BjoernAusGEDec 19
Could it be that Crunchyroll had an security issue a whila ago? This night i got an eMail telling me that my account was accessed from somewhere in Viginia, and that was definately not me.
It was a 14 digitats alphanumeric password, so i would not really assume that it was bruteforced which is stored in my bitwarden and not used in another service.

#crunchyroll #securitybreach #hibp
Hacker NewsDec 12

Home Depot GitHub token exposed for a year, granted access to internal systems

https://techcrunch.com/2025/12/12/home-depot-exposed-access-to-internal-systems-for-a-year-says-researcher/

#HackerNews #HomeDepot #GitHubToken #SecurityBreach #InternalAccess #Vulnerability #TechNews

Exclusive: Home Depot exposed access to internal systems for a year, says researcher

A security researcher tried to alert Home Depot to the security lapse exposing its backend GitHub source code repos and other internal cloud systems, but was ignored.

TechCrunch
Advocate.comDec 11

Nancy Mace investigated for bad behavior at airport, blames transgender people

https://fed.brid.gy/r/https://www.advocate.com/politics/nancy-mace-airport-videp-transgender

N-gated Hacker NewsDec 3
Ah, the classic tale of a "billion-dollar" AI tool with the security of a wet paper bag. 🙄 Who knew lawyers could be so careless with *confidential* files? Just one email, and voilà, you're the admin now. 🤦‍♂️ Let's hear it for the "responsible" disclosure process that even a snail could outrun! 🐌🎉
https://alexschapiro.com/security/vulnerability/2025/12/02/filevine-api-100k #billiondollarAI #securitybreach #lawyerfail #confidentialfiles #responsible_disclosure #snailpace #HackerNews #ngated
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files

Update: This post received a large amount of attention on Hacker News — see the discussion thread.

Alex Schapiro
Security LandNov 28

🚨 The OpenAI/Mixpanel breach is not just a "vendor issue"—it's a systemic failure. We analyzed 3 years of security incidents at OpenAI and compared them to the fortified architectures of Google Gemini and Anthropic Claude.

#SecurityLand #ExpertDecode #AI #SecurityBreach #Cyberattack #OpenAI #ChatGPT #Claude #Gemini #SpearPhishing #Business #Enterprise #Mixpanel

Read More: https://www.security.land/openai-mixpanel-breach-security-analysis-2025/

Why OpenAI’s "Minor" Breach is a Spear-Phishing Nightmare

The OpenAI/Mixpanel breach is not just a "vendor issue"—it's a systemic failure. We analyzed 3 years of security incidents at OpenAI and compared them to the fortified architectures of Google Gemini and Anthropic Claude.

Security Land | Decoding the Cyber Threat Landscape
Hacker NewsNov 24

SHA1-Hulud the Second Comming – Postman, Zapier, PostHog All Compromised via NPM

https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains

#HackerNews #SHA1Hulud #Postman #Zapier #NPM #SecurityBreach

The threat actors behind Shai Hulud has struck again, hitting Zapier and Ensdomains

A new variant of Shai Hulud has hit Zapier and Ensdomains

DysruptionHubNov 18
Trumbull County, Ohio security breach limits records access #SecurityBreach #ThirdPartyVendor #PublicRecords #EFilings #Ohio #cybersecurity https://dysruptionhub.com/trumbull-county-ohio-security-breach-records/
Trumbull County, Ohio security breach limits records access

Trumbull County, Ohio's Recorder's Office halted e-filings and online land record searches after a potential third-party security breach.

DysruptionHub
Guillaume RossoliniNov 13

I got a notification today

Paraphrasing:

“Hey we got a breach. Your password was leaked crypted (not hashed) and they also got your full postal address. We recommend updating your password, but we took the website down for now.“

I can’t fault them for wanting to beef up their security… But the timing is not great. They also left up a probably very insecure web form to keep collecting leads on their front page.

#SecurityBreach #password

☮ ♥ ♬ 🧑‍💻Nov 11

“Wellnhofer has said he will no longer maintain #libxml2 in December. Libxml2 is a critical library in all web browsers, web servers, LibreOffice and numerous Linux packages. We don’t need any more arguments; we need real #support for critical #OpenSource programs before we have another major #SecurityBreach.”

#NickWellnhofer / #economics <https://lwn.net/Articles/1038478/> / <https://discourse.gnome.org/t/stepping-down-as-libxml2-maintainer/31398>

Mind LudeNov 7
Another day, another breach. The Congressional Budget Office confirms a hack, with whispers that an ancient, unpatched firewall is to blame. It's almost like patching is important or something. 😉 What's your biggest 'should've patched that' horror story? #TechNews #SecurityBreach #PatchManagement #SystemAdmin https://techcrunch.com/2025/11/07/congressional-budget-office-confirms-it-was-hacked/
Congressional Budget Office confirms it was hacked | TechCrunch

The congressional research office confirmed a breach, but did not comment on the cause. A security researcher suggested the hack may have originated because CBO failed to patch a firewall for more than a year.

TechCrunch