CyberAlerts

Fortinet warns of new zero-day exploited to hijack firewalls

Description: Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]

Source: BleepingComputer

February 11th, 2025 (4 months ago)

LandAirSea - 337,373 breached accounts

Description: In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability.

Source: HaveIBeenPwnedLatestBreaches

February 11th, 2025 (4 months ago)

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

Description: In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question

Source: TheHackerNews

February 10th, 2025 (4 months ago)

Adopt Me Trading Values - 86,136 breached accounts

Description: In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".

Source: HaveIBeenPwnedLatestBreaches

February 10th, 2025 (4 months ago)

Handala Claims to have Breached Israel Police

Description: Handala Claims to have Breached Israel Police

Source: DarkWebInformer

February 9th, 2025 (4 months ago)

Youthmanual - 937,912 breached accounts

Description: In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes.

Source: HaveIBeenPwnedLatestBreaches

February 9th, 2025 (4 months ago)

HPE notifies employees of data breach after Russian Office 365 hack

Description: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. [...]

Source: BleepingComputer

February 7th, 2025 (4 months ago)

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Description: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]

Source: BleepingComputer

February 7th, 2025 (4 months ago)

US health system notifies 882,000 patients of August 2023 breach

Description: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. [...]

Source: BleepingComputer

February 7th, 2025 (4 months ago)

Behavioral Analytics in Cybersecurity: Who Benefits Most?

Description: As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.

Source: Dark Reading

February 7th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Fortinet warns of new zero-day exploited to hijack firewalls Description: Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] Source: BleepingComputer February 11th, 2025 (4 months ago)
	LandAirSea - 337,373 breached accounts Description: In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. Source: HaveIBeenPwnedLatestBreaches February 11th, 2025 (4 months ago)
	⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February] Description: In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question Source: TheHackerNews February 10th, 2025 (4 months ago)
	Adopt Me Trading Values - 86,136 breached accounts Description: In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall". Source: HaveIBeenPwnedLatestBreaches February 10th, 2025 (4 months ago)
	Handala Claims to have Breached Israel Police Description: Handala Claims to have Breached Israel Police Source: DarkWebInformer February 9th, 2025 (4 months ago)
	Youthmanual - 937,912 breached accounts Description: In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes. Source: HaveIBeenPwnedLatestBreaches February 9th, 2025 (4 months ago)
	HPE notifies employees of data breach after Russian Office 365 hack Description: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. [...] Source: BleepingComputer February 7th, 2025 (4 months ago)
	Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Description: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...] Source: BleepingComputer February 7th, 2025 (4 months ago)
	US health system notifies 882,000 patients of August 2023 breach Description: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. [...] Source: BleepingComputer February 7th, 2025 (4 months ago)
	Behavioral Analytics in Cybersecurity: Who Benefits Most? Description: As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important. Source: Dark Reading February 7th, 2025 (4 months ago)