and procurement shortcuts are slowing the fixes that would stop another life‑threatening leak — read on to see why promises need firm deadlines and measurable progress.

Analyst 207
5M Records Exposed Exclusive: Severe Auto Insurance Leak

5M Records Exposed Exclusive: Severe Auto Insurance Leak

Heads up: an unsecured database exposed more than 5 million auto-insurance records—names, policy numbers, VINs and claims—available to anyone with a link. That makes drivers prime targets for phishing, fake claims and identity theft, and could spell major legal and reputational headaches for insurers.

Analyst 207
5M Records Exposed: Exclusive Alarming Auto Insurance Leak

5M Records Exposed: Exclusive Alarming Auto Insurance Leak

Over 5 million auto insurance records — including names, policy numbers, VINs and claims histories — were left publicly accessible by a simple cloud misconfiguration, turning routine paperwork into a roadmap for fraud. Find out how it happened and what you can do now to protect your privacy.

Analyst 207