LIVE · cybersecurity feed

breach

zeroday.news · 2d ago

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying

zeroday.news · 4d ago

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd p

zeroday.news · 7d ago

Attackers Seize Exposed AI Endpoints to Power Offensive Ops

Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.

zeroday.news · 8d ago

Iran, Russia, China Target Water Systems for Sabotage

Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.

zeroday.news · 11d ago

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.

zeroday.news · 23d ago

Maine forced to take down data breach portal after fake notices filed with authorities

The US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures impersonating two well-known technology companies. Read more in my article on the Hot for Security blog

zeroday.news · 25d ago

Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details

Argentina's World Cup squad had their passport numbers leaked before a ball was kicked - not by hackers, but by someone who failed to redact a document properly. document. It's a mistake that has been made many times in the past... Read mor

zeroday.news · 28d ago

Weekly Update 507

1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accou

zeroday.news · 37d ago

1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Espec

zeroday.news · 37d ago

Weekly Update 506

I'm finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There's the obvious criminality of it all, but then there's also the response from organisations (or lack thereof, as it relates to disclosure t

zeroday.news · 41d ago

MyPillow listed on ransomware gang’s leak site, but denies it has been breached

A notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my

zeroday.news · 47d ago

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a v

zeroday.news · 50d ago

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of inte

zeroday.news · 51d ago

Weekly Update 504

It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago, we've had Grafana go with the "no pay" approach, and I've seen a raft

zeroday.news · 57d ago

Welcoming the Bangladesh Government to Have I Been Pwned

Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches.

zeroday.news · 58d ago

Weekly Update 503

Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to "we're not making any stateme

zeroday.news · 132d ago

A Deep Dive into the GetProcessHandleFromHwnd API

In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I though

zeroday.news · 146d ago

Bypassing Administrator Protection by Abusing UI Access

In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was rele

zeroday.news · 159d ago·critical

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system da

zeroday.news · 174d ago

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the

zeroday.news · 174d ago·high

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis ofte