All articles tagged with #data leak
A Fortune report reveals Anthropic's Claude Mythos, the company's most powerful AI model, was exposed by a data leak. The leak has analysts weighing potential IPO implications for Anthropic and causing volatility in AI/cybersecurity equities as investors weigh the model's advanced capabilities against security risks.
Fortune reports that Anthropic left internal materials for its upcoming AI model Claude Mythos publicly accessible, exposing roughly 3,000 assets and heightening cybersecurity worries about the model's potential capabilities.
Researchers demonstrated a prompt-injection attack against Google Gemini by embedding a malicious payload in a Google Calendar invite description. When the recipient asks Gemini about their schedule, the assistant executes the embedded instructions, creates a new event, and copies private meeting details into the event description, leaking sensitive data to the attacker. Google added mitigations after the disclosure, underscoring the need for context-aware defenses as AI assistants access calendar data.
A mistake by the Russian government’s ombudsman website accidentally exposed thousands of sensitive complaints, including those from Russian soldiers in Ukraine, revealing significant issues of abuse and coercion, and highlighting a major data breach.
A critical vulnerability in MongoDB, CVE-2025-14847, allows unauthenticated attackers to remotely leak sensitive data by exploiting a flaw in zlib compression, with over 87,000 instances potentially affected worldwide. Users are advised to update their MongoDB versions and implement mitigations such as disabling zlib compression and restricting server exposure.
A critical security flaw called MongoBleed (CVE-2025-14847) in MongoDB servers is actively exploited in the wild, allowing attackers to leak sensitive data through malformed network packets before authentication, affecting many versions and exposing approximately 87,000 vulnerable instances worldwide. Immediate patching and monitoring are recommended.
Coupang founder Kim Bom apologized for a recent customer data breach, pledged to implement a compensation plan for affected customers, and announced efforts to prevent future leaks, amid criticism for his absence from parliamentary hearings and ongoing investigations by South Korean authorities.
Hackers released additional leaked content for Pokémon Legends: Z-A, including gameplay videos and early builds, a year after the initial Teraleak, revealing features not in the final game and hinting at future Pokémon titles, despite ongoing efforts by Nintendo to identify the hackers.
Hackers claim to have stolen data of 5.5 million Discord users from the company's Zendesk support system, including government IDs and partial payment info, but Discord denies a breach and suggests the attack involved a compromised third-party support account. The hackers demand ransom and threaten to leak the data if not paid, while Discord states they will not reward illegal actions.
An extortion group called ShinyHunters, along with associated groups, has launched a website leaking data from 39 companies affected by Salesforce breaches, threatening to release personal data unless ransom demands are met. The attacks involved voice phishing and OAuth token theft, impacting major corporations like Google, Disney, and IKEA, with the group warning of further extortion campaigns.
An app called 'Cancel the Hate' aimed at reporting individuals criticizing conservative activist Charlie Kirk leaked users' personal data due to a security flaw, leading to its takedown amid privacy concerns and ongoing investigations.
Lovense, a major maker of internet-connected sex toys, failed to fully fix security flaws that exposed users' email addresses and allowed account takeovers, risking privacy and safety, especially for vulnerable users like cam models. The bugs were disclosed by security researcher BobDaHacker, who received a bug bounty but went public after Lovense delayed fixing the issues for 14 months.
The women's safety app Tea, which helps users identify red flags in dating, was hacked, leading to the leak of sensitive user data including selfies, driver's licenses, and personal messages, raising serious privacy concerns and prompting an investigation.
The Tea women's safety dating app experienced a security breach exposing approximately 72,000 user images, including selfies and ID photos, from a legacy data system. The company is investigating the breach, which raises concerns about privacy and security in online identity verification.
The UK Parliament's intelligence watchdog is launching an inquiry into a major data breach that exposed the identities of thousands of Afghans and British officials, which was only discovered in August 2023 and led to a super-injunction to prevent disclosure, prompting concerns over government handling and accountability.