1 Million SSNs Exposed 🔓 & 130 Zero-Days Dumped Online 💣
Two stories from today's security headlines are worth your attention: a government website quietly handed out a million Social Security numbers, and a researcher dumped over 130 unvetted hacking recipes online — one of which affects software running almost everywhere. Here's what happened and why it matters.
A Property Map in Puerto Rico Leaked 1 Million Social Security Numbers
Puerto Rico's Municipal Revenue Collection Center — the agency that handles property taxes — runs a public interactive map showing details about every registered property on the island. On the surface it just displayed owner names, lot sizes, and tax assessments. But researchers found that anyone who understood how websites quietly request data behind the scenes could pull far more sensitive information, including the Social Security numbers of roughly 1 million people.
The so what: SSNs are the master key to identity theft — opening fraudulent accounts, filing fake tax returns, and more. This is a textbook reminder that "we didn't display it on the page" is not the same as "we protected it." If your organization builds anything that serves data to a browser, assume attackers can see every request your app makes, not just what shows up on screen.
Someone Dumped 130 Hacking Blueprints Online — Including One That Hits Software Everywhere
A researcher going by "bikini" published more than 130 proof-of-concept exploits to a public GitHub repository called Exploitarium, without giving any of the affected vendors a chance to fix the bugs first. The most alarming one is a critical flaw in libssh2, a tiny piece of software that quietly powers secure connections inside widely used tools like curl, Git, and PHP. The bug can let an attacker take over a system before anyone even logs in — and attackers started probing for it within days.
The so what: because libssh2 is buried inside so many other programs, a huge number of businesses are exposed without realizing it. Security teams should update libssh2 to a version beyond 1.11.1, and watch for unusual failed connection attempts as an early warning sign. When exploit code goes public before a patch exists, the window between "disclosed" and "under attack" is measured in days, not months.
Stay ahead of threats with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment