SOUTHFIELD, MI - A newly surfaced dark-web listing claims that 700Credit, a provider of credit-reporting and identity-verification services for auto dealers, suffered a substantial data breach in late October 2025 - potentially exposing more than eight million customer records. What the Listing Claims According to the listing, the compromised database includes highly sensitive consumer information commonly handled by credit-reporting services - full names, Social … [Read more...]
Microsoft Warns Advertisers of New OAuth Consent Phishing Threat Targeting Users
REDMOND, WA - Microsoft has issued a new security alert to users of its Microsoft Advertising platform, warning of a wave of OAuth consent phishing attacks - a sophisticated form of credential theft designed to look completely legitimate. In its notice, Microsoft explained that malicious actors are sending out fake login or permission prompts that appear identical to the company’s official consent screens. Once a user clicks “Accept”, the attacker gains access to sensitive … [Read more...]
October: National Cybersecurity Awareness Month: Is Your Business Truly Protected?
WEST PALM BEACH, FL - Every October, businesses across the country are reminded of a simple but critical truth: cybersecurity is no longer optional. As cybercriminals refine their tactics, small and medium-sized businesses have increasingly become their top targets. Phishing emails, ransomware, and malware aren’t just problems for Fortune 500 companies - they’re threats to any business with valuable data and daily digital operations. This year’s National Cybersecurity … [Read more...]
Massive “Combo List 93M” Surfaces on Dark Web, Exposing Millions of Emails
WEST PALM BEACH, FL - A newly circulated credential database called Combo List 93M has emerged on underground forums, raising concerns for millions of email account holders. The massive compilation - reportedly containing over 93 million records - is being distributed within cybercriminal communities for use in credential-stuffing and phishing campaigns. What Is Combo List 93M? Unlike a traditional “data breach” tied to a single company, Combo List 93M appears to be an … [Read more...]
TransUnion Data Breach Exposes Personal Information of 4.4 Million Consumers
WEST PALM BEACH, FL - TransUnion, one of the nation’s three major credit reporting agencies, has confirmed a data breach that exposed sensitive personal information of more than 4.4 million U.S. consumers. The incident was discovered on July 30, 2025, just two days after hackers gained access to a third-party application used by TransUnion’s U.S. consumer support operations. While the company stressed that its core credit databases and credit reports were not compromised, … [Read more...]
Hackers Claim PayPal Credential Dump Exposes 15.8 Million Accounts
SAN JOSE, CA - A massive set of PayPal login credentials has surfaced for sale on a dark web marketplace, with hackers alleging it contains information on nearly 15.8 million accounts worldwide. The dataset reportedly includes email addresses, plaintext passwords, and associated PayPal login URLs - a combination that, if authentic, could enable criminals to commit widespread identity theft and financial fraud. Hackers’ Claims The seller is advertising the database, … [Read more...]
Aflac Hit by Sophisticated Cyberattack: What Victims, Businesses Need to Know
COLUMBUS, GA - Aflac Incorporated, a leading supplemental insurance provider, disclosed that its U.S. systems suffered a cyberattack on June 12, 2025, potentially exposing sensitive customer data. The breach was quickly contained, but it may have compromised claims information, health records, Social Security numbers, and other personal identifiers. What We Know So Far Potential Data Exposure Aflac’s Response Broader Industry Implications What Affected … [Read more...]
Record-Breaking Data Leak Exposes 16 Billion Credentials Including Session Tokens
WEST PALM BEACH, FL - A massive trove of approximately 16 billion username-password combinations—along with session tokens and cookies - has surfaced on unsecured servers, cybersecurity researchers confirmed. The cache appears to be an aggregate of around 30 previously known data sets, sourced from malware-based credential thefts and older breaches, rather than a fresh, single-source attack. Security analysts emphasize the sheer volume of data makes it impossible to … [Read more...]
Records From 2024 AT&T Data Breach Are Once Again For Sale On The Dark Web
PALM BEACH, FL - A massive trove of nearly 90 million AT&T customer records, including Social Security numbers and other sensitive information, has resurfaced for sale on the dark web, reigniting concerns over personal data security. The data were first posted to a Russian-language cybercrime forum on May 15 and reappeared on June 3, with cybersecurity researchers confirming these are decrypted records - mostly repackaged from previous breaches. AT&T indicates … [Read more...]
Massive Data Breach Exposes 184 Million Login Credentials from Major Tech Platforms
WEST PALM BEACH, FL - A significant data breach has compromised over 184 million login credentials, affecting users of major platforms including Google, Apple, Meta (Facebook, Instagram), Microsoft, Snapchat, and others. The exposed information includes email addresses, usernames, plaintext passwords, and login URLs, posing a substantial risk of identity theft and unauthorized account access. Cybersecurity researcher Jeremiah Fowler discovered the unprotected database, … [Read more...]
Near Identical Domain Used To Scam Over $800,000 With Wire For Real Estate Deal
AUSTRALIA - A South Australian woman narrowly avoided a complete financial disaster after falling victim to a sophisticated business email compromise (BEC) scam that led to the loss of over $800,000. Authorities have since managed to recover a significant portion of the stolen funds, shedding light on the growing threat of cyber fraud in real estate transactions. The victim, who had been in the process of purchasing a property, received what appeared to be a legitimate … [Read more...]
50 Million Potentially Compromised In PowerSchool Data Breach
SACRAMENTO, CA - On December 28, 2024, PowerSchool, a prominent provider of educational technology services to over 60 million K-12 students worldwide, identified a cybersecurity incident involving unauthorized access to its Student Information System (SIS) through the PowerSource customer support portal. The breach, which occurred between December 19 and December 24, 2024, allowed threat actors to exfiltrate sensitive data, including names, addresses, dates of birth, … [Read more...]
Expired Domains Used by Security Experts to Neutralize Abandoned Web Backdoors
BATH, UK - More than 4,000 web backdoors that had been abandoned but were still active with live malware were hijacked and their communication infrastructure sinkholed – a term used to describe the process of redirecting malicious traffic to a DNS sinkhole – after web security researchers registered numerous expired domains, preventing them from being used by hackers and cybercriminals. A backdoor is a covert method of bypassing normal authentication or encryption in a … [Read more...]
Hackers Utilizing Russian Domains for Rising Number of Complex Phishing Attacks
REDMOND, WA - Cybersecurity experts have noted a large increase in the number of phishing attacks recently as hackers have been altering their attack avenues in order to work their way around increasingly complex email security systems designed to circumvent their efforts. Both the volume and complexity of malicious emails have been on the rise and are proving to be increasingly able to bypass Secure Email Gateways (SEGs) such as Microsoft and Proofpoint, according … [Read more...]
Amazon Seizes Domains Used by Russian Hackers Targeting Windows Users
SEATTLE, WA - Online shopping retail giant Amazon this week seized multiple internet domains that have been utilized by Russian hackers to launch phishing attacks that targeted users of Microsoft’s Windows operating system. Chief Information Security Officer at Amazon, CJ Moses, announced in a blog post that Midnight Blizzard, otherwise known as APT29 – a threat actor directly sponsored by the Russian government – had been targeting government agencies, empires, … [Read more...]