breach

NordVPN Denies Breach Claims, Says Attackers Have “dummy data”

NordVPN denied breach claims, stating attackers accessed “dummy data” from a third-party testing platform, not sensitive information from its servers. A hacker alleged they stole databases with API keys through a brute-force attack, but NordVPN clarified the data was from a test environment unrelated to its actual systems. No real customer data was compromised, and the company had previously enhanced security following past breaches.

https://www.bleepingcomputer.com/news/security/nordvpn-denies-breach-claims-says-attackers-have-dummy-data/

Hackers Claim to Hack Resecurity, Firm Says It Was a Honeypot

Hackers claim to have breached cybersecurity firm Resecurity, stealing data. Resecurity argues it was a planned honeypot, containing only fake information to lure attackers. The group shared alleged screenshots of the breach, while Resecurity states the attackers accessed only synthetic datasets intended for monitoring. Resecurity has tracked the hackers' activity and reported findings to law enforcement.

https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/

Trust Wallet Links $8.5 Million Crypto Theft to Shai-Hulud NPM Attack

, , , ,

Trust Wallet links $8.5M crypto theft to November's Shai-Hulud NPM attack, where an exploit of their Chrome extension enabled unauthorized access to over 2,500 wallets. Attackers used stolen GitHub secrets to inject malicious code into the browser extension's update. Trust Wallet has since revoked API access and started compensating affected users while repelling ongoing impersonation scams. The Shai-Hulud malware campaign compromised numerous npm packages, exposing 400,000 developer secrets.

https://www.bleepingcomputer.com/news/security/trust-wallet-links-85-million-crypto-theft-to-shai-hulud-npm-attack/

US, Australia Say ‘MongoBleed’ Bug Being Exploited

, ,

US and Australian cyber agencies confirmed hackers are exploiting the “MongoBleed” vulnerability in MongoDB systems, first revealed on December 25. CISA added it to their exploited vulnerabilities catalog, requiring federal agencies to patch by January 19. The bug affects many MongoDB versions, enabling unauthorized access to sensitive data. Experts warn about widespread exposure, estimating 42% of cloud environments have vulnerable instances, potentially impacting thousands globally.

https://therecord.media/us-australia-bug-exploitation

Trust Wallet Confirms Extension Hack Led to $7 Million Crypto Theft

, ,

Trust Wallet's Chrome extension was hacked on December 24, leading to $7 million in stolen cryptocurrency. Users reported wallet drain incidents post-update. Trust Wallet confirmed the issue and released a security patch (version 2.69) to resolve it, advising users to update immediately. A phishing campaign targeting affected users also emerged, prompting Trust Wallet to warn about compromised domains. Users should refrain from using version 2.68 and secure their funds by moving them to new wallets.

https://www.bleepingcomputer.com/news/security/trust-wallet-confirms-extension-hack-led-to-7-million-crypto-theft/

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

LastPass's 2022 data breach allowed hackers to exploit weak master passwords, facilitating cryptocurrency thefts lasting into late 2025. TRM Labs linked these activities to Russian cybercriminals using their exchanges to launder over $35 million in stolen assets. Despite attempts to mask transactions with CoinJoin techniques, evidence revealed operational patterns leading to identifications. The breach highlights the lasting vulnerabilities of poor password security, with the U.K. fining LastPass $1.6 million for inadequate protections.

https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html

Backing up Spotify

Anna's Archive has backed up Spotify, creating the largest public music preservation archive with 300TB of data. This includes metadata for 256 million tracks and 86 million music files, covering 99.6% of listens. The archive aims to preserve lesser-known music often overlooked by enthusiasts. While Spotify has a wealth of music, the focus is on retaining and making accessible all types of music, including popular and obscure tracks. The backup will be released through torrents, and the project seeks community support for seeding and donations to protect music heritage.

https://annas-archive.li/blog/backing-up-spotify.html

Major Leak Reveals One of the Largest Lead-gen Databases Ever Exposed

,

A major data leak exposed 4.3 billion records, including LinkedIn-derived personal information, due to an unprotected MongoDB database. Researchers discovered 16TB of data, with details like emails, employment histories, and personal profiles. The leak poses significant security risks, enabling targeted phishing and social engineering attacks, as attackers can exploit this structured and current data. The incident underscores vulnerabilities in data management practices and highlights growing threats from extensive data leaks.

https://cybernews.com/security/database-exposes-billions-records-linkedin-data/

UK Fines LastPass £1.2 Million for Data Breach Affecting 1.6 Million People

,

UK fines LastPass £1.2 million for 2022 data breach affecting 1.6 million users. Two attacks compromised employee data, leading to access of encrypted user information. ICO criticized LastPass for inadequate security measures. No evidence passwords unencrypted but concerns remain about hackers cracking vaults. LastPass acknowledges shortcomings, focusing on enhancing data security.

https://therecord.media/uk-fines-lastpass-over-1-million-data-breach

New ConsentFix Attack Hijacks Microsoft Accounts Via Azure CLI

, ,

ConsentFix attack hijacks Microsoft accounts via Azure CLI without passwords or MFA. It tricks users into submitting OAuth codes through a fake CAPTCHA on compromised sites, giving attackers full access to accounts using Azure authentication. Monitoring for unusual Azure CLI activity is recommended to detect this threat.

https://www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/

The Hidden Cascade: Why Law Firm Breaches Destroy More Than Data

,

Law firms face significant cyberattack risks, with 20% targeted in the past year and average breach costs exceeding $5 million. Attackers are increasingly sophisticated, using tactics that can undermine client privilege and expose sensitive data, especially relating to M&A deals. Current security assessments overlook law firms, leaving businesses vulnerable. The article advocates treating these firms like high-risk technology vendors, proposing specific security measures to mitigate risks associated with data breaches in professional services.

https://www.recordedfuture.com/blog/the-hidden-cascade

OpenAI Discloses API Customer Data Breach Via Mixpanel Vendor Hack

,

OpenAI reported a data breach affecting some API customers due to a Mixpanel hack, disclosing limited identifying information such as names and email addresses. No sensitive data like passwords or payment details were compromised. OpenAI has removed Mixpanel from its services and is investigating the incident, advising affected users to be cautious of potential phishing attempts.

https://www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/

Scroll to Top