Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
January 30th, 2025 (3 months ago)
|
|
|
Description: Graphics tablet maker Wacom has disclosed a potential data breach affecting customers who made purchases through its official online store. In a notification letter sent to impacted users, the company revealed that credit card details may have been exposed between November 28, 2024, and January 8, 2025. The incident is still under investigation, but Wacom …
The post Wacom Notifies E-Shop Customers of Credit Card Data Exposure appeared first on CyberInsider.
January 29th, 2025 (3 months ago)
|
|
|
Description: Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomware
January 29th, 2025 (3 months ago)
|
|
|
Description: The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.
January 28th, 2025 (3 months ago)
|
|
|
Description: Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. [...]
January 28th, 2025 (3 months ago)
|
|
|
Description: London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company's systems. [...]
January 28th, 2025 (3 months ago)
|
|
|
Description: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. [...]
January 28th, 2025 (3 months ago)
|
|
|
Description: PowerSchool has begun notifying impacted individuals about a data breach that compromised personal information from its Student Information System (SIS). The breach, first detected on December 28, 2024, resulted in the unauthorized exfiltration of data, including names, contact details, Social Security numbers (SSNs), medical alerts, and academic records for certain individuals. The total number of …
The post PowerSchool Notifies Students and Educators of Major Data Breach appeared first on CyberInsider.
January 28th, 2025 (3 months ago)
|
|
|
Description: In June 2021, the (now defunct) gaming website HeatGames suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 650k unique email addresses along with IP addresses, country and salted MD5 password hashes.
January 28th, 2025 (3 months ago)
|
|
|
Description: In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
January 28th, 2025 (3 months ago)
|