Exposes
-
Blog
DeepSeek exposes database with over 1 million chat records
DeepSeek, the Chinese AI startup known for its DeepSeek-R1 LLM model, has publicly exposed two databases containing sensitive user and operational information. The unsecured ClickHouse instances reportedly held over a million log entries containing user chat history in plaintext form, API keys, backend details, and operational metadata. Wiz Research discovered this exposure during a security assessment of DeepSeek’s external infrastructure.…
Read More » -
Blog
Otelier data breach exposes info, hotel reservations of millions
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests’ personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. The breach first allegedly occurred in July 2024, with continued access through October, with the threat actors claiming to have stolen amost eight terabytes of data…
Read More » -
Blog
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. The W3 Total Cache plugin uses multiple caching techniques to optimize a website’s speed, reduce load times, and generally improve its SEO ranking. The flaw is tracked as CVE-2024-12365 despite the developer releasing…
Read More » -
Blog
STIIIZY data breach exposes cannabis buyers’ IDs and purchases
Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. STIIIZY is a a California-based cannabis brand known for its pod-based vaporizers and a variety of cannabis products, including flower, edibles, THC concentrates, and extracts. In a data breach notification published earlier this week, STIIIZY…
Read More » -
Blog
PowerSchool hack exposes student, teacher data from K-12 districts
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that supports over 60 million students and over 18,000 customers worldwide. The company offers a…
Read More » -
Blog
New Windows zero-day exposes NTLM credentials, gets unofficial patch
A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet. According to 0patch,…
Read More » -
Blog
Cyberattack at French hospital exposes health data of 750,000 patients
A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. A threat actor using the nickname ‘nears’ (previously near2tlg) claimed to have attacked multiple healthcare facilities in France, alleging that they have access to the patient records of over 1,500,000 people. The hacker claims…
Read More » -
Blog
Breach at B2B data broker DemandScience exposes over 100 million records
Over 100 million leaked records of business contact information listed on the dark web linked to B2B data aggregator DemandScience might have been stolen from a third party, the company has told ITPro. Formerly known as Pure Incubation, DemandScience is an AI-powered B2B demand generation company that helps organizations find potential customers for upcoming campaigns. The firm scrapes the public…
Read More » -
Blog
Fidelity Data Breach Exposes Data From 77,099 Customers
In August, a threat actor compromised the data of 77,099 Fidelity Investments customers in Maine, the financial firm said in a breach notification letter to thousands of customers on Oct. 9. The attacker didn’t access funds in Fidelity investment accounts. However, the hacker obtained personal information — including Social Security numbers and driver’s licenses — and created two new customer…
Read More »