VTEX Cloud Misconfig Exposes E-commerce Customer Data
A misconfigured VTEX cloud bucket exposed personal data of over 6 million shoppers, revealing major gaps in vendor cloud security and breach response.
Category: Data Breaches
Read More
ParkMobile to Compensate Breach Victims With $1 Parking Credit
ParkMobile breach victims will receive a $1 parking credit as part of a 2025 class-action settlement. The 2021 incident exposed 21 million user records.
Salesforce Customers Targeted by Data-Theft Extortion Campaign
Hackers exploited OAuth tokens in third-party Salesforce integrations, stealing CRM data and extorting affected customers. Salesforce urges clients to rotate credentials.
Huawei Data Breach Exposes Partner and Employee Information
Huawei confirmed a data breach stemming from a compromised vendor system, exposing partner and employee records. Security experts warn of new supply-chain risks.
Cisco Firewalls at Risk as Red Hat Reports GitLab Security Incident
Despite Cisco’s warnings, many ASA/FTD firewalls remain vulnerable. Simultaneously, threat actors claim they breached Red Hat’s GitLab instance. This article merges both crisis points and guides the fixes.
South Korea’s Cybersecurity Under Fire After Another Major Breach
South Korea’s cybersecurity faces unprecedented strain after months of continuous data breaches across public and private sectors, revealing deep governance and policy flaws.
CometJacking Turns Browser Sessions into Covert Proxy Channels
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
Discord Support Partner Compromised, Users’ Details Exposed
A third-party customer support vendor connected to Discord suffered a data breach that exposed personal information. Attackers accessed the vendor’s ticketing system and obtained names, email addresses, usernames, and in some cases scanned government-issued IDs. Crucially, Discord confirmed that its internal infrastructure remained unaffected. Nevertheless, the event underscores the risks created when organizations depend on…
How Detour Dog Exploits DNS TXT for Advanced Malware Delivery
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.
Hackers Breach Intelliloan, Expose SSNs and Driver’s Licenses
Intelliloan has notified customers of a March 2025 hack that exposed sensitive PII such as Social Security numbers, driver’s licenses, and financial data across its systems.