Open Directory Exposes Three Evilginx Phishing Operators
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Stay informed on the latest exposure risks in information security. Expert analysis, breach updates, and data leak prevention tips. Stay secure!
Search across headline titles and summaries.
Background for this topic.
Exposure is the condition in which a system, service, credential, vulnerability, or sensitive information is accessible or discoverable by people or systems that should not reach it. In threat modeling, it describes an attack surface or loss of control—not proof that an attacker has succeeded. Examples include an internet-facing administration interface, cloud storage with unintended permissions, a secret committed to source code, or personal data sent to an unintended recipient. Its significance depends on what is exposed, who can reach it, and which protections remain.
The primary defense is exposure reduction: maintain an accurate asset inventory, remove unnecessary public access, enforce least-privilege permissions and strong authentication, patch externally reachable software, and revoke leaked credentials or secrets. Encryption can limit the value of exposed data, but does not correct an exposed access path. Continuous scanning and log review help identify changes and support rapid containment when exposure is discovered.
Weekly headline count for the current query.
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines
ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability
Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update
SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
A critical AWS CodeBuild misconfiguration has exposed core repositories to potential attack
The GoBruteforcer botnet has been observed targeting exposed Linux servers on services like FTP and MySQL
A breach affecting Manage My Health could have exposed sensitive data for up to 120,000 New Zealand patients
A flaw in JumpCloud Remote Assist for Windows has exposed managed endpoints to local privilege escalation and denial-of-service attacks
Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems
The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing
The personal data of over two million amateur football players registered in France could be exposed
Almost two million people may have seen their personal data exposed following a large-scale cyberattack that hit Asahi in September 2025