Major Security Breach: APIsec Exposes 3TB of Fortune 100 Client Data in Elasticsearch Database
Security firm APIsec.ai accidentally exposed over three terabytes of sensitive customer information, including API scan results and system credentials, in a publicly accessible database. The breach, discovered by UpGuard, potentially compromised data from numerous Fortune 100 clients and revealed detailed API testing logs spanning multiple years.
FBI Raids Homes of Missing Indiana University Cybersecurity Professor
A prominent cybersecurity professor at Indiana University and his wife have mysteriously disappeared, prompting FBI raids at their two homes. The university has inexplicably erased Dr. Xiaofeng Wang's extensive academic records and contact information, raising concerns in the academic community.
FBI Raids Homes of Missing Indiana University Cybersecurity Professor
Federal investigators searched properties belonging to Dr. Xiaofeng Wang, a prominent computer scientist who vanished from Indiana University where he led major security research. Both Wang and his wife's university profiles were mysteriously scrubbed, raising concerns about their sudden disappearance.
Dating App Security Breach Exposes 1.5 Million Private User Photos
Multiple dating apps developed by M.A.D Mobile suffered a major security vulnerability that left 1.5 million private user photos exposed online without protection. The breach affected several platforms including BDSM People and LGBT dating services, putting users at risk particularly in regions hostile to LGBT communities.
RESURGE: Advanced Chinese Malware Targets Ivanti Security Products with Sophisticated Rootkit Features
A dangerous new malware called RESURGE has been discovered exploiting Ivanti Connect Secure devices through a critical vulnerability. The sophisticated attack tool, linked to Chinese cyber espionage groups, introduces advanced persistence capabilities including rootkits and web shells.
Malicious Google Ads Target DeepSeek Users in Sophisticated Malware Campaign
Security researchers uncover a deceptive advertising scheme using Google Ads to spread malware by impersonating the DeepSeek AI platform. The incident highlights growing cybersecurity concerns around AI tools and search result manipulation, prompting increased vigilance when downloading software.
Hijacked npm Packages Target API Keys Through Sophisticated Supply Chain Attack
Multiple cryptocurrency-related npm packages, active for over 9 years, were compromised to steal sensitive data through malicious obfuscated scripts. The attack, likely executed through compromised maintainer accounts, highlights critical security vulnerabilities in open-source software maintenance.
Multi-Language ReaderUpdate Malware Variants Target Apple Systems
A sophisticated malware operation targeting macOS has evolved to include variants written in Crystal, Nim, Rust, and Go programming languages. The expanded capabilities allow for system information collection, remote command execution, and potential pay-per-install operations while employing advanced obfuscation techniques.
Sophisticated NPM Package Malware Injects Persistent Reverse Shell
Security researchers uncover advanced malware on NPM that targets the 'ethers' package by injecting persistent reverse shell code. The sophisticated multi-stage attack continues to compromise systems even after removing the original malicious packages.
Critical Zero-Day Vulnerability in Chrome Targets Russian Institutions
A sophisticated zero-day vulnerability in Google Chrome allowed attackers to bypass sandbox protection through targeted phishing campaigns against Russian organizations. The recently patched CVE-2025-2783 flaw enabled automatic infections through malicious forum invitation links.