Data Security

Application Security
Socket Finds 17 Malicious Payment SDKs Stealing AWS Keys via npm, PyPI
Socket found 17 malicious npm and PyPI packages impersonating Paysafe, Skrill, and Neteller SDKs that stole AWS keys and payment credentials while returning fake success ...
Cybersecurity
NHS Forth Valley Employee Emails Maternity Data to Personal Account
NHS Forth Valley disclosed a breach after a staff member emailed maternity patient data, including NHS numbers and pregnancy records, to a personal account.
Cybersecurity
Accenture Confirms Breach After Hacker Lists 35 GB for Sale
Threat actor '888' listed 35 GB of Accenture source code, RSA keys, SSH keys, and Azure access tokens for sale on a criminal forum in ...
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
India's IDRBT domain registry for the RBI-mandated .bank.in namespace exposed 5,576 bank employees' credentials through 33-plus unauthenticated API endpoints.
Application Security
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font files since 2021.
Application Security
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
Hijacked npm and Go packages exploit VS Code's MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform Python infostealer.
Cybersecurity
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Thalha Jubair and Owen Flowers pled guilty to the 2024 Scattered Spider hack of Transport for London, causing GBP 29M in damage and exposing customer ...
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Application Security
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Four critical Dify vulnerabilities named DifyTap allow cross-tenant access to private AI chats, uploaded files, and internal APIs. Patched in version 1.14.2.
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.