Healthcare staff data is being exposed at alarming rates — protecting patients starts with protecting those who care for them. 🩺🔓 #HealthDataSecurity #DataExposure
https://www.helpnetsecurity.com/2025/12/05/incogni-healthcare-staff-data-exposure-report/
Researchers enumerated 3.5B WhatsApp phone numbers through the platform’s contact-discovery feature, revealing public profile photos and text for millions of users. Meta applied rate-limiting after the disclosure and says no non-public data was exposed.
This case raises important questions about phone numbers as identifiers and long-term privacy safeguards.
Share your insights & follow for more security-focused analysis.
#InfoSec #CyberSecurity #Privacy #DataExposure #WhatsApp #SecurityResearch #DigitalIdentity #TechNadu
Two billion email addresses were exposed
#HackerNews #emailbreach #dataexposure #cybersecurity #privacy #awareness
South Carolinas Dillon County probes possible hack #DillonCounty #SouthCarolina #NetworkDisruption #ForensicInvestigation #LawEnforcement #DataExposure #Cyberattack https://dysruptionhub.com/dillon-county-sc-possible-hack/
Oops… Ernst & Young accidentally exposed 4TB of data on Azure — a reminder that even experts can slip when cloud hygiene falters. ☁️🧾 #CloudSecurity #DataExposure
4TB and no client or personal data eh? 👏🏻
https://infosec.exchange/@technadu/115475109972392589 - A 4TB SQL Server backup tied to EY was exposed on Microsoft Azure, discovered by Neo Security during an asset mapping scan.
EY remediated promptly, confirming no client or personal data was affected.
#CyberSecurity #EY #DataExposure #Azure #Infosec #ThreatIntel #DataProtection #CloudSecurity
A 4TB SQL Server backup tied to EY was exposed on Microsoft Azure, discovered by Neo Security during an asset mapping scan.
The file’s naming pattern and metadata indicated it was a full unencrypted database dump - a critical visibility gap in cloud storage hygiene.
EY remediated promptly, confirming no client or personal data was affected.
As botnets continuously scan public cloud assets, how can enterprises proactively detect these exposures before attackers do?
💬 Join the discussion & follow @technadu for deeper security intelligence.
#CyberSecurity #EY #DataExposure #Azure #Infosec #ThreatIntel #DataProtection #CloudSecurity
compliance-savvy narratives to amplify pressure and market impact. Defenders must assume both data leakage and reputational/legal escalation vectors when triaging similar claims. #ransomNews #redhat #dataexposure
Event startup Partiful wasn’t stripping GPS locations from user-uploaded photos
⚠️ WestJet breach leaks travel data of 12M The Canadian airline WestJet suffered a data breach exposing flight itineraries, passport info, email addresses and more for 12 million customers. The airline is notifying affected individuals. #ransomNews #WestJetBreach #DataExposure
Thousands of Indian bank transfer records found online
Salesloft confirms breach via GitHub → attackers stole Drift OAuth tokens & compromised Salesforce integrations.
Victims include Cloudflare, Zscaler, Palo Alto, Tenable, Rubrik, Proofpoint, Elastic & more (700+ orgs).
Experts: Non-human identities like API tokens are the next security blind spot.
💬 How is your org tackling API token risks? Follow @technadu for updates.
#Salesloft #GitHubBreach #CyberAttack #DataExposure #ThreatActor #CyberSecurity #SupplyChainRisk
🚨 CVE-2025-49870: High-risk SQLi in WordPress Paid Membership Subscriptions plugin (10K+ sites).
✅ Fixed in v2.15.2
❌ Exploitable without login
💥 Attackers could query or tamper with DB data
Still shocking to see SQL injection so prevalent in 2025.
💬 Are devs overlooking basics, or is plugin culture the real issue?
🔔 Follow @technadu for more threat intel.
#WordPress #SQLInjection #Vulnerability #PluginSecurity #WebSecurity #DataExposure #CMSecurity
🚨 Security researcher finds 1,300+ exposed TeslaMate servers leaking
Tesla data — from trip locations to charging times.
⚡ “You’re unintentionally sharing your car’s movements with the world.” – Seyfullah Kiliç, SwordSec
💬 Who’s responsible — open-source devs or end-users?
👜 Louis Vuitton suffers global data breach impacting customers in the UK, South Korea, and Turkey. Luxury comes at a cost—especially when data is on the line.
#LuxuryBreach #DataExposure 🌐🔓
🔐 94% of enterprises faced API security incidents in the past year—yet only 36% have dedicated API security solutions. Time to rethink your strategy.
#APISecurity #DataExposure 🚧📊
https://www.helpnetsecurity.com/2025/07/08/report-enterprise-api-security-risks/
In a penetration test, automated tools find known vulnerabilities—but they don’t think like an attacker...
You can absolutely automate the 'vulnerability assessment' phase and information discovery.
It’s possible to automate some exploitation too, if you’re brave and don’t care about the stability of the customer’s network.
However, humans perform penetration testing.
Here's a story that illustrates why: https://www.pentestpartners.com/security-blog/a-tale-of-enumeration-and-why-pen-testing-cant-be-automated/
#CyberSecurity #PenTesting #EthicalHacking #OSINT #DataExposure #InfoSec #AutomatedTesting #InfrastructureSecurity
Hello everyone.
In today's article we are reviewing shodan for beginners.
I wish everyone good work and reading.
https://denizhalil.com/2025/01/06/shodan-search-engine-cybersecurity-guide/
#cybersecurity #shodan #penetrationtesting #shodancheatsheet #networksecurity #ethicalhacking #dataexposure
Signal under fire for storing encryption keys in plaintext
https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/
#Signal #Privacy #Encryption #Cybersecurity #Messaging #DataProtection #SecureComms #DesktopApp #Vulnerability #InfoSec #DigitalSecurity #EndToEnd #PlainText #KeyManagement #TechNews #PrivacyBreach #SecurityAlert #Cryptography #DataSafety #MobileApps #UserPrivacy #SecurityFlaw #EncryptionKeys #Tech #MessageSecurity #PrivacyRisk #SecureMessaging #CyberRisk #DataExposure
Azure Service Tags Vulnerability Controversy
Date: June 2024
CVE: N/A
Vulnerability Type: Security Misconfiguration
CWE: [[CWE-20]], [[CWE-287]]
Sources: Bleeping Computer
Synopsis
A security vulnerability in Azure Service Tags has been highlighted by Tenable, who identified a risk of data exposure due to how Service Tags handle firewall rules and access control. Microsoft, however, disputes this assessment, clarifying the intended use of Service Tags.
Issue Summary
Tenable's security researchers claim that they discovered a high-severity vulnerability in Azure Service Tags that allows attackers to impersonate trusted Azure services and bypass firewall rules based on Azure Service Tags, and can access private data that way by crafting SSRF-like web requests. These tags, designed for routing and not security boundaries -as per Microsoft-, can be manipulated to impersonate trusted services and access sensitive data.
Technical Key findings
The vulnerability exploits the "availability test" feature within Azure's Application Insights Availability service. By manipulating custom headers and HTTP requests, attackers can bypass network controls that rely on Service Tags, thus accessing internal services and APIs hosted on common ports (80/443).
Vulnerable Products
Impact Assessment
Exploitation of this vulnerability could lead to unauthorized access to sensitive data and internal APIs, potentially exposing internal services to malicious actors. This represents a significant risk, particularly for services relying solely on Service Tags for security.
Patches or Workaround
Microsoft has not issued a patch, asserting that Service Tags are not designed as a security boundary. They recommend adding authentication and authorization layers to enhance security. Azure customers should follow Microsoft's updated guidelines and review their network configurations to ensure robust security measures are in place.
Tags
#Azure #ServiceTags #Vulnerability #SSRF #DataExposure #CloudSecurity #Microsoft #FirewallBypass
