Discord Data Breach Exposes Support Chats and User IDs
The Discord data breach has sparked concern after hackers accessed a third-party support vendor’s systems, stealing user information, support messages, and government ID images. While Discord’s core infrastructure remains secure, the incident highlights serious risks tied to external service providers managing user data. How the Breach Happened Discord confirmed that attackers compromised a third-party customer service platform used to manage
WestJet Data Breach Exposed Customer Passports
The WestJet data breach has placed thousands of travelers at risk after cybercriminals accessed sensitive passenger records. The Canadian airline confirmed that passport numbers and travel documents were among the exposed data. The breach has raised concerns about identity theft and placed renewed pressure on the aviation industry to strengthen its cybersecurity defenses. What Happened WestJet disclosed that an unauthorized
Medusa Ransomware Tried to Recruit BBC Reporter
Medusa ransomware is back in the spotlight after reports surfaced of an unusual recruitment attempt. The gang allegedly contacted a BBC journalist, asking for help in hacking into a major media organization. The case shows how far ransomware groups are willing to go when traditional methods fail. A Bold Recruitment Attempt Instead of sending phishing emails or exploiting vulnerabilities, the
Postmark MCP npm Package Stole User Emails
The Postmark MCP npm package has been exposed as a malicious module that silently stole user emails. Disguised as a legitimate client, the package highlights ongoing risks in the software supply chain and raises concerns for developers relying on npm. How the Attack Happened Security researcher Kamil “kph” Piekarski discovered that the fake package was uploaded to npm on September
Google Ads Data Breach Exposes Millions of Business Records
Google has confirmed a significant data breach involving information about potential Google Ads customers. The breach targeted one of the company’s Salesforce CRM instances, which is used to manage and track communication with prospective advertisers. According to Google, the attack took place in June 2025 and was carried out by the hacking group known as ShinyHunters, also referred to as
PBS Data Breach Exposes Employee Data on Discord Servers
The PBS data breach raises alarms. The personal information of nearly 4,000 employees was leaked on Discord servers frequented by fans of PBS Kids. The incident appears to stem from a breach of the organization's internal platform, MyPBS.org, and is now under investigation. What Was Leaked? The exposed file, shared publicly on Discord, contained sensitive information of 3,997 employees and
Pandora Data Breach Linked to Salesforce Attack Campaign
Jewelry giant Pandora has confirmed a data breach following a targeted attack on its Salesforce environment. The breach is part of a larger wave of cyberattacks orchestrated by cybercriminal groups exploiting misconfigured or vulnerable Salesforce customer accounts. Pandora disclosed the incident in customer notifications sent out on August 5, 2025. While the company emphasized that its core infrastructure was not
McLaren Health Care Data Breach Exposes 743,000 Patients
McLaren Health Care has confirmed a major data breach that compromised the personal and medical details of 743,000 patients. The breach, which occurred in August 2023, was linked to the INC Ransomware gang, a rising threat in the cybercrime world. McLaren concluded its internal investigation in May 2025, nearly two years after the breach took place. What Data Did They
Debunking the 16 Billion Credentials Leak: What Really Happened
In the past week, alarming headlines have circulated across social media and tech news platforms: “16 billion credentials leak in a massive data breach!” The claim quickly sparked fear and speculation, suggesting one of the largest cybersecurity incidents in history. But there’s just one problem: it’s not technically true. Let’s break down what actually happened, why this misleading story went
Keyloggers Found on Outlook Login Pages in New Exploit
In a striking revelation, cybersecurity researchers have discovered JavaScript-based keyloggers silently operating on Outlook Web Access (OWA) login pages of Microsoft Exchange servers. These keyloggers Found on Outlook have been actively capturing credentials from users across dozens of compromised organizations, including government entities and private-sector firms worldwide. How the Attack Works The attackers injected custom JavaScript into the OWA login
