ADT
5,488,888 records exposed — Dates of birth, Email addresses, Names, Partial government issued IDs and 2 more
Latest Disclosures
Regulator fines Fidelity Brokerage Services
Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that re
Medtronic
Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to
Energy and Water Management Firm
Itron, which serves utilities and cities around the world, discovered unauthorized access to its systems on April 13. The post Energy and Water Management Firm Itron Hacked appeared first on SecurityWeek.
PyPI package with 1.1M monthly downloads
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
Widely Used Browser Extensions Selling
Dozens of browser extensions openly sell user data via privacy policy disclosures
Udemy
1,401,259 records exposed — Email addresses, Employers, Job titles, Names and 3 more
TH: Hacker steals personal data
The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in
KR: Data of 100,000 leaked
Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after
D-Link DIR-823X
D-Link DIR-823X Command Injection Vulnerability — D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to
SimpleHelp SimpleHelp
SimpleHelp Path Traversal Vulnerability — SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).
Samsung MagicINFO 9 Server
Samsung MagicINFO 9 Server Path Traversal Vulnerability — Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
In Other News
Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security. The post In Other News: Unauthorized Mythos Access, Planke
Hasbro expects March cyberattack to
The toy maker is reviewing files and working to fully bring certain systems back online. The company will incur some costs related to the investigation.
SimpleHelp SimpleHelp
SimpleHelp Missing Authorization Vulnerability — SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be
New BlackFile extortion group linked
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]
China-linked threat actors use consumer
UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that Chin
Zimbra servers vulnerable to ongoing
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
Carnival
7,531,359 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 3 more
UK Biobank Data Breach: Health
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed
RAMP Uncovered
Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alon
RAMP Uncovered
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of h
Marimo Marimo
Marimo Remote Code Execution Vulnerability — Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
Luxury Cosmetics Giant Rituals Discloses
The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses. The post Luxury Cosmetics Giant Rituals Discloses Data Breach appeared first on SecurityWeek.