In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.
Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia.
FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.
By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat’s session storage and gain control.
Overwhelmed AppSec teams are turning to agentic AI to handle the tedious manual work of security reporting, threat modeling, and code reviews, but successful implementation requires careful human oversight.
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed “Puppygirl Hacker Polycule”, the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.