A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited...

AI chat app leak exposes 300 million messages tied to 25 million users

An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...

Hacking Moltbook: The AI Social Network Any Human Can Control

1 exposed database. 35,000 emails. 1.5M API keys. And 17,000 humans behind the not-so-autonomous AI network...

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”...

PrepHero-Linked Database Exposed Data of 3M Students and Coaches

A security lapse on PrepHero, a college recruiting platform, exposed millions of unencrypted records, including sensitive personal details…...

An AI Image Generator’s Exposed Database Reveals What People Really Used It For

An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out...

Wiz ResearchがDeepSeekの公開データベースを発見、チャット履歴を含む機密情報が流出

DeepSeekが所有する公開アクセス可能なデータベースにより、データベース操作を完全に制御できる状態になっており、内部データへのアクセスも可能でした。この漏えいには、100万行以上のログストリームが含まれており、極めて機密性の高い情報が含まれています。...

GHSA-VRJR-P3XP-XX2X phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

Summary Exposure of database ie postgreSQL server's credential when connection to DB fails. Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.phpL694 PoC When postgreSQL server is unreachable, ...

PT-2021-15568 · Rexroth +1 · Indramotion Mlc Indramotion Xlc +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an exposed user and password database due to an unprotected web server resource. The passwords are hashed using a weak hashing algorithm, making them susceptible ...

REINER SCT Reiner TimeCard 信任管理问题漏洞

REINER SCT Reiner TimeCard is a chip card reading device from REINER SCT, Germany, used for access protection in secure online banking devices, terminals for dealers and merchants using girocard payments, and PC workstations. A security vulnerability exists in REINER SCT Reiner TimeCard version...

Pingxiang Ganxi Network Technology Co., Ltd. website building system has SQL injection vulnerability

Ltd. is a company engaged in website construction. There is a SQL injection vulnerability in the website building system of Pingxiang Ganxi Network Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

LaySNS suffers from SQL injection vulnerability in in***.php file

LaySNS is a lightweight, integrated content management and community interaction website management system based on ThinkPHP+Layui architecture. LaySNS has a SQL injection vulnerability in the in.php file, which can be exploited by attackers to obtain sensitive database information...

BSA-2019-866

Security Advisory ID : BSA-2019-866 Component : SANnav Revision : 1.0 Brocade SANnav versions before v2.0 usea hard-coded password, which could allowlocal authenticated attackers to access a back-end database and gain privileges. The vulnerability could be exploited only if the database service i...

7M Adobe Creative Cloud Users Exposed to Hackers

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as...

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use o...

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data...

Oracle Reports Servlet Parsequery Function Remote Database Credentials Exposure

Nessus was able to exploit a flaw in the Oracle Reports servlet parsequery function, and was able to retrieve the plaintext database credentials for one or more users. A remote attacker can exploit this vulnerability to gain unauthorized database access. %NASLMINLEVEL 70300 C Tenable Network...

Pakistani Music site Database and Vulnerability Exposed by Maxt Breaker

Pakistani Music site Database and Vulnerability Exposed by Maxt Breaker A hacker with name "Maxt Breaker " hack one of the Pakistani Music website and expose its Database and Vulnerability via posting on public sites. Vulnerable Link is also shown in Image and some sample of database is also...

MIT (ILP) hacked by Cyber_Owner

MIT ILP hacked by CyberOwner 5 Days before MIT's website https://ilp.mit.edu/ was got hacked by a hacker named CyberOwner . This was reported by Korben. According to screenshot it seems that the site ILP International Liaison Program at MIT has been hacked. The flaw would be a SQL injection flaw...