Login Subscribe

Data Breaches

Student Loan Servicer Breach Exposes 2.5M Records via Credential Stuffing

Student Loan Servicer Breach Exposes 2.5M Records via Credential Stuffing

A threat‑actor group compromised a major student‑loan servicing platform, extracting personal and financial data for roughly 2.5 million borrowers and former applicants. The attackers leveraged credential‑stuffing attacks against weak authentication controls, reusing leaked usernames and passwords to bypass login barriers and harvest data such as Social

Student Loan Platform Breach Exposes 2.5M Records via Misconfigurations

Student Loan Platform Breach Exposes 2.5M Records via Misconfigurations

A student loan processing service was compromised, resulting in the public release of personal and financial data for roughly 2.5 million borrowers and applicants. Attackers gained foothold through a combination of poorly segmented network zones and unpatched server components, allowing lateral movement and extraction of data stored in legacy

Supply‑Chain Compromise of LiteLLM Hits Mercor Recruitment Platform

Supply‑Chain Compromise of LiteLLM Hits Mercor Recruitment Platform

Mercor reported that attackers published a malicious version of the open‑source LiteLLM Python package, which the company uses to power its AI‑driven candidate matching engine. When the compromised library was installed during a routine update, it silently executed code that scraped personal data from user profiles and resumes,

Unprotected API Leak Exposes 2.5 Million Student Loan Records

Unprotected API Leak Exposes 2.5 Million Student Loan Records

An attacker exploited an unauthenticated API endpoint on a major student loan servicer’s database, pulling personal information for roughly 2.5 million borrowers. The vulnerable endpoint allowed bulk extraction of records and went unnoticed for several weeks before security teams discovered the activity. The breach released names, Social Security

Mercor Recruiting Compromised via Malicious LiteLLM Supply‑Chain Injection

Mercor Recruiting Compromised via Malicious LiteLLM Supply‑Chain Injection

Mercor, an AI‑driven recruiting platform, was breached when a compromised version of the open‑source LiteLLM library was introduced into its software build process. The malicious code embedded in the library activated during compilation, creating hidden back‑doors that allowed threat actors to siphon user credentials, internal configuration files,

Insider‑Threat Platform Hijacked via Update Supply‑Chain Attack

Insider‑Threat Platform Hijacked via Update Supply‑Chain Attack

A threat‑actor group compromised a leading insider‑threat detection solution by injecting malicious code into a routine software update. The hidden payload disabled the platform’s alerting and telemetry functions, effectively turning the security tool into a blind spot while preserving a backdoor for ongoing access. The backdoor let