Security News

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...]

Following a data leak that brought "Tangible fear of threat to life", the UK's data protection watchdog says it intends to fine the Police Service of Northern Ireland £750,000. The August exposure of cops' data affected 9,483 officers and was described by Commissioner Pete O'Doherty of the City of London Police as "The most significant data breach that has ever occurred in the history of UK policing" in an official review.

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. The BlackCat/ALPHV ransomware gang claimed the attack, alleging to have stolen 6TB of sensitive patient data.

The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. In March 2023, the company sent out notices of data breach to 3.2 million people who had interacted with its websites, applications, and services, that their information had been exposed due to using tracking pixels on its platform.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

How Google plans to make stolen session cookies worthless for attackersGoogle is working on a new security feature for Chrome called Device Bound Session Credentials, meant to prevent attackers from using stolen session cookies to gain access user accounts. A "Cascade" of errors let Chinese hackers into US government inboxesMicrosoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.

Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. According to data breach aggregation service Have I Been Pwned, 1,348,407 PandaBuy accounts have been exposed in the breach.

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the...

NTT West president Masaaki Moribayashi announced his resignation on Thursday, effective at the end of March, in atonement for the leak of data pertaining to 9.28 million customers that came to light last October. Often resignations are avoided if a leader simply offers up a chunk of their salary instead. On Thursday, NTT West apologized for the leak and released details of a related investigation.

Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America. Infosys disclosed the breach in a November 3, 2023, filing [PDF] that revealed its US subsidiary Infosys McCamish Systems LLC "Has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS.".