In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access. – Read more
Latest article
Spring AI SQL Injection in PgVectorStore and friends
Spring AI SQL Injection in PgVectorStore and friends PgVectorStore, OracleVectorStore, and CouchbaseSearchVectorStore concatenate filter expression output directly into SQL without parameterization, enabling tenant isolation...
US Sanctions Target Cambodian Scam Network Leaders
US sanctions target Cambodian scam networks tied to crypto fraud and trafficking - Read more
ADT – 5,488,888 breached accounts
In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a...
