eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

225
active users

#databreach

43 posts30 participants5 posts today

💧 Supabase MCP can leak your entire SQL database

「 The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections. At the same time, it reads customer-submitted messages as part of its input. If one of those messages contains carefully crafted instructions, the assistant may interpret them as commands and execute SQL unintentionally 」

simonwillison.net/2025/Jul/6/s

Simon Willison’s WeblogSupabase MCP can leak your entire SQL databaseHere's yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data back …

🚨 Over 26 million resumes exposed in top CV maker data breach - here's what we know

「 While it might not sound like much, the cache is a treasure trove for cybercriminals. Knowing these people are actively seeking new job opportunities, they can create fully customized, highly relevant phishing emails, successfully tricking people into downloading malware or sharing login credentials 」

techradar.com/pro/security/ove

TechRadar · Over 26 million resumes exposed in top CV maker data breach - here's what we knowBy Sead Fadilpašić

DATE: July 10, 2025 at 11:15AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Healthcare data breaches announced by:
-Gardner Orthopedics, Florida
-Blue Cross and Blue Shield of Massachusetts
-Health Care and Rehabilitation Services of Southeastern Vermont
-Retina Associates of Cleveland
-Clement Manor,Wisconsin
t.co/aFd7amOGFp #databreach

Articles can be found by scrolling down the page at hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

DATE: July 10, 2025 at 11:13AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Seven Healthcare Organizations Added to Ransomware Groups’ Data Leak Sites t.co/DWVvDg5JmL #healthcare #databreach

Articles can be found by scrolling down the page at hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

DATE: July 10, 2025 at 11:15AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Healthcare data breaches announced by:
-Gardner Orthopedics, Florida
-Blue Cross and Blue Shield of Massachusetts
-Health Care and Rehabilitation Services of Southeastern Vermont
-Retina Associates of Cleveland
-Clement Manor,Wisconsin
t.co/aFd7amOGFp #databreach

Here are any URLs found in the article text:

t.co/aFd7amOGFp

Articles can be found by scrolling down the page at hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

DATE: July 10, 2025 at 11:13AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Seven Healthcare Organizations Added to Ransomware Groups’ Data Leak Sites t.co/DWVvDg5JmL #healthcare #databreach

Here are any URLs found in the article text:

t.co/DWVvDg5JmL

Articles can be found by scrolling down the page at hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

Even more arrests! Reuters reports:

Four people have been arrested as part of a police investigation into cyberattacks that disrupted the operations of retailers Marks & Spencer, the Co-op and Harrods, Britain's National Crime Agency said.

The cyberattack on M&S was the most serious, costing it about 300 million pounds ($409 million) in lost operating profit.

The NCA said two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands, central England, and London on Thursday on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.

More at reuters.com/business/retail-co

At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy:

meduza.io/en/news/2025/07/10/a

France and the U.S. appear to be collaborating quite a bit. The U.S. will be seeking his extradition.

The report doesn't mention what #ransomware group Kasatkin was allegedly involved with, and I don't see any case docketed against Kasatkin on PACER.

Meduza · At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracyBy Meduza

McDonald's AI hiring platform found to be vulnerable, risking 64 million job applications

Security researchers discovered vulnerabilities in McDonald's McHire hiring platform developed by Paradox.ai, including an insecure direct object reference (IDOR) flaw and trivial default credentials ("123456:123456") that potentially exposed personal data of up to 64 million job applicants across McDonald's franchises.

**Make sure to authenticate and authorize every single request to your APIs. And don't use integer auto-incrementing IDs for users, too easy to guess. Naturally, NEVER use trivial credentials for test systems.**
#cybersecurity #infosec #incident #databreach
beyondmachines.net/event_detai

BeyondMachinesMcDonald's AI hiring platform found to be vulnerable, risking 64 million job applicationsSecurity researchers discovered vulnerabilities in McDonald's McHire hiring platform developed by Paradox.ai, including an insecure direct object reference (IDOR) flaw and trivial default credentials ("123456:123456") that potentially exposed personal data of up to 64 million job applicants across McDonald's franchises.