Data Leak
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. The data exposure was due to a logic flaw in the MCP system and not the result of a hack, […]
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction. The attack was devised by Aim Labs researchers in January 2025, who reported their findings to Microsoft. The tech giant assigned the CVE-2025-32711 identifier to the information disclosure flaw, rating […]
Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers
A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. AT&T told GeekFeed that they are investigating the data but also believe it originates from the known breach and was repackaged into […]
Interlock ransomware claims Kettering Health breach, leaks stolen data
The Interlock ransomware gang has claimed a recent cyberattack on the Kettering Health healthcare network and leaked data allegedly stolen from breached systems. Kettering Health employs over 15,000 people, including more than 1,800 physicians, and it manages 14 medical centers and over 120 outpatient facilities in western Ohio. The nonprofit organization disclosed a cyberattack on May […]
Coinbase breach tied to bribed TaskUs support agents in India
A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. According to Reuters, who spoke to numerous TaskUs employees, the data breach was first discovered in January after a TaskUs employee was caught capturing photos of […]
VanHelsing ransomware builder leaked on hacking forum
The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. VanHelsing is a RaaS operation launched in March 2025, promoting the ability to target Windows, Linux, BSD, ARM, and ESXi systems. Since then, the operation has shown […]
Australian Human Rights Commission leaks docs to search engines
The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. Many of the hundreds of documents exposed online contained private, sensitive information, like names, contact information, health details, schooling, religion, employment info, and photographs. AHRC is an independent statutory body established by the […]
New Intel CPU flaws leak sensitive data from privileged memory
A new “Branch Privilege Injection” flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. Typically, these regions are populated with information like passwords, cryptographic keys, memory of other processes, and kernel data structures, so protecting them from leakage is crucial. According to ETH […]
Hacker ‘NullBulge’ pleads guilty to stealing Disney’s Slack data
A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney‘s internal Slack channels and stealing over 1.1 terabytes of internal company data. According to the U.S. Department of Justice, a 25-year-old named Ryan Kramer created a malicious program in early 2024 that was promoted as an AI image generation tool on […]
Interlock ransomware claims DaVita attack, leaks stolen data
The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. DaVita is a Fortune 500 kidney care provider with more than 2,600 U.S. dialysis centers, 76,000 employees in 12 countries, and an annual revenue exceeding $12.8 billion. The healthcare company disclosed to the U.S. […]