Tag: information disclosure
11 articles

Microsoft Patch Deluge Exposes New Normal in Cybersecurity Updates
Microsoft just dropped a record 570 security updates on Patch Tuesday, revealing a new normal in cybersecurity: AI has drastically reduced the cost of finding vulnerabilities, leading to a surge in fixes that shows no signs of slowing down. This massive update batch included critical patches for elevation of privilege, remote code execution, and information disclosure flaws.

Hackers Exploit Gravity SMTP Plugin Bug to Expose API Keys
Malicious hackers are racing to exploit a vulnerability in the Gravity SMTP plugin, which has been installed on around 100,000 WordPress sites, to get their hands on sensitive API keys. Over 17 million exploit attempts have already been blocked by Wordfence, highlighting the urgent need for site owners to update to version 2.1.5.

Hackers Exploit Gravity SMTP Plugin Bug on 100,000 WordPress Sites
A critical bug in the Gravity SMTP plugin is being exploited by hackers on over 100,000 WordPress sites, putting sensitive information at risk. Update to version 2.1.5 or later to patch the vulnerability.

UK Council Exposes Hundreds of Disabled Residents in Email Blunder
A simple email mistake by the City of York Council had serious consequences, exposing the identities of hundreds of disabled residents who hold Blue Badges. The blunder occurred when a BCC function failed, revealing the list of recipients in a message intended to be private.

Trump Mobile Website Exposed Thousands of User Records
A shocking security lapse has been uncovered on the Trump Mobile website, allegedly exposing thousands of users' sensitive information, according to a report by The Register. The breach claim, made by a techie, raises serious concerns about the website's data protection measures.

SEPPMail Gateway Vulnerabilities Expose Remote Code Execution Risk
Critical vulnerabilities in SEPPMail's Secure E-Mail Gateway could allow hackers to read all mail traffic, gain entry into internal networks, and even execute remote code - putting your entire system at risk. These flaws could have devastating consequences, from data breaches to full-scale system compromise.

Major Vendors Patch Critical Flaws Amid Cyber Threat Surge
A critical flaw in Ivanti Xtraction, tracked as CVE-2026-8043, allows remote attackers to read sensitive files and launch client-side attacks - but fortunately, patches are now available to fix this high-risk vulnerability.

Missouri Probes Conduent's Response to Massive Data Breach
Missouri's Department of Commerce and Insurance is stepping up its investigation into Conduent's massive data breach, which is believed to have affected over 25 million people, after the company failed to provide crucial information on the breach's impact. The state agency is urging insurers to come forward with details on their dealings with Conduent, citing significant consumer risk.

France's ANTS Agency Exposes Data Breach After Hacker Offers Stolen Records for Sale
France's ANTS Agency has suffered a data breach, with hackers offering stolen records for sale, putting individual and professional accounts at risk. The agency is investigating and notifying affected users, urging them to stay vigilant for suspicious activity.

Prompt Injection Attacks Target AI Systems with Alarming Frequency
Imagine a simple question that can outsmart a secret-keeping system - it's happening more often than you'd think, as prompt injection attacks use cleverly crafted language to trick AI models into spilling their secrets. By manipulating conversational inputs, these attacks can get supposedly secure AI bots to reveal sensitive information.

Booking.com Exposes Reservation Data Breach Risk
Did you know that a recent data breach at Booking.com may have exposed sensitive trip details, including your name, contact info, and private messages to hotels, to unknown attackers? This incident is a stark reminder that even major travel platforms can be vulnerable to data breaches, putting your personal info at risk.