Data Breach Archives - Page 3 Of 6

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites

December 24, 2025

Cybersecurity researchers have uncovered two malicious Google Chrome extensions operating under the same name and published by the same developer, both designed to secretly intercept web traffic and steal user credentials on a massive scale. The extensions are promoted as a “multi location network speed test plug in” aimed at developers and professionals working in […]

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Websites Read More »

Google to Shut Down Dark Web Monitoring Tool in February 2026

December 16, 2025

Google has confirmed that it will shut down its Dark Web report feature in February 2026, bringing an end to a service that allowed users to check whether their personal information appeared on underground online marketplaces. The decision comes less than two years after the tool was first introduced. According to the company, scans for

Google to Shut Down Dark Web Monitoring Tool in February 2026 Read More »

Featured Chrome Extension Caught Intercepting Millions of Users AI Chats

December 15, 2025

A browser extension carrying a “Featured” badge on Google Chrome has been discovered quietly collecting artificial intelligence chat conversations from millions of users. The extension, installed by more than six million people, was observed intercepting prompts and responses from popular AI platforms without clear user awareness. Security researchers revealed that the extension, Urban VPN Proxy,

Featured Chrome Extension Caught Intercepting Millions of Users AI Chats Read More »

Gainsight adds more affected customers after Salesforce security alert

November 27, 2025

Gainsight has confirmed that the recent suspicious activity involving its applications has affected more users than initially reported. The update follows a security alert issued by Salesforce regarding abnormal behavior linked to Gainsight published apps. More Customers Affected Than First Reported Salesforce originally identified three customers as impacted, but according to Gainsight, the list grew

Gainsight adds more affected customers after Salesforce security alert Read More »

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims

November 26, 2025

A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks

November 26, 2025

A new investigation has uncovered that sensitive credentials from governments, telecoms, financial institutions, and critical infrastructure have been unintentionally exposed through popular online code formatting tools such as JSONFormatter and CodeBeautify. These websites, commonly used to validate or beautify JSON and other code snippets, have become unintended repositories of private information due to users pasting

Years of leaks from JSONFormatter and CodeBeautify have exposed thousands of passwords and API keys, creating major security risks Read More »

Salesforce Reports Unauthorized Data Access Triggered by Gainsight Related OAuth Activity

November 21, 2025

Salesforce has issued an alert after identifying unusual behavior involving applications published by Gainsight that integrate with the Salesforce platform. According to the company, the suspicious activity may have allowed unauthorized access to some customers data through the affected applications. In response, Salesforce has revoked all active access and refresh tokens tied to Gainsight published

Salesforce Reports Unauthorized Data Access Triggered by Gainsight Related OAuth Activity Read More »

Zyxel Authorization Bypass Vulnerability Lets Attackers View and Download System Configurations

October 22, 2025

A serious security flaw has been discovered in Zyxel’s ATP and USG series network security appliances, enabling attackers to bypass two-factor authentication and access sensitive system configurations without authorization. Identified as CVE-2025-9133, this vulnerability impacts devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated disclosure. The flaw

Zyxel Authorization Bypass Vulnerability Lets Attackers View and Download System Configurations Read More »

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers

October 15, 2025

U.S.-based cybersecurity firm F5 disclosed on Wednesday that unauthorized actors infiltrated its systems and obtained files containing portions of the BIG-IP source code, along with information about undisclosed vulnerabilities in the product. The company attributed the attack to a “highly sophisticated nation-state threat actor,” noting that the intruders maintained prolonged access to its network. According

F5 BIG-IP Source Code Exposed in Breach by Nation-State Hackers Read More »

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users

October 15, 2025

A new, persistent Android campaign, attributed to GhostBat RAT, impersonates Regional Transport Office, RTO, applications to steal banking data from Indian users. Attackers distribute malicious droppers through WhatsApp, SMS with shortened URLs, GitHub hosted APKs, and compromised websites, then use multi stage loading, ZIP header manipulation, native libraries, and extensive string obfuscation to avoid detection

GhostBat RAT Masquerades as Fake RTO Android Apps to Steal Banking Data from Indian Users Read More »