Everest Ransomware Leaks Coca-Cola Employee Data Online

Everest ransomware leaks Coca-Cola employee data: 1,104 files exposed, including HR, admin roles, IDs, personal details, and internal records...

CVE-2024-5270

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

Royal Mail SMS Phishing Scam Targets Victims with Fake Delivery Fee Requests

Beware of a convincing Royal Mail SMS phishing scam asking for personal details and payment for re-delivery. Learn…...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure via an unauthenticated GET request to /user/getUserType. The endpoint discloses data tied to the registered user: user ID, status, email, roles, user type, license type, and personal details such as first name, last name, gende...

Exposed United Nations Database Left Sensitive Information Accessible Online

The 115,000-plus files related to UN Women included detailed financial disclosures from organizations around the world—and personal details and testimonials from vulnerable individuals...

Facial DNA provider leaks biometric data via WordPress folder

ChiceDNA exposed 8,000 sensitive records, including biometric images, personal details, and facial DNA data in an unsecured WordPress…...

Family Location Tracker App Life360 Breach: 443,000 Users’ Data Leaked

Life360, a popular family location tracker app, suffered a data breach affecting 443,000 users. Personal details, including first…...

LAUSD Data Breach: Hackers Leak 25M Records, Including Student Locations

The Los Angeles Unified School District LAUSD suffered a massive data breach due to a Snowflake vulnerability, exposing personal details of millions of students and thousands of teachers and staff...

CVE-2024-4520

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation ...

CVE-2024-5270 SAML to email switch possible when email signin is disabled

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

Police Security Breach Rattles Northern Ireland’s Security Landscape

By Habiba Rashid The Police Service of Northern Ireland PSNI experienced a severe security breach, unintentionally revealing personal details of its entire workforce, including officers and civilian staff. This is a post from HackRead.com Read the original post: Police Security Breach Rattles...

Hackers leak DC Health Link data with Congress Members’ details

By Habiba Rashid The data contains personal and medical details of several members of the U.S. Congress, which are now circulating on Russian hacker forums as well as on Telegram groups. This is a post from HackRead.com Read the original post: Hackers leak DC Health Link data with Congress Member...

Alert: Scammers Pose as ChatGPT in New Phishing Scam

By Waqas This phishing scam exploits the popularity of the AI-based ChatGPT chatbot to steal funds and harvest the personal and financial details of users. This is a post from HackRead.com Read the original post: Alert: Scammers Pose as ChatGPT in New Phishing Scam...

Austrian ‘mobile concierge’ app Gustaffo leaking 100k customers’ data

By Waqas Gustaffo Digital Service GmbH has been leaking personal and contact details of its customers since last month. This is a post from HackRead.com Read the original post: Austrian mobile concierge app Gustaffo leaking 100k customers data...

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

Default credentials

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...