VulnHub

Real-time Cybersecurity News

Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
Data Breach

Overview

A misconfigured server associated with the carding marketplace known as Jerry’s Store has leaked around 345,000 stolen credit card details. This incident stemmed from an artificial intelligence coding error that created a significant security flaw. The exposed data poses a serious risk to individuals whose credit card information was compromised, potentially leading to unauthorized transactions and identity theft. This situation also raises concerns about the security practices of online marketplaces that deal with illicit activities. The incident emphasizes the need for robust security measures, especially in environments handling sensitive financial data.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: 345,000 stolen credit card details
  • Action Required: Implement proper server configuration and security protocols to avoid misconfigurations.
  • Timeline: Newly disclosed

Original Article Summary

A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw.

Impact

345,000 stolen credit card details

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Implement proper server configuration and security protocols to avoid misconfigurations. Regular security audits and monitoring of server settings are recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

Infosecurity Magazine

A researcher from Theori, a security firm, has discovered a nine-year-old vulnerability in the Linux kernel using artificial intelligence tools. This flaw could potentially allow attackers to exploit systems running affected versions of the Linux kernel, putting many users and organizations at risk. The vulnerability's age raises concerns about how long it has gone unnoticed and the implications for systems that rely on Linux for their operations. As Linux is widely used across various platforms, including servers and embedded systems, this discovery highlights the need for ongoing vigilance in software security. Users and administrators are encouraged to review their systems and apply any available patches to mitigate the risk associated with this vulnerability.

May 1, 2026

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

Security Affairs

SonicWall has released urgent firmware updates to address three vulnerabilities found in its SonicOS software, which affects Gen 6, Gen 7, and Gen 8 firewalls. These flaws could potentially allow attackers to bypass security controls and gain unauthorized access to restricted services. Users of these firewall models are strongly advised to apply the patches immediately to protect their systems from possible exploitation. The vulnerabilities underscore the importance of keeping security software up to date, as failure to patch could leave networks open to attacks. Companies relying on these firewalls should prioritize this update to safeguard their network environments.

May 1, 2026

US ransomware negotiators get 4 years in prison over BlackCat attacks

BleepingComputer

Two former employees from cybersecurity firms Sygnia and DigitalMint were sentenced to four years in prison for their involvement in BlackCat (ALPHV) ransomware attacks against U.S. companies. These individuals exploited their insider knowledge to facilitate cyberattacks that resulted in significant financial losses for the targeted organizations. The BlackCat ransomware group has gained notoriety for its sophisticated attacks and has been responsible for numerous breaches in recent years. This case underscores the risks posed by insider threats in the cybersecurity landscape, as even trusted employees can engage in malicious activities. The sentences aim to deter similar behavior and reinforce the importance of vigilance within the cybersecurity community.

May 1, 2026

Open-source privacy proxy masks PII before prompts reach external AI services

Help Net Security

Dataiku has introduced Kiji Privacy Proxy, an open-source tool designed to protect sensitive customer information when interacting with external AI services. Many organizations send prompts containing personally identifiable information (PII) to large language models without proper sanitization, risking data exposure. Kiji acts as a local gateway, filtering out customer emails, support transcripts, and other identifying data before requests reach APIs like OpenAI and Anthropic. This tool is particularly relevant for enterprise developers who need to ensure customer privacy while still utilizing advanced AI capabilities. By integrating this proxy, companies can better safeguard user data and comply with privacy regulations.

May 1, 2026

Ukrainian police arrest 3 hackers for hijacking 610,000 Roblox accounts

SCM feed for Latest

Ukrainian police have arrested three individuals, including a 19-year-old, for allegedly hijacking approximately 610,000 accounts on the popular gaming platform Roblox. The suspects reportedly exploited stolen session cookies, allowing them to bypass traditional password protections and gain unauthorized access to user accounts. This incident underscores the risks associated with session management and the potential for significant breaches in online gaming communities. The large number of affected accounts highlights the need for users to be vigilant about their account security and for platforms like Roblox to strengthen their defenses against such attacks. The situation serves as a reminder of the ongoing challenges in protecting digital identities in an increasingly interconnected world.

Apr 30, 2026

Former incident responders sentenced to 4 years in prison for committing ransomware attacks

CyberScoop

Ryan Goldberg and Kevin Martin, both former incident responders, have been sentenced to four years in prison for their involvement in a series of ransomware attacks against five companies in 2023. The duo extorted nearly $1.3 million from one of their victims, showcasing a troubling trend where individuals with cybersecurity expertise turn to criminal activities. This case raises concerns about trust within the cybersecurity community and highlights the ongoing risks of ransomware, which continues to threaten businesses across various sectors. The sentencing serves as a reminder that those who exploit their knowledge for malicious purposes will face serious consequences.

Apr 30, 2026