[NEW REPORT] A popular parental control app exposed its activity logs, leaving users' private data in www for at least a month. Payment info, user PII, tracking details - literally everything. Logstash updated daily, with gigabytes of data, usual story. Infected with readme note.

Me: sending security alert to company's contacts emails. Company's reply: we dropped a TON of new styles in December, did you miss it? Posh Peanut

Yes, I've seen this data when it was live. Yes, it is as simple as it gets. cybernews.com/security/brazi…

Every single data breach ever reported or sold was carefully collected by an unknown actor and left in a misconfigured instance. I'd say it is even bigger than Troy Hunt's HIBP.

Some random 'Mother of All Breaches' #MOAB stats / interesting info, FYI: 1) the total number of datasets in MOAB = 4145 2) out of it = 1448 have more than 100k records 3) out of it = 601 have more than 1M recs 4) 203 datasets have less than 100 recs 5) instance was updated in

▪️Cybernews research▪️ Football Australia leak exposes players’ details⤵️ #Australia #FootballAustralia #dataleak #data #cybersecurity #infosec cybernews.com/security/footb…

Will add a few details about this one. - Reported it to Football Australia on Nov 22, 2023 - At least one bucket was public - A couple of screenshots with proofs below

[NEW REPORT] Still a lot of UA entities and persons use uCoz resources to host sites. Now we know for sure, and a lot more to investigate... cybernews.com/security/web-h…

Proud and excited to be part of Mind The Sec once again, one of the most important events in the region!

We are working with @cybersecdawg and Sébastien 🇺🇦 on a project that should help companies quickly respond to the fast-growing issue with API keys leaks. Unfortunately, Shopify, Stripe, PayPal and other industry players underestimate this problem and prefer not to mention numerous

RU-hosted Troyan-As-A-Service infrastructure config (accidentally exposed).