Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website th...

CVE-2025-8709

A SQL injection vulnerability exists in LangGraph’s SQLite store implementation due to improper string concatenation when building filter conditions in the getfiltercondition function. The JSON key portion of the jsonextract path is directly concatenated into SQL statements without sanitization o...

EUVD-2018-3998

Malware in sbrugna...

UK Pet Owners Targeted by Fake Microchip Renewal Scams

Microchip renewal scam targets UK pet owners using leaked data from insecure registries. Emails appear legit but aim to steal money and personal info...

Limited Canva Creator Data Exposed Via AI Chatbot Database

A Chroma database operated by Russian AI chatbot startup My Jedai was found exposed online, leaking survey responses…...

FBI Warns of Data Extortion Scam Targeting Corporate Executives

The Federal Bureau of Investigation FBI Internet Crime Complaint Center IC3 has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitiv...

Heritage Foundation data breach containing personal data is available online

The Heritage Foundation this month denied that it had suffered an earlier system breach and the subsequent leaking of internal data. But the organization had to admit that cybercriminals gained access to an archive of Heritages affiliated media site, The Daily Signal, dating back to 2022. That...

Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data

By Waqas While Hathway hasn't commented yet, analysis of the leaked data by Hackread.com suggests the breach may be authentic and could have serious consequences for affected individuals. This is a post from HackRead.com Read the original post: Indian ISP Hathway Data Breach: Hacker Leaks 4 Milli...

Microsoft AI researchers accidentally exposed terabytes of sensitive data

Warnings about including credentials, keys, and tokens when sharing code on publicly accessible repositories shouldnt be necessary. It should speak for itself that you dont just hand over the keys to your data. But what if a misconfiguration ends in a supposed internal storage account becoming...

Black Cat ransomware group wants $4.5m from Reddit or will leak stolen files

The ramifications of a Reddit breach which occurred back in February are now being felt, with the attackers threatening to leak the stolen data. The February attack, billed as a "sophisticated phishing campaign" by Reddit, involved an attempt to swipe credentials and two-factor authentication...

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

On April 7, 2023 MSI Micro-Star International released a statement confirming a cyberattack on part of its information systems. While the statement does not reveal a lot of tangible information, this snippet is important: "MSI urges users to obtain firmware/BIOS updates only from its official...

Crypto exchange Fiatusdt leaked trove of users KYC data

By Habiba Rashid The database was exposed due to a misconfigured AWS S3 bucket. This is a post from HackRead.com Read the original post: Crypto exchange Fiatusdt leaked trove of users KYC data...

Urlscan.io API Inadvertently Leaked Sensitive Data and URLs

By Deeba Ahmed Urlscan.io is a website scanning and analyzing engine that accepts URL submissions and creates a trove of data such as IPs, domains, DOM information, screenshots, and cookies. This is a post from HackRead.com Read the original post: Urlscan.io API Inadvertently Leaked Sensitive Dat...

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...

Anonymous Hits Russian Ministry of Culture- Leaks 446GB of Data

By Waqas The trove of leaked data is now available on the official website of DDoSecrets, while Anonymous vows to… This is a post from HackRead.com Read the original post: Anonymous Hits Russian Ministry of Culture- Leaks 446GB of Data...

Old sessions are not blocked by the login enable function.

Description If you disable logic function of an user, that user can still login by using their old session. Proof of Concept Step 1: login to dashboard by a normal account. Step 2: use a diffrent browser to login as admin Step 3: make the normal account in step 1 unable to login. Step 4: return t...

CVE-2022-23633

A flaw was found in the Rack middleware package of RubyGems, where response bodies will not close under certain circumstances. This flaw allows an attacker to iterate requests to force ActionDispatch::Executor to not close, allowing subsequent requests to leak data from...

CVE-2022-23634

A flaw was found in Puma and Rails rubygems when response bodies were not closed under certain situations. This flaw allows an attacker, by iterating certain requests, to take advantage of this issue and affect CurrentAttributes, leading to leaked data...

Top Illicit Carding Marketplace UniCC Abruptly Shuts Down

A top underground market for buying and selling stolen credit-card details, UniCC, has announced it’s shutting down operations. The site accounted for about 30 percent of carding scam business and, since it was launched in 2013, handled about $358 million in cryptocurrency transactions, according...

Shopify: Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage

Shopify.com Web Cache Deception Vulnerability Matteo Golinelli, July 21, 2021. I am testing websites for possible Web Cache Deception vulnerabilities you can find more about it here and I discovered that shopify.com is vulnerable. Web cache deception WCD is an attack where an attacker tricks a...