Exposes

  • Blog
    digitpatrox2 weeks ago
    42

    Supply chain attack on popular GitHub Action exposes CI/CD secrets

    A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on…

    Read More »
  • Blog
    digitpatroxFebruary 2, 2025
    177

    DeepSeek exposes database with over 1 million chat records

    DeepSeek, the Chinese AI startup known for its DeepSeek-R1 LLM model, has publicly exposed two databases containing sensitive user and operational information. The unsecured ClickHouse instances reportedly held over a million log entries containing user chat history in plaintext form, API keys, backend details, and operational metadata. Wiz Research discovered this exposure during a security assessment of DeepSeek’s external infrastructure.…

    Read More »
  • Blog
    digitpatroxJanuary 18, 2025
    72

    Otelier data breach exposes info, hotel reservations of millions

    Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests’ personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. The breach first allegedly occurred in July 2024, with continued access through October, with the threat actors claiming to have stolen amost eight terabytes of data…

    Read More »
  • Blog
    digitpatroxJanuary 17, 2025
    62

    W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

    A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. The W3 Total Cache plugin uses multiple caching techniques to optimize a website’s speed, reduce load times, and generally improve its SEO ranking. The flaw is tracked as CVE-2024-12365 despite the developer releasing…

    Read More »
  • Blog
    digitpatroxJanuary 12, 2025
    227

    STIIIZY data breach exposes cannabis buyers’ IDs and purchases

    Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. STIIIZY is a a California-based cannabis brand known for its pod-based vaporizers and a variety of cannabis products, including flower, edibles, THC concentrates, and extracts.  In a data breach notification published earlier this week, STIIIZY…

    Read More »
  • Blog
    digitpatroxJanuary 8, 2025
    68

    PowerSchool hack exposes student, teacher data from K-12 districts

    Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that supports over 60 million students and over 18,000 customers worldwide. The company offers a…

    Read More »
  • Blog
    digitpatroxDecember 7, 2024
    96

    New Windows zero-day exposes NTLM credentials, gets unofficial patch

    A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet. According to 0patch,…

    Read More »
  • Blog
    digitpatroxNovember 21, 2024
    117

    Cyberattack at French hospital exposes health data of 750,000 patients

    A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. A threat actor using the nickname ‘nears’ (previously near2tlg) claimed to have attacked multiple healthcare facilities in France, alleging that they have access to the patient records of over 1,500,000 people. The hacker claims…

    Read More »
  • Blog
    digitpatroxNovember 16, 2024
    211

    Breach at B2B data broker DemandScience exposes over 100 million records

    Over 100 million leaked records of business contact information listed on the dark web linked to B2B data aggregator DemandScience might have been stolen from a third party, the company has told ITPro. Formerly known as Pure Incubation, DemandScience is an AI-powered B2B demand generation company that helps organizations find potential customers for upcoming campaigns. The firm scrapes the public…

    Read More »
  • Blog
    digitpatroxOctober 11, 2024
    165

    Fidelity Data Breach Exposes Data From 77,099 Customers

    In August, a threat actor compromised the data of 77,099 Fidelity Investments customers in Maine, the financial firm said in a breach notification letter to thousands of customers on Oct. 9. The attacker didn’t access funds in Fidelity investment accounts. However, the hacker obtained personal information — including Social Security numbers and driver’s licenses — and created two new customer…

    Read More »
Back to top button
close