Google Claims Gmail Data Breach is False
Google Claims Gmail Data Breach is False
Google was recently forced to publicly dispute false news reports claiming a massive Gmail security breach had exposed 183 million accounts. The company confirmed that Gmail’s own defenses remain strong and no new breach has occurred on its platform. Collection of compromised credentials in the Have I Been Pwned (HIBP) notification platform was the source of the claim. However, this collection was not from a single company breach, but rather a compilation of credentials stolen over the years through attacks across different websites. Google acknowledged it uses these credential collections to help users reset exposed passwords but clarified that the exposed data did not reflect a failure in Gmail’s security.
Source: Google X, Bleeping Computer
FinWise Data Breach: Encryption is Your Last Defense
The FinWise Bank data breach exposed the sensitive personal information of 689,000 customers of American First Finance (AFF). A former employee utilized retained credentials to access the bank’s systems. In other words, insider threat caused the breach. This incident highlights the critical need for a “last line of defense” like encryption In such systemic security failures, Penta Security’s D.AMO platform was highlighted. D.AMO is a data security solution that integrates powerful encryption, granular access control, and a dedicated Key Management System (KMS) that physically and logically isolates keys from the data. This separation of duties and secure key storage is presented as an effective defense mechanism to render stolen, encrypted data useless, even in the event of an insider breach.
Source: Bleeping Computer
Hackers Launch Attacks to Exploit Outdated WordPress Plugins
A large-scale campaign is targeting WordPress sites by exploiting three critical-severity flaws in the outdated GutenKit and Hunk Companion plugins. These vulnerabilities, which are all rated CVSS 9.8, are unauthenticated or missing-authorization flaws that allow attackers to install arbitrary plugins. Attackers are leveraging these vulnerabilities to introduce malicious plugins, often via a ZIP archive named ‘up’ hosted on GitHub, to achieve Remote Code Execution (RCE), maintain persistence, and steal private data. The security firm Wordfence blocked 8.7 million attack attempts in just two days (October 8-9, 2025). The critical mitigation advice for administrators is to immediately update all WordPress plugins to the latest available versions.
Source: Bleeping Computer
Toys “R” Us Canada Suffers From Data Breach
Toys “R” Us Canada has disclosed a data breach after threat actors leaked customer information stolen from its systems. The company confirmed that personal details such as names, addresses, and order histories were exposed, though no payment card data was compromised. The breach was linked to a cyberattack on its third-party service provider, highlighting supply chain vulnerabilities. Affected customers have been notified, and Toys “R” Us Canada says it is working with cybersecurity experts to strengthen defenses and prevent future incidents.
Source: Cyber Press, Security Week
Click here to subscribe our Newsletter
Click here for inquiries regarding the partner system of Penta Security
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D.AMO
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Click here for inquiries regarding the partner system of Cloudbric