An unsecured server at Vyro AI (ImagineArt, Chatly, Chatbotx) exposed 116GB of live logs incl. prompts + bearer tokens—putting millions at risk of account takeovers & chat/image access. Sign out everywhere & reset logins. #Privacy
Carter Credit Union breach: attackers in systems Jun 25–Jul 2. >68k people affected. Exposed: names, DOBs, SSNs, IDs/passports, card & account numbers, even some medical/insurance info. Monitor accounts, freeze credit, beware phishing. #DataBreach
Spotify DM privacy risk: shared song links include unique ?si= IDs tied to your account—linking past shares across apps and potentially exposing your real identity. No clear opt-out yet. Tips: disable DMs, remove photo, use an alias. #Privacy
252M identity records exposed across 7 countries (TR, EG, SA, UAE, MX, ZA, CA) via three misconfigured servers in Brazil/UAE. Data included ID numbers, DOB, contacts, addresses. High risk of fraud/impersonation—monitor accounts & beware phishing. #DataLeak
CISA adds to KEV: active exploits for (1) TP-Link TL-WA855RE V5 Wi-Fi extender (CVSS 8.8—factory-reset ➜ admin takeover; update firmware) and (2) a WhatsApp iOS/Mac bug abused in spyware. Retire old gear & update WhatsApp now.
Pennsylvania Attorney General hit by ransomware. 3 weeks on: systems coming back; ~1,200 staff across 17 offices using workarounds. Some court deadlines extended; prosecutions not derailed. What data was accessed is still unknown; no ransom paid. #Ransomware
Hackers claim live access to AT&T, enabling SIM swaps & reading SMS 2FA codes; say ~24M customers affected. Claims unverified; AT&T response pending. If you’re on AT&T: set a port-out PIN, avoid SMS 2FA, switch to app/hardware keys.
Germany is the #1 target for dark-web/ransomware activity. SOCRadar data: 🇩🇪 accounts for 20.68% of stealer-log records; 74.6% of dark-web posts target Germans alone. Manufacturing is hit hardest—tighten defenses now. #CyberSecurity#Ransomware
$89M BTC theft: A victim lost 783 BTC on Aug 19 after scammers impersonated exchange and hardware-wallet support. Funds routed via Wasabi. Data breaches make targeting easy—treat unsolicited “support” as scams and never share codes. #CryptoSecurity
Whitehat found FOUR Intel internal systems leaking data—incl. an auth bypass that returned a 1GB JSON of ~270K employees, hardcoded creds, and access to supplier docs. Reported Oct ’24; fixed in ~90 days. He got an auto “thanks.” Intel later expanded bounty scope. #infosec
Hackers claim a dump of 15.8M PayPal logins (emails + plaintext passwords) is for sale on a leak forum, allegedly from May. Cybernews couldn’t verify and says it may be infostealer data. Change reused passwords & enable MFA now. #CyberSecurity#PayPal
NY AG sues Zelle, alleging security lapses enabled >$1B in consumer fraud. The suit says parent Early Warning Services (owned by 7 major banks) ignored basic safeguards; it seeks stronger protections & restitution. Stay alert for Zelle phishing/unauthorized transfers.
MagentaTV (Deutsche Telekom) leak: 324M+ log entries (729GB) with IP/MAC, session & customer IDs were exposed via an ad platform for months. Leak is now closed—watch for phishing and sign out of active sessions. #DataLeak#CyberSecurity
🚨 Passkeys ��� invincible. Proofpoint: phishers can force a downgrade when services still allow legacy logins—spoof an unsupported browser/OS, push users to password/MFA, then steal creds + session. Lock down fallbacks & require passkeys where possible. #CyberSecurity
Columbia University data breach: >868,000 people exposed after a May 16 intrusion. Leaked data may include SSNs, DOBs, contact + academic/aid info; CUIMC patient records unaffected. Freeze credit & watch for phishing. #DataBreach
🚨 TeaOnHer leak: A week after launch, flaws exposed usernames, emails, selfies & driver’s-license images via public URLs (per TechCrunch). ~53k users may be affected. Avoid the app, delete your data if possible, and watch for phishing. #Privacy#DataLeak
🚨 Chanel confirms a Salesforce data breach: the ShinyHunters gang accessed U.S. customer contact info (names, emails, phone numbers) last month.
🔍 Check your accounts for suspicious activity & watch for phishing.
#DataBreach#CyberSecurity
🚨 JSCEAL malvertising: 35K+ fake crypto app ads in H1’25 hit 10M+ users, deploying stealthy malware to steal credentials & private keys. Most AVs miss it. Update your antivirus & install apps only from official sites. #CryptoSecurity