Hacker Accesses Millions of IMDataCenter Records from Exposed AWS Bucket

Florida firm IMDataCenter exposed 38GB of sensitive data including names, emails and ownership info. At least one hacker accessed and downloaded the files...

CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

CVE-2025-1143

CVE-2025-1143 affects Billion Electric routers (M100, M150, M120N). Public records describe hard-coded embedded Linux credentials in the SSH service, allowing an attacker with local access to log in and obtain root privileges. The CVSS 3.1 vector indicates local access, low attack complexity, and...

CVE-2024-24760

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

CVE-2024-1322

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

Urban Company: Exposed data of credit card details to hacker or attacker.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Name of Vulnerability:...

Imperva: Data Breach Caused by Amazon Cloud Misconfiguration

Imperva, the security vendor, said this week that a misconfiguration of an Amazon Web Services AWS cloud instance allowed hackers to exfiltrate information on customers using its Cloud Web Application Firewall WAF product. Formerly known as Incapsula, the Cloud WAF analyzes requests coming into...

Hostinger Suffers Data Breach – Resets Password For 14 Million Users

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers an...

Ad Network Sizmek Probes Account Breach

Online advertising firm Sizmek Inc. NASDAQ: SZMK says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an...

Vulnerable smart alarms allowed hackers to track & turn off car engine

By Waqas By gaining access to the vehicles, hackers can not only locate them but also open their doors and even turn off the engine while the owner is driving. Two popular car alarm companies are facing problems with their products. Viper and Pandora are famous for their alarms that cost thousand...

Sinking a ship and hiding the evidence

Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVD...

Satellite communications equipment security

Introduction Satcoms are the game changer in maritime cyber security. In the past, satellite connectivity was so expensive as to be prohibitive for all but the most essential communication. Crew personal email and social media access was a pipe dream. However, now that ship operators have access ...

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being...

Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage

MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users. MyHeritage says it has no reason to believe other user data was...

Brave Software: There is vulnebility Click Here TO fix

NOTE! Thanks for submitting a report! Please fill all sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty. Summary: add summary of the vulnerability Products affected: operating system, Brave versi...

Weblate: Password Restriction

Hi Weblate, Hope you all have a good day! Its a minor issue, but hope you'll fix it. It seems like after changing password for example my current password is : mypassword1 And lets assume that the hacker got an access to my account, and me of course will change my password to ex. mypassword2...

Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot

It's True — There is no such backdoor that only its creator can access. Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI Unified Extensible Firmware Interface Secure Boot feature. What's even worse? It will be impossible for Microsoft to und...

Facebook Password Reset Bug Gave Hacker Access To Any Account

Anand Prakash could have hacked your Facebook account or anyone else’s. The India-based security researcher found a glaring password-reset vulnerability last month that has since been patched. The bug allowed him to crack open any of Facebook’s 1.1 billion accounts using a rudimentary brute force...

Spotify Hacked, Urges Android Users to Upgrade app and Change Password

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers. Spotify is a commercial music streaming service launched in October 2008 by Swedish start-up...

KRBanker Malware Targeting Korean Financial Institutions

A recently discovered piece of malware called KRBanker Korea + Banker = KRBanker , targeting mostly online end-users at Korean financial institutions. According to nProtect, now an invasive banking Trojan, the new and improved KRBanker can block anti-virus software, security websites and even oth...