Geek-Guy.com

Tag: exposed

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Carnival Data Breach Impacts Nearly 6 Million Customers

A data breach at Carnival Corporation has exposed the personal information of nearly six million individuals, showing the continued effectiveness of social engineering attacks against large enterprises.  The company confirmed that threat actors gained access to portions of its network in Apr. 2026, resulting in the theft of customer data. “On April 14, 2026, the…

Read more →

AI, Apps, Exploits, Global Security News, malware

19.6 Billion Files Are Sitting Open on the Internet. No Password Required

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage…

Read more →

AI, china, Compliance, Global Security News, privacy, Risk Management, Russia

The Hidden Ransomware Economy Running on Exposed Databases

A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories that usually grab headlines. There’s no slick branding, no leak-site countdown, no gang posting memes on Telegram. In most cases, there’s just a…

Read more →

AI, Data Breaches, Global Security News

Personal information of 185,000 people exposed after cyberattack on 7-Eleven

Data belonging to about 185,000 people was exposed following a cyberattack on convenience store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang, according to Have I Been Pwned. The exposed information includes email addresses, names, physical addresses, dates of birth, and phone numbers, while a small number of records also contained additional…

Read more →

AI, Europe, Global Security News, Network Security, privacy, Russia

Global law enforcement operation takes First VPN offline

Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy

Contractor’s public GitHub account exposed GovCloud and CISA credentials

Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend, acting on a tip from researcher Guillaume Valadon at GitGuardian. Valadon confirmed the information…

Read more →

AI, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management

CISA GitHub Leak Exposes AWS GovCloud Secrets 

A public GitHub repository tied to a CISA contractor reportedly exposed sensitive AWS GovCloud credentials, plaintext passwords, and internal deployment files.  Researchers said the exposure may have provided privileged access to multiple internal systems and cloud environments before the repository was removed.  “Passwords stored in plain text in a csv, backups in git, explicit commands…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Risk Management

Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…

Read more →

AI, Cybersecurity, Global Security News

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos online. The issue came from a misconfigured Amazon cloud storage bucket that was left…

Read more →

AI, Apps, Data Breaches, Global Security News, malware, Risk Management

OpenAI hit by supply chain attack linked to malicious TanStack packages

OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, Network Security

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider used by Inditex, the Spanish fashion giant behind some of the world’s most recognized retail brands…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Funding, Global Security News, Government & Policy, Risk Management, Venture

A DOD contractor’s API flaw exposed military course data and service member records

A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according to an account published by Strix, an open-source autonomous security testing project. The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix,…

Read more →

AI, Cybersecurity, Global Security News, malware, Network Security

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted

Read more →

AI, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy

Educational tech firm Instructure data breach may have impacted 9,000 schools

Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS).  The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external…

Read more →

AI, Exploits, Global Security News, Risk Management

Carding service Jerry’s Store leak exposes 345,000 stolen payment cards

Jerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open, revealing sensitive data. A cybercriminal operation known as Jerry’s Store has reportedly exposed a large cache of stolen payment card data after leaving its own infrastructure accessible online. The service appears to have been used to test…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Network Security, Risk Management

ClickUp Data Leak Exposes Enterprise Emails for Over a Year 

A hardcoded API key embedded in ClickUp’s public website has quietly exposed hundreds of corporate and government email addresses for more than a year. The flaw, first reported in early 2025, remained active as of April 2026 — allowing anyone to access sensitive data with a simple request and no authentication. “I went to http://clickup[.]com,…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines 

A supply chain attack targeting Checkmarx tooling has exposed developer environments.  Attackers pushed malicious Docker images and tampered extensions capable of stealing credentials and other sensitive data.  This “… continues a dangerous trend that’s accelerated over the past month: CI/CD pipelines have become the new perimeter,” said Eli Woodward, Cyber Threat Intelligence Advisor at Team…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security

Azure SRE Agent flaw let outsiders silently eavesdrop on enterprise cloud operations

A high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog post describing how agent interactions could be accessed without proper authentication controls. The vulnerability has…

Read more →

AI, Global Security News, Network Security, Risk Management

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement action that dismantled 53 domains linked to DDoS-for-hire services used by over 75,000 cybercriminals. Authorities arrested four suspects, seized infrastructure, and gained access to databases containing more than…

Read more →

AI, Data Breaches, Global Security News, Network Security

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data breach affecting about 337,000 people. The attack, carried out by the Rhysida group, involved…

Read more →

AI, Data Breaches, Europe, Global Security News

Personal data of 1 million gym members compromised in Basic-Fit security incident

A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and…

Read more →

AI, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

EngageLab SDK flaw opens door to private data on 50M Android devices

A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Europe, Global Security News, Network Security

Eurail data breach impacted 308,777 people

Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information. Threat actors breached Eurail in December 2025 and stole names and passport numbers from its network. The company now notifies 308,777 people that attackers exposed their personal data, raising concerns about identity theft and misuse of sensitive…

Read more →

AI, Data Breaches, Global Security News

113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs

MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users. MyLovely.AI allows people to create personalized not safe for work (NSFW) content and engage in real-time conversations with AI-generated companions, often involving highly personal prompts and interactions. According to Have I Been Pwned, the breach exposed email addresses, user-created prompts, links…

Read more →

AI, Europe, Exploits, Global Security News, malware, Network Security, Risk Management

Internet-Exposed ICS Devices Raise Alarm for Critical Sectors

Exposed ICS devices and insecure protocols like Modbus increase risks to critical infrastructure, enabling disruption, data access, and potential sabotage. Malware targeting industrial control systems (ICS) poses a serious risk to critical infrastructure, with threats like Stuxnet, Industroyer, Triton, Havex, and BlackEnergy already demonstrating the ability to disrupt operations, cause outages, and even inflict physical…

Read more →

AI, Cybersecurity, Europe, Exploits, Global Security News

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521. Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers actively exploiting the critical remote code execution vulnerability CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), the nonprofit security organization Shadowserver warns. The vulnerability in BIG-IP…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Global Security News, malware, Network Security, Risk Management

European Commission breach exposed data of 30 EU entities, CERT-EU says

CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Anthropic employee error exposes Claude Code source

An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic’s open npm registry account, a risky mistake, says an AI expert. “A compromised source map is a security risk,” said US-based cybersecurity and…

Read more →

AI, Data Security, Global Security News

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused some customers to see other users’ account activity within the app, prompting the bank to…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management

CareCloud Incident Exposes Patient Data, Disrupts EHR Systems

An attack on healthcare IT provider CareCloud has exposed sensitive patient data and temporarily disrupted access to critical systems, highlighting ongoing risks facing digital healthcare infrastructure. We are “… continuing to investigate the nature and scope of the incident. The affected environment stores patient information, and the Company continues to assess whether, and the extent…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, privacy

Recent Navia data breach impacts HackerOne employee data

A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that a data breach at Navia Benefit Solutions exposed the personal information of nearly 300 of its employees. The incident stems from an attack on the third-party benefits provider, highlighting how breaches at external partners can…

Read more →

AI, Data Breaches, Global Security News

Navia data breach impacts nearly 2.7 Million people

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident. Navia Benefit Solutions is a U.S.-based company that provides…

Read more →

AI, Global Security News, malware, Network Security

North Korean fake IT worker tradecraft exposed

Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams. GitLab banned 131 North Korean-attributed accounts last year, most of which involved JavaScript repositories that acted as resources in the so-called Contagious Interview campaign. In most cases, GitLab projects acted as obfuscated loaders for malware payloads — such as BeaverTail…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News

Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients

A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, Russia

The Coruna exploit: Why iPhone users should be concerned

A new iPhone-hacking exploit has exposed the uncomfortable truth that when governments build offensive attacks, they eventually come for all of us. Revealed by Google’s Threat Intelligence Group (GTIG) and iVerify, the Coruna exploit can compromise iPhones running iOS 13 through to iOS 17.2.1, though Apple has secured its systems against this threat in iOS 26. What Coruna does Coruna…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management

Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals

A ransomware attack on the University of Hawaiʻi Cancer Center exposed personal data of 1.2 million people. A 2025 ransomware attack targeting the University of Hawaiʻi Cancer Center compromised the personal information of about 1.2 million individuals. The attack hit the University of Hawaiʻi Cancer Center on August 31, 2025, impacting servers that support research…

Read more →

AI, Apps, Data Breaches, Global Security News, malware, Network Security, Risk Management

South Korean Tax Agency Leak Leads to $4.8M Crypto Theft

A public press release intended to highlight a tax enforcement victory instead exposed millions in confiscated cryptocurrency.  South Korea’s National Tax Service (NTS) inadvertently revealed the mnemonic seed phrase of a seized Ledger hardware wallet, enabling an unknown actor to transfer approximately $4.8 million in digital assets.  “The thief first deposited a small amount of…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

12.4 Million Accounts Exposed in CarGurus Leak

Millions of CarGurus users may have had their personal and financial data exposed after a notorious threat actor group published a massive dataset allegedly stolen from the automotive marketplace.  Attributed to the ShinyHunters extortion group, the leak includes 12.4 million records with about 70% of those being new data. “The ShinyHunters extortion group has published…

Read more →

AI, Apps, Data Breaches, Global Security News

PayPal discloses extended data leak linked to Loan App glitch

PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers’ business contact details (name, email, phone number, address), along…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management

XSS Bug in VS Code Extension Exposed Local Files

A widely used Microsoft Visual Studio Code (VS Code) extension quietly exposed millions of developers to potential local file exfiltration through a cross-site scripting (XSS) flaw.  The issue affected the official Live Preview extension — downloaded more than 11 million times — and allowed malicious websites to interact with a developer’s localhost environment.  An “……

Read more →

AI, Endpoint, Global Security News, Network Security, privacy, Risk Management

A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more

A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management

Odido CRM Data Breach Exposes 6.2M Customer Records

A major Dutch telecom provider is warning customers after a cyberattack exposed personal data tied to millions of accounts.  Odido Telecom confirmed that attackers gained unauthorized access to its customer database, impacting roughly 6.2 million customers.  “This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information…

Read more →

AI, Breaking News, cyber crime, data breach, Data Breaches, Global Security News, hacking, Security

ApolloMD data breach impacts 626,540 people

A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices. ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties…

Read more →

AI, Breaking News, cyber crime, data breach, Data Breaches, Global Security News, Government & Policy, Network Security, Security

Volvo Group hit in massive Conduent data breach

A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly […]

Read more →

AI, Breaking News, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, hacking, hacking news, intelligence, Security

Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Hundreds of Malicious Skills Found in OpenClaw’s ClawHub

A routine question about trust exposed a far more serious problem when researchers discovered hundreds of malicious skills hidden inside a widely used AI agent marketplace.  Koi researchers analyzed ClawHub, the third-party skill repository for OpenClaw, and found that threat actors had quietly turned the ecosystem into a large-scale malware distribution channel. We found “……

Read more →