News

TamperedChef serves bad ads, with infostealers as the main course

Bys s January 16, 2026

Sophos X-Ops explores a malvertising campaign that leverages Google Ads to distribute an infostealer

Categories: Threat Research

Tags: TamperedChef, EvilAI, infostealer, Sophos X-Ops

News

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Bys s January 20, 2025

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. “Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration…

Read More Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
News

American Addiction Centers Data Breach Impacts 422,000 People
By December 24, 2024

American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach. The post American Addiction Centers Data Breach Impacts 422,000 People appeared first on SecurityWeek.

Read More American Addiction Centers Data Breach Impacts 422,000 People
News

ShinyHunters sent Google an extortion demand; Shiny comments on current activities
Bys s August 8, 2025

Yesterday morning, DataBreaches woke up to a message on Telegram: Even the NSA can’t stop or identify us anymore. The FBI and everyone else is irrelevant and incompetent as far as we’re concerned :). When DataBreaches asked ShinyHunters if anything in particular had inspired that statement, “Shiny1” responded: I heard the NSA is investigating and…

Read More ShinyHunters sent Google an extortion demand; Shiny comments on current activities
News

No need to hack when it’s leaking: OrthoMinds edition
Bys s March 21, 2025

Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident. Marianne Kolbasuk McGee reports: A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last…

Read More No need to hack when it’s leaking: OrthoMinds edition
News

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Bys s November 24, 2025

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz. “The campaign introduces a new…

Read More Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
News

PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom
Bys s October 4, 2025

As noted on Reddit, PowerSchool appears to have been one of many victims of the Salesloft Drift/Salesforce campaign by Scattered LAPSUS$ Hunters. Like many other victims, PowerSchool did not disclose the incident publicly, but they did, however, post a notice in their closed users group. The notice was removed shortly thereafter, and several people have……

Read More PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom

Similar Posts