Data Breach

A hacker alleges stealing Huawei's source code, dev tools, scripts, and manuals in a major breach, offering them on dark web forums—echoing past espionage fears from U.S. warnings, Vodafone backdoors, and NSA hacks. Investigation ongoing amid global security risks.

LayerX uncovers CometJacking, exploiting Perplexity’s AI browser via malicious URLs to steal Gmail/Calendar data—tricks AI into Base64-encoded exfiltration, bypassing safeguards. Urgent call for AI security-by-design amid rising agentic threats.

A breach at Discord's third-party support vendor leaked personal info like names, emails, IP addresses, limited billing details, and scanned photo IDs for some users—no passwords or full cards affected. Discord is investigating and notifying victims; stay alert for phishing.

The DPDP Act makes employee data protection crucial for India Inc. Learn about compliance, required safeguards (encryption, MFA), and the high cost of data leaks.

A malicious update to the postmark-mcp server injects a hidden BCC to exfiltrate sensitive emails from thousands of organizations. Koi’s risk engine uncovered the attack, highlighting risks in AI-driven MCP tools. Remove version 1.0.16+ and audit MCP servers now.

Microsoft uncovers advanced XCSSET variant infecting Xcode projects for macOS devs—adds Firefox data exfiltration, crypto wallet clipboard swaps via AES-encrypted AppleScripts, and LaunchDaemon persistence. Mitigate with updates, Defender for Endpoint, and domain blocks.

Security scan reveals 150+ popular apps (millions of downloads) with Firebase test mode flaws allowing unauthenticated access to payments, PII, chats, passwords, and GitHub/AWS tokens in Realtime DB, Storage, Firestore, and Remote Config. Learn impacts, OpenFirebase tool, and fixes for ~80% of mobile apps.

Microsoft's September 2025 Patch Tuesday updates disrupt SMBv1 connectivity over NetBT in Windows 11/10 and Servers (2022/2025), exposing legacy risks like EternalBlue/WannaCry. Learn affected systems, security dangers, PowerShell fixes, and migration tips to SMBv2/3.

CISA details threat actors exploiting CVE-2024-36401 in GeoServer for initial access to a U.S. federal network on July 11, 2024, using webshells, dirtycow escalation, and lateral movement—undetected until July 31. Key lessons: Immediate KEV patching, enhanced IR plans, and continuous EDR monitoring.

Average breakout time drops to 18 minutes (June-August 2025, per ReliaQuest), fueled by automation and Oyster malware's abuse of rundll32.exe for DLL loading via scheduled tasks. Learn about Gamarue USB attacks, AI-driven malvertising, and defenses like behavioral monitoring.