Updates and analysis on data breaches.
SentinelOne SentinelLABS and Censys discovered 175,000 publicly accessible Ollama AI servers operating without authentication across 130 countries. The servers form a massive unmanaged layer of AI infrastructure running outside corporate security controls.
Read more
Oleg Nefedov, a 35-year-old Russian national, has been added to the EU Most Wanted and INTERPOL Red Notice lists as the alleged leader of Black Basta ransomware. Ukrainian and German authorities identified two Ukrainian accomplices who worked as password crackers for the group.
Read more
Malicious Chrome extensions posing as enterprise productivity tools stole authentication credentials from Workday, NetSuite, and SAP SuccessFactors users. The extensions extracted session cookies every 60 seconds and blocked access to security management pages.
Read more
Amazon stopped 1,800 North Korean operatives from infiltrating its workforce, exposing how remote hiring and broken digital identity systems are being weaponised.
Read more
In a 2023 action, the FTC said Ring allowed employees to spy on private footage and ignored basic security, enabling hackers to hijack home cameras.
Read more
Flock Safety exposed dozens of Condor cameras filming unattended children and lone adults directly to the internet. Predators accessed live video and full archives with no login or trace.
Read more
AI browsers combine instruction-following models with direct access to sensitive systems, creating failure modes vendors admit cannot be eliminated.
Read more
Attackers are using stolen AWS credentials to spin up massive cryptomining workloads within minutes, draining accounts without exploiting any AWS vulnerability.
Read more
Ethical AI depends on consent and accountability. Under state control, AI becomes a system for scaling repression, not protecting rights.
Read more
A Google featured browser extension with millions of users silently intercepted AI chats across major platforms and exported them to analytics servers as a business model.
Read more
A 19 year old breached nine companies and sold 64 million identity records. The real failure is the companies that collected that data in the first place.
Read more
The December patches show a shift. Zero-days no longer live only in Windows. They now live inside IDEs, AI assistants and the autocomplete layer that touches your entire workflow.
Read more
Shanya proves stealth is now a commodity. Ransomware gangs no longer build their own evasion. They rent it and walk straight past EDR tools still relying on a broken Windows trust model.
Read more
A new peer reviewed study shows enormous VPN brands lying about ownership, hard coding encryption keys, and quietly piping user data through insecure tunnels. The rot is systemic and it has been hidden behind Singapore shell companies and marketing gloss.
Read more
Thirty vulnerabilities in AI coding tools show how prompt injection and auto approved actions can escalate into data theft and remote code execution. Every major AI IDE tested was vulnerable.
Read more
Chinese state-linked groups like Earth Lamia and Jackpot Panda exploited CVE-2025-55182 in React Server Components within hours of its December 3 2025 disclosure. This unauthenticated RCE flaw gives attackers full server access without logins
Read more
Petco exposed customer data after a misconfigured app left files accessible online. The real failure is the industry wide habit of collecting information it cannot defend.
Read more
A SonicWall weakness let ransomware actors infiltrate Marquis Software Solutions and extract sensitive data from 74 US banks and credit unions. This attack shows what happens when a single vendor becomes a quiet central point of failure.
Read more
CISA just added an old OpenPLC ScadaBR XSS bug to the KEV list after a pro Russian crew used it in the wild. If your HMI is on the internet with default creds, you are the low hanging fruit.
Read more
The Federal Court issued a five point eight million penalty against Australian Clinical Labs for a breach affecting 223000 people. It confirms that companies guarding sensitive data keep failing while regulators act only after the damage is permanent.
Read more
Researchers scraped 3.5 billion WhatsApp profiles using WhatsApp’s own contact discovery feature. No hack. No breach. Just a system that exposes too much data by design.
Read more
A contractor leaked over seventy thousand government ID images tied to Discord accounts. Safety laws created the target.
Read more