In this special year-end edition, we revisit critical advice from our cybersecurity experts on AI, exposure management, cloud, vulnerability management, OT and critical infrastructure.Key...

In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal...

GreyNoise observed a coordinated exploitation campaign targeting Adobe ColdFusion servers over the Christmas 2025 holiday period. The attack appears to be a single threat actor operating from...

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI...

The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as...

There is tremendous public interest in the Epstein files. But be careful. Davey Winder of Forbes reports: Updated December 25 with warnings about malware associated with some Epstein Files...

Speaking of researchers being threatened or maligned for reporting breaches, see this story by Jessica Lyons in The Register: Researchers at Pen Test Partners found four flaws in Eurostar’s public...

Over the years, DataBreaches has been contacted by many people with requests for help notifying entities of data leaks or breaches. Some of the people who contact this site are cybercriminals,...

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV)...

The report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.

The permanent leader in the percentage of ICS computers on which spyware were blocked.

Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that's delivered by means of a digitally signed, notarized Swift application masquerading as a...

The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include...

AI goes off the rails … because of shoddy guardrails Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could allow an attacker to...

Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable...

When you have been reporting on breaches for as long as this site has, you experience a lot of deja vu. This time, a headline about Singing River Health System in Mississippi spotting a potential...

Crooks used platform to scoop up and store banking credentials for big-money thefts The US says it has shut down a platform used by cybercriminals to break into Americans' bank accounts.…

The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million...

Eric Geller reports: A Cybersecurity and Infrastructure Security Agency program that warns organizations about imminent ransomware attacks has suffered a major setback after its lead staffer left...

Arielle Waldman reports: Opposition is building as industry organizations weigh in on the public comment period for proposed changes to the Health Insurance Portability and Accountability Act...

This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI. For each platform, the...

Apple has been fined €98.6 million ($116 million) by Italy's antitrust authority after finding that the company's App Tracking Transparency (ATT) privacy framework restricted App Store...

Big AI companies courted controversy by scraping wide swaths of the public internet. With the rise of AI agents, the next data grab is far more private.

The ransomware rate in the region remains consistently high, nearly twice the global average.

East Asia saw a sharp increase in the percentage of ICS computers on which malicious scripts and phishing pages were blocked. The review of key cybersecurity issues in Asian regions.

A Cybersecurity and Infrastructure Security Agency program that warns organizations about imminent ransomware attacks has suffered a major setback after its lead staffer left the agency rather...

Kaspersky GReAT experts analyze the Evasive Panda APT's infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Plans move to Rust, with help from AI Microsoft wants to translate its codebase to Rust, and is hiring people to make it happen.…

In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients. The data contained 6.3 million unique email addresses along with names, physical...