Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: PayPal, Inc. has agreed to pay a $2 million penalty to the New York State Department of Financial Services (DFS) after an investigation found that cybersecurity failures led to the exposure of sensitive customer information, including Social Security Numbers (SSNs). The breach stemmed from a December 2022 cybersecurity event in which unmasked customer data was …
The post PayPal Fined $2M for Cybersecurity Lapse Exposing User Data appeared first on CyberInsider.
January 24th, 2025 (4 months ago)
|
|
|
Description: CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. [...]
January 23rd, 2025 (4 months ago)
|
|
|
Description: Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of
January 23rd, 2025 (4 months ago)
|
|
|
Description: The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they've stolen the personal data of 62.4 million students and 9.5 million teachers, BleepingComputer has learned. [...]
January 22nd, 2025 (4 months ago)
|
|
|
Description: A China-aligned APT group dubbed PlushDaemon has executed a supply-chain attack on IPany, a South Korean VPN provider, by embedding a sophisticated backdoor named SlowStepper into its installer. According to ESET researchers, the attack, which began in late 2023, targeted users across South Korea, Japan, and China, with particular focus on industries like semiconductors and …
The post IPany VPN Breached by Hackers Planting Backdoor on Installer appeared first on CyberInsider.
January 22nd, 2025 (4 months ago)
|
|
|
Description: South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper' malware. [...]
January 22nd, 2025 (4 months ago)
|
|
|
Description: In August 2024, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
January 22nd, 2025 (4 months ago)
|
|
|
Description: In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
January 22nd, 2025 (4 months ago)
|
|
|
Description: The company reports that it is not experiencing any operational issues within its business, so far.
January 21st, 2025 (4 months ago)
|
|
|
Description: A threat actor known as “Ay4me” has put up for sale a trove of 318 million records on BreachForums, claiming the data was stolen from Otelier, a cloud-based hotel management platform. The stolen database, totaling 7.8TB, reportedly contains sensitive information from major hotel chains such as Marriott, Hilton, and Hyatt. The data leak was disclosed …
The post Threat Actor Claims Sale of 318 Million Otelier Records appeared first on CyberInsider.
January 21st, 2025 (5 months ago)
|