Category data-breaches

Salesforce Shuts Down Klue App Integration Following OAuth Token Misuse Exposing Customer Data

Salesforce Disables Klue Integration Following Security Incident Salesforce has temporarily halted the integration of the Klue Battlecards app within its platform due to a security incident affecting Klue on June 11, 2026. This decision restricts organizations from connecting to Salesforce via the app until further notice, as detailed in an…

Read MoreSalesforce Shuts Down Klue App Integration Following OAuth Token Misuse Exposing Customer Data

U.S. Government Pays Kairos $1 Million in Data Theft Extortion Settlement

A recent case study from Rakesh Krishnan at Ransom-ISAC reveals that a U.S. governmental entity disbursed approximately $1 million to prevent the public release of compromised files. The insights stem from leaked negotiation transcripts and the digital footprint of the transaction on the blockchain. The group demanding the payment identifies…

Read MoreU.S. Government Pays Kairos $1 Million in Data Theft Extortion Settlement

Court Filing Reveals Windows Device ID Aided FBI in Tracking Alleged Scattered Spider Hacker

Alleged Hacker Linked to High-Profile Jewelry Store Breach U.S. prosecutors have identified a 19-year-old Estonian-American hacker as a key player in a breach at a luxury jewelry retailer, utilizing a persistent Windows device ID to track his activities during the incident. This information emerged from a recently unsealed federal complaint…

Read MoreCourt Filing Reveals Windows Device ID Aided FBI in Tracking Alleged Scattered Spider Hacker

Exploiting Funnel Builder Vulnerabilities for WooCommerce Checkout Skimming

Critical Vulnerability Discovered in WordPress Funnel Builder Plugin A significant security vulnerability affecting the Funnel Builder plugin for WordPress has been actively exploited, allowing malicious actors to inject harmful JavaScript code into WooCommerce checkout pages. This alarming situation has raised concerns over the potential theft of sensitive payment information from…

Read MoreExploiting Funnel Builder Vulnerabilities for WooCommerce Checkout Skimming

Grafana GitHub Breach: Source Code Exposed Through TanStack npm Attack

Grafana Labs Confirms Limited Data Breach Following GitHub Incident On May 19, 2026, Grafana Labs announced the results of an investigation into a recent security breach. The company clarified that there was no evidence indicating that customer production systems or operations had been compromised. Instead, the incident was confined to…

Read MoreGrafana GitHub Breach: Source Code Exposed Through TanStack npm Attack

GitHub Internal Repositories Compromised by Malicious Nx Console VS Code Extension

GitHub has confirmed a significant breach of its internal repositories, attributed to a compromised employee device that was infected with a malicious version of the Nx Console, a Microsoft Visual Studio Code extension. This incident underscores the vulnerabilities present in commonly used development tools, raising concerns among software developers and…

Read MoreGitHub Internal Repositories Compromised by Malicious Nx Console VS Code Extension

Severe Gogs RCE Vulnerability Allows Any Authenticated User to Execute Arbitrary Code

A significant security vulnerability has emerged in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code under specific conditions. This flaw, rated 9.4 on the CVSS scale, has not yet been assigned a Common Vulnerabilities and Exposures (CVE) identifier, raising concerns about its oversight in the…

Read MoreSevere Gogs RCE Vulnerability Allows Any Authenticated User to Execute Arbitrary Code

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Compromise Universities

In a significant cybersecurity breach, the ShinyHunters group has exploited a previously unaddressed vulnerability in Oracle PeopleSoft to infiltrate enterprise systems. Their campaign has primarily targeted universities, leveraging the exploit to extract sensitive data while demanding ransom payments for its confidentiality. The operation was observed between May 27 and June…

Read MoreShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Compromise Universities

FBI and Europol Take Down LeakBase Forum for Trading Stolen Credentials

A significant law enforcement initiative has led to the shutdown of **LeakBase**, one of the largest cybercriminal forums globally, where illicit transactions involving stolen data and cybercrime tools were rampant. As reported by the U.S. Department of Justice (DoJ), the LeakBase forum boasted a membership exceeding 142,000, with over 215,000…

Read MoreFBI and Europol Take Down LeakBase Forum for Trading Stolen Credentials