CyberAlerts

Description: In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 967k unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum.

Source: HaveIBeenPwnedLatestBreaches

April 8th, 2025 (8 days ago)

Hackers lurked in Treasury OCC’s systems since June 2023 breach

Description: Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. [...]

Source: BleepingComputer

April 8th, 2025 (8 days ago)

QSC Employee Database Allegedly Leaked on Breach Forums

Description: QSC Employee Database Allegedly Leaked on Breach Forums

Source: DarkWebInformer

April 8th, 2025 (8 days ago)

How To Implement Just-In-Time Access: Best Practices and Lessons Learned

Description: With the just-In-time (JIT) access control method, privileges are granted temporarily on an as-needed basis. This reduces static entitlements, lowering the risk of compromised accounts and preventing privilege creep. In this blog, we’ll share how we implemented JIT access internally at Tenable using Tenable Cloud Security, and offer recommendations we hope you’ll find useful.Just-in-time access (JIT) is a valuable security practice that allows organizations to limit the time and the scope of users’ access to resources, such as applications and systems. However, implementing JIT access successfully is challenging, as it requires careful planning and ample communication between the security team and all other departments. At Tenable, we went through this process. Here, we share the lessons we learned and the best practices we adopted, as well as explain how you can leverage Tenable Cloud Security when implementing JIT access.Benefits of JIT accessThe most notable benefit of just-in-time (JIT) provisioning is its ability to restrict access duration. By granting permissions only upon request, JIT can reduce identity and entitlement risks by 75% or more in most scenarios. For example, a user who requests permissions for a 40-hour work week will not have access during the remaining 128 hours, thereby significantly minimizing the user’s identity-breach risks.Another significant risk reduction made possible by JIT is the prevention of privilege creep. Over time, users tend to accu...

Source: Tenable Blog

April 8th, 2025 (8 days ago)

EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher

Description: EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. [...]

Source: BleepingComputer

April 7th, 2025 (9 days ago)

🏴‍☠️ Hellcat has just published a new victim : CVTE

Description: We have breached the internal systems of Guangzhou Shiyuan Electronic Technology, securing sensitive files that, if exposed, would cause serious disruption across operations and partnerships.

Source: Ransomware.live

April 7th, 2025 (9 days ago)

🏴‍☠️ Hellcat has just published a new victim : P**o***

Description: We have breached a U.S.-based financial services firm. 381GB of sensitive data has been secured. The name will be made public in a few hours. This is a warning.

Source: Ransomware.live

April 7th, 2025 (9 days ago)

CVE-2024-6221

Improper Access Control in corydolphin/flask-cors

Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE

April 7th, 2025 (9 days ago)

Food giant WK Kellogg discloses data breach linked to Clop ransomware

Description: US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. [...]

Source: BleepingComputer

April 7th, 2025 (9 days ago)

Alleged Grubhub Data Breach Exposes 70 Million User Records

Description: Alleged Grubhub Data Breach Exposes 70 Million User Records

Source: DarkWebInformer

April 7th, 2025 (9 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Boulanger - 966,924 breached accounts Description: In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 967k unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. Source: HaveIBeenPwnedLatestBreaches April 8th, 2025 (8 days ago)
	Hackers lurked in Treasury OCC’s systems since June 2023 breach Description: Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. [...] Source: BleepingComputer April 8th, 2025 (8 days ago)
	QSC Employee Database Allegedly Leaked on Breach Forums Description: QSC Employee Database Allegedly Leaked on Breach Forums Source: DarkWebInformer April 8th, 2025 (8 days ago)
	How To Implement Just-In-Time Access: Best Practices and Lessons Learned Description: With the just-In-time (JIT) access control method, privileges are granted temporarily on an as-needed basis. This reduces static entitlements, lowering the risk of compromised accounts and preventing privilege creep. In this blog, we’ll share how we implemented JIT access internally at Tenable using Tenable Cloud Security, and offer recommendations we hope you’ll find useful.Just-in-time access (JIT) is a valuable security practice that allows organizations to limit the time and the scope of users’ access to resources, such as applications and systems. However, implementing JIT access successfully is challenging, as it requires careful planning and ample communication between the security team and all other departments. At Tenable, we went through this process. Here, we share the lessons we learned and the best practices we adopted, as well as explain how you can leverage Tenable Cloud Security when implementing JIT access.Benefits of JIT accessThe most notable benefit of just-in-time (JIT) provisioning is its ability to restrict access duration. By granting permissions only upon request, JIT can reduce identity and entitlement risks by 75% or more in most scenarios. For example, a user who requests permissions for a 40-hour work week will not have access during the remaining 128 hours, thereby significantly minimizing the user’s identity-breach risks.Another significant risk reduction made possible by JIT is the prevention of privilege creep. Over time, users tend to accu... Source: Tenable Blog April 8th, 2025 (8 days ago)
	EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher Description: EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. [...] Source: BleepingComputer April 7th, 2025 (9 days ago)
	🏴‍☠️ Hellcat has just published a new victim : CVTE Description: We have breached the internal systems of Guangzhou Shiyuan Electronic Technology, securing sensitive files that, if exposed, would cause serious disruption across operations and partnerships. Source: Ransomware.live April 7th, 2025 (9 days ago)
	🏴‍☠️ Hellcat has just published a new victim : Po* Description: We have breached a U.S.-based financial services firm. 381GB of sensitive data has been secured. The name will be made public in a few hours. This is a warning. Source: Ransomware.live April 7th, 2025 (9 days ago)
CVE-2024-6221	Improper Access Control in corydolphin/flask-cors Description: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: poc Source: CVE April 7th, 2025 (9 days ago)
	Food giant WK Kellogg discloses data breach linked to Clop ransomware Description: US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. [...] Source: BleepingComputer April 7th, 2025 (9 days ago)
	Alleged Grubhub Data Breach Exposes 70 Million User Records Description: Alleged Grubhub Data Breach Exposes 70 Million User Records Source: DarkWebInformer April 7th, 2025 (9 days ago)