All articles tagged with #data theft
Anthropic says three Chinese labs used a distillation technique to siphon Claude's capabilities through about 16 million exchanges and 24,000 fake accounts, circumventing export controls and raising national-security concerns; OpenAI has issued similar charges, prompting calls for coordinated industry and government action to counter illicit access and safeguard safety guardrails.
Oracle released an emergency patch for a critical vulnerability (CVE-2025-61882) in its E-Business Suite, which has been exploited by the Cl0p ransomware group in recent data theft attacks. The flaw allows remote code execution without authentication, and indicators suggest involvement of the LAPSUS$ group. Organizations are advised to check for compromises, as exploitation has already occurred.
Oracle has issued a critical security update for a zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, actively exploited by the Clop ransomware gang to steal data. The flaw allows unauthenticated remote code execution and has been linked to recent data theft attacks, with threat actors sharing exploit code and indicators of compromise. Oracle urges immediate patching to prevent further exploitation.
The FBI has issued alerts about two cybercriminal groups, UNC6040 and UNC6395, targeting Salesforce platforms through various methods, including OAuth token exploitation and vishing campaigns, leading to data theft and extortion activities, with threat groups like ShinyHunters potentially re-emerging after a recent shutdown.
China's Salt Typhoon cyberattack, spanning years and targeting over 80 countries, may have stolen data from nearly every American, highlighting China's advanced cyber capabilities and potential for global surveillance.
Federal and state officials are investigating a ransomware attack in Nevada that disrupted key government services and resulted in data theft, with ongoing efforts to analyze the stolen information and restore security, involving CISA and FBI assistance.
Researchers have discovered a new AI attack that embeds hidden instructions in images through downscaling, which can lead to data theft and unauthorized actions when processed by AI systems. The attack exploits artifacts created during image resampling to hide malicious prompts that are interpreted by AI models, potentially compromising user data and system integrity. Mitigation strategies include imposing image dimension limits, providing preview feedback, and requiring user confirmation for sensitive operations. The researchers also released an open-source tool to demonstrate the attack.
Over 1,000 CrushFTP servers are vulnerable to hijack attacks due to a critical security flaw (CVE-2025-54309) affecting versions below 10.8.5 and 11.3.4_23, with attackers exploiting the bug for potential data theft and unauthorized access. The vendor recommends updating and monitoring logs, as unpatched servers remain at risk, and ongoing attacks have been observed in the wild.
Aflac disclosed a cybersecurity breach likely caused by the Scattered Spider group, targeting insurance companies across the U.S., potentially exposing sensitive personal and health information. The company responded quickly, confirming no ransomware impact and continuing normal operations, while external experts investigate the incident.
A malware campaign targeting Minecraft players involves malicious GitHub repositories masquerading as mods, delivering Java loaders that download second-stage stealers capable of exfiltrating credentials, tokens, and system information, affecting over 1,500 devices and highlighting risks in gaming communities.
Researchers have uncovered over 70 malicious npm and VS Code packages used for data theft, cryptomining, and destructive payloads, with threat actors deploying sophisticated techniques including masquerading as legitimate tools, evading sandbox detection, and using multi-stage infection chains to compromise developers' systems and steal sensitive information.
A new Android banking malware called SoumniBot is evading detection by exploiting weaknesses in the Android manifest extraction and parsing procedure, allowing it to steal information from infected devices. The malware uses three different methods to manipulate the manifest file's compression and size, tricking Android's parser and evading security checks. SoumniBot targets Korean users, hides its icon after installation, and remains active in the background, uploading data from the victim. Kaspersky has informed Google about the evasion methods, and provides indicators of compromise for the malware.
The Minnesota Timberwolves executive had a hard drive stolen containing "strategic NBA information" that was later copied, leading to legal charges being filed.
Researchers have developed an AI worm, named Morris II, capable of infiltrating AI models like ChatGPT and Gemini, spreading malware, and potentially stealing data without the need for user interaction. By exploiting prompts in AI models, the worm can automatically send infected emails, steal personal data, and launch spam campaigns. This development raises concerns about the potential for new types of cyberattacks as AI assistants become more integrated into various devices and systems.
Epic Games denies any evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached their servers. The group, which also claimed to have breached other organizations, has been attempting to sell allegedly stolen data but has not provided any proof of the veracity of their claims. Security researchers believe the threat actors may be attempting to scam buyers with fake data, and no samples of any ransomware encryptor have been found linking them to encryption attacks.