Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.
Aaron Costello and Dan Meged, of the AppOmni and Adaptive Shield security shops respectively, separately published their findings this week, concluding that pages set to "private" could still be read by tinkering with a ServiceNow customer's KB widgets.
These widgets are essentially containers of information used to construct the pages in KB articles. These can include page elements that allow users to leave feedback on articles, either through star ratings or comments, for example.
The personal information of a million individuals was leaked online following a ransomware attack that in June hit NHS hospitals in London.
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
Thousands of records belonging to Confidant Health exposed on a non-password-protected database, including ID, insurance, medicaid cards, and more.
An investigation has been launched after a data breach led to the details of current and former Police Ombudsman staff members being accidently released.
The Police Ombudsman (PONI) has apologised for the data leak incident involving 160 current and former staff.
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum.
The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.
Company says it is unable to identify specific individuals affected by one of the largest breaches in Australian history
Group critical of AI-generated art says it has obtained swaths of data from Disney’s Slack channels
A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped—but some risks may remain.
Diverse persone tra le decine di migliaia coinvolte nel grave attacco informatico di maggio scorso hanno contattato l'azienda, che però non ha ancora risposto nonostante lo prevedano le norme sulla privacy
Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies.
The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence.
Twilio says "threat actors were able to identify" phone numbers of people who use the two-factor app Authy.
As social networks and porn sites move towards a verified identity model, the actions of one cybersecurity researcher show that ID verification services themselves could get hacked too.
Cybercriminals behind attacks disrupting at least five London hospitals leaked nearly 400 gigabytes of data, which reportedly included blood test information.
Qilin ransomware started leaking data stolen from England National Health Service (NHS) partner Synnovis labs. According to reports from the BBC, the data includes patient names, dates of birth, NHS numbers, descriptions of blood tests, and other information.
La Croix-Rouge italienne touchée par une fuite massive de données, le CICR enquête
Un volume très important de données a été volé à la Croix-Rouge italienne. En 2022 déjà, des informations sensibles avaient été subtilisées au CICR. Lors de sa grande conférence d’octobre, l’organisation humanitaire va insister sur l'importance de protéger les données humanitaires
Un prestataire externe du Service des énergies de la ville d'Yverdon-les-Bains (VD) a été victime fin mai d'une cyberattaque. Près de 12'300 particuliers et entreprises pourraient être concernés. Mais à ce stade, rien n'indique que des données aient été consultées ou copiées.
A hacker in El Salvador has released detailed information, including full names, birthdays, phone numbers, and social security numbers.
Les données d’une agence d’intérim bâloise ont été piratées. Le directeur s’exprime.
AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them.
