Prosper data breach puts 17 million people at risk of identity theft

Peer-to-peer lending marketplace Prosper detected unauthorized activity on their systems on September 2, 2025. It published an FAQ page later that month to address the incident. During the incident, the attacker stole personal information belonging to Prosper customers and loan applicants. As...

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...

EUVD-2022-29686

Malicious code in bioql PyPI...

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission...

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model LLM services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team...

InterContinental Hotels' booking systems disrupted by cyberattack

In a statement filed at the London Stock Exchange, InterContinental Hotels Group PLC reports that parts of the company's technology systems have been subject to unauthorized activity. The activity significantly disrupted IHG's booking channels and other applications. The InterContinental Hotels...

CVE-2022-20282

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Androi...

Samsung AppLinker Implicit Intent Hijacking Vulnerability

Samsung AppLinker is an application for Samsung mobile devices. Samsung AppLinker is vulnerable to an implicit intent hijacking vulnerability, which stems from the fact that when an implicit intent call is used, no restrictions are placed on the intent message recipient, and an attacker could use...

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission...

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission...

PT-2022-16993 · Unknown · Apkinstaller

Name of the Vulnerable Software and Affected Versions: ApkInstaller versions prior to SMR MAR-2022 Release Description: The issue is related to improper access control in the dynamic receiver of ApkInstaller, allowing unauthorized attackers to execute arbitrary activities without proper permissio...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

WordPress: Improper Access Control in Buddypress core allows reply,delete any user's activity

Description: Improper Access Control in Buddypress core allows reply,delete any user's activity in other public group,which they don't join. Steps To Reproduce: Step 1: Create two account A, B with two public groups Step 2: In group A-account A, create a new activity idA Step 3: In group B-accoun...

6 Security Tips to Consider While You Travel

Following the “8 Ways to Avoid the Cybersecurity Grinch” blog post, it seems like a follow-up is in order given the recent Marriott Breach disclosure. It is important to note that when we travel, similar to when we shop, we are putting our trust in the organizations we are dealing with during our...

Hackers Breach Dunkin' Donuts Accounts in Credential Stuffing Attack

A credential stuffing attack has allowed hackers to take a big bite out of Dunkin’ Donuts customer data. The donut giant announced Tuesday evening that a data breach in October may have led to customers’ personal information being compromised. Dunkin’ Brands Inc. in an advisory posted to its...

Dell Warns of Attempted Breach on Network

Dell EMC is warning its Dell.com customers of unauthorized activity on its network that occurred on Nov. 9 when it believes adversaries attempted to access names, email addresses and hashed passwords. In response, the company said that it has reset all Dell.com customer passwords. Dell said that...

British Airways Suspends Accounts Following Apparent Breach

British Airways, one of the U.K’s biggest airlines, suspended users’ frequent flier accounts this weekend after an apparent breach recently hit the company. It’s unclear exactly how many fliers were implicated by what British Airways is calling “unauthorized activity” on its Executive Club...

DreamHost Warns of Attack, Forces Customer Password Changes

Attackers were able to compromise a database at DreamHost, a large hosting provider, late last week and the company is forcing all of its customers to change their passwords for their FTP and shell accounts as a precautionary measure. DreamHost did not provide many details about what happened in...

DreamHost Hacked - Change Your Passwords Now !

DreamHost Hacked - Change Your Passwords Now ! All Dreamhost customers should read this post immediately and change all related passwords including WordPress ones. Dreamhost said "Last night we detected some unauthorized activity within one of our databases." They say there's "no evidence that...

CVE-2005-1186

Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting XSS attacks...