Data Breaches/Leaks#

Hardcoded Secrets on GitHub
- Date: throughout 2024
- Source: https://cybernews.com/security/developers-hardcoding-secrets-github-risk/
- Reason: Developers hardcoding sensitive information in public repositories.
- Leaked Data: API keys, credentials, authentication tokens.
- Summary: Security researchers warn that developers continue to expose sensitive information in GitHub repositories, increasing risks of unauthorized access.
NASIMS Government Data Leak
- Date: October 20th, 2024
- Source: https://cybernews.com/security/government-data-leak-nasims-citizen-records/
- Reason: Misconfigured database (S3 Bucket).
- Leaked Data: Personal details of citizens, including names, addresses, and identification number, 23 million files.
- Summary: A government database containing sensitive citizen records was found exposed, highlighting poor security practices in public sector organizations.
California Cryobank Data Breach
- Date: April 21st, 2024
- Source: https://cybernews.com/security/sperm-bank-california-cryobank-data-breach/
- Reason: Unauthorized access.
- Leaked Data: Patient and donor information, including medical histories.
- Summary: A sperm bank suffered a data breach, compromising highly sensitive personal and medical records of donors and recipients.
Oberlin Marketing Medicare Data Leak
- Date: October 20th, 2024
- Source: https://cybernews.com/security/oberlin-marketing-medicare-applications-leaked/
- Reason: Unsecured database (S3 bucket).
- Leaked Data: Medicare application data, including personal and health-related details.
- Summary: Medicare applicants’ private information was exposed due to a security misconfiguration in Oberlin Marketing’s systems.

Vulnerabilities#

Facebook Font Rendering Library Exploit
- Source: https://www.openwall.com/lists/oss-security/2025/03/13/2
- Article: https://cybernews.com/security/facebook-hackers-exploit-font-rendering-library/
- Summary: Attackers exploit a vulnerability in a font rendering library used by Facebook to compromise user data.
- CVE: CVE-2025-27363
Apache Tomcat RCE Vulnerability
- Articles:
  - https://cybernews.com/security/critical-apache-tomcat-vulnerability-security-update/
  - https://www.darkreading.com/vulnerabilities-threats/apache-tomcat-rce-vulnerability-exploit
- Summary: A critical remote code execution (RCE) vulnerability in Apache Tomcat exposes servers to potential exploits, urging admins to apply security patches.
- CVE: CVE-2025-24813
Fortinet Critical Vulnerability
- Article: https://www.darkreading.com/cyberattacks-data-breaches/critical-fortinet-vulnerability-draws-fresh-attention
- Summary: A newly discovered Fortinet vulnerability is drawing attention as cybercriminals explore potential exploits against affected systems.
- CVE: CVE-2025-24472

AI#

DeepSeek and AI Malware Generation
- Article: https://cybernews.com/security/deepseek-malware-generation-keylogger-ransomware/
- Summary: DeepSeek AI models can be abused to generate keyloggers and ransomware, raising concerns about AI’s role in cybercrime.
ChatGPT Bug Puts Organizations at Risk
- Article: https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk
- Summary: A vulnerability in ChatGPT is being actively exploited, allowing attackers to access sensitive company data shared in AI interactions.

Risk#

Nation-State Groups Exploiting Windows Shortcut Flaw

Article: https://www.darkreading.com/cyber-risk/nation-state-groups-abuse-microsoft-windows-shortcut-exploit
Summary: State-sponsored hackers are abusing a Windows shortcut vulnerability to execute malware and conduct espionage.

Cybercrime#

Juniper Routers Compromised with TinyShell Malware

Article: https://cybernews.com/security/juniper-routers-attacked-with-tinyshell-malware/
Summary: Juniper routers have been targeted by cybercriminals using TinyShell malware to gain persistent access to networks.

Ukraine Defense Sector Attacked by DarkCrystal RAT

Articles:
- https://cybernews.com/security/dark-crystal-trojan-ukrainians-signal/
- https://www.darkreading.com/cyberattacks-data-breaches/ukraine-defense-sector-attack-dark-crystal-rat
Summary: The DarkCrystal RAT malware is being used in cyberattacks against the Ukrainian defense sector, likely backed by state-sponsored actors.

Denmark Warns of Increased Cyber Espionage in Telecom Sector

Article: https://www.darkreading.com/threat-intelligence/denmark-warns-increased-cyber-espionage-telecom-sector
Summary: Danish authorities report a surge in cyber espionage targeting the telecommunications industry, possibly linked to foreign intelligence agencies.

Malware#

Medusa Ransomware Spreading Rapidly

Article: https://cybernews.com/security/medusa-ransomware-infects-hundreds/
Summary: The Medusa ransomware is infecting hundreds of devices, encrypting data and demanding payment from victims.

Stilachirat Trojan Used for Spying

Article: https://cybernews.com/security/stilachirat-trojan-capabilities-risks-spying/
Summary: A new Trojan named Stilachirat is being used for espionage, with capabilities to exfiltrate sensitive data from infected devices.

VSCode Extensions Used to Deploy Ransomware

Article: https://www.bleepingcomputer.com/news/security/vscode-extensions-found-downloading-early-stage-ransomware/
Summary: Malicious VSCode extensions have been discovered deploying early-stage ransomware, posing a threat to developers.

Titbits#

Snowden Warns About New Ransomware Extortion Tactics

Article: https://cybernews.com/security/ransomware-snowden-threat-extortion-tactics/
Summary: Edward Snowden warns of evolving ransomware tactics, where attackers threaten to release stolen data even after ransom payments.