Data Breach

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims

A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service […]

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks

A new investigation has uncovered that sensitive credentials from governments, telecoms, financial institutions, and critical infrastructure have been unintentionally exposed through popular online code formatting tools such as JSONFormatter and CodeBeautify. These websites, commonly used to validate or beautify JSON and other code snippets, have become unintended repositories of private information due to users pasting

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks Read More »

Salesforce Reports Unauthorized Data Access Triggered by Gainsight Related OAuth Activity

Salesforce has issued an alert after identifying unusual behavior involving applications published by Gainsight that integrate with the Salesforce platform. According to the company, the suspicious activity may have allowed unauthorized access to some customers data through the affected applications. In response, Salesforce has revoked all active access and refresh tokens tied to Gainsight published

Salesforce Reports Unauthorized Data Access Triggered by Gainsight Related OAuth Activity Read More »

Zyxel Authorization Bypass Vulnerability Lets Attackers View and Download System Configurations

A serious security flaw has been discovered in Zyxel’s ATP and USG series network security appliances, enabling attackers to bypass two-factor authentication and access sensitive system configurations without authorization. Identified as CVE-2025-9133, this vulnerability impacts devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated disclosure. The flaw

Zyxel Authorization Bypass Vulnerability Lets Attackers View and Download System Configurations Read More »

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers

U.S.-based cybersecurity firm F5 disclosed on Wednesday that unauthorized actors infiltrated its systems and obtained files containing portions of the BIG-IP source code, along with information about undisclosed vulnerabilities in the product. The company attributed the attack to a “highly sophisticated nation-state threat actor,” noting that the intruders maintained prolonged access to its network. According

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers Read More »

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users

A new, persistent Android campaign, attributed to GhostBat RAT, impersonates Regional Transport Office, RTO, applications to steal banking data from Indian users. Attackers distribute malicious droppers through WhatsApp, SMS with shortened URLs, GitHub hosted APKs, and compromised websites, then use multi stage loading, ZIP header manipulation, native libraries, and extensive string obfuscation to avoid detection

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users Read More »

ThreatsDay Bulletin: MS Teams Breach, MFA Hijacking, $2B Crypto Theft, Apple Siri Investigation & More

Cybersecurity threats are advancing faster than ever, with attackers increasingly combining social engineering, AI-driven manipulation, and cloud exploitation to target systems once deemed secure. From communication platforms to smart devices, every technological convenience simultaneously expands the potential attack surface. This edition of ThreatsDay Bulletin highlights these overlapping risks and the necessary measures to maintain trust in

ThreatsDay Bulletin: MS Teams Breach, MFA Hijacking, $2B Crypto Theft, Apple Siri Investigation & More Read More »

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce

The cybercriminal collective known as Scattered Lapsus$ Hunters has intensified their extortion efforts by launching a dedicated leak portal aimed at publishing stolen Salesforce data. This alliance, which includes prominent threat actors such as ShinyHunters, Scattered Spider, and Lapsus$, represents a new level of sophistication in ransomware-as-a-service operations, specifically targeting one of the most widely

Lapsus$ Hunters Launch New Leak Site to Publish Data Stolen from Salesforce Read More »

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases

A new wave of sophisticated ransomware attacks is targeting organizations worldwide by abusing legitimate database commands, bypassing traditional security tools through “malware-free” operations. Unlike typical ransomware that relies on malicious binaries to encrypt files, attackers are exploiting exposed database services, using standard database functionality to steal, erase, and demand ransom for critical information. This technique

Hackers Abuse Legitimate Database Commands to Actively Compromise Databases Read More »

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data

A newly surfaced threat actor, calling itself Crimson Collective, has been observed targeting Amazon Web Services, AWS, environments to steal valuable data and pressure organizations with extortion. Recent claims by the group allege they breached Red Hat, taking private repositories from Red Hat’s GitLab instance. This activity signals a worrying shift toward cloud-centric attacks, and

Crimson Collective Uses AWS Services to Exfiltrate Sensitive Data Read More »