Critical

Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records

Hackread – Cybersecurity News, Data Breaches, AI, and More
Actively Exploited

Overview

A hacker is claiming to sell nearly 40 million user records from Condé Nast, the parent company of several well-known brands, after previously leaking data from Wired.com. This incident raises significant concerns about the security of user information across multiple major brands that fall under Condé Nast’s umbrella, including Vogue, The New Yorker, and Vanity Fair. The hacker's actions suggest a serious breach of data protection protocols, putting many users at risk of identity theft and other cybercrimes. The sale of such a vast database highlights the ongoing challenges companies face in safeguarding customer data. As the situation develops, it’s crucial for affected users to monitor their accounts for any suspicious activity and for companies to enhance their security measures to prevent future breaches.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Condé Nast user records, including data from brands like Wired, Vogue, The New Yorker, Vanity Fair
  • Action Required: Users should monitor their accounts for unusual activity and consider changing passwords.
  • Timeline: Newly disclosed

Original Article Summary

A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected.

Impact

Condé Nast user records, including data from brands like Wired, Vogue, The New Yorker, Vanity Fair

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should monitor their accounts for unusual activity and consider changing passwords. Companies should review security protocols and implement stronger data protection measures.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Related Coverage

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft SharePoint Server to its list of Known Exploited Vulnerabilities. This flaw, identified as CVE-2026-58644, has a high severity score of 9.8, indicating that it poses a significant risk. Federal Civilian Executive Branch agencies are mandated to implement necessary patches by July 19, 2026. The vulnerability involves a deserialization issue that could allow attackers to execute remote code on affected systems, making it crucial for organizations using SharePoint to take immediate action. By addressing this vulnerability, agencies can help prevent potential exploitation by malicious actors.

Jul 17, 2026

Russian hackers use fake CAPTCHA to infect Ukrainian targets

SCM feed for Latest

The Sandworm group, which is associated with Russia's military intelligence agency, the GRU, is targeting Ukrainian organizations using a deceptive approach called ClickFix. This technique involves creating fake CAPTCHA challenges that trick users into downloading malware. By exploiting social engineering tactics, the attackers aim to gain access to sensitive information. This method poses a significant risk to Ukrainian entities, as it can lead to data breaches and further cyber operations. The use of such sophisticated tactics reflects the ongoing cybersecurity threats faced by Ukraine amid its geopolitical tensions with Russia.

Jul 16, 2026

Period tracking app Stardust shares sensitive user data with third parties, report finds

SCM feed for Latest

A recent investigation by Mozilla has found that the period tracking app Stardust is sharing sensitive user data with third-party service RudderStack. This data is linked to a unique identifier rather than personal names, which raises privacy concerns for users. The sharing of such information can potentially expose users to unwanted marketing and other privacy risks. Given the nature of period tracking apps, which often contain sensitive health data, this incident highlights the need for greater transparency and user control over personal information. Users of Stardust may want to reconsider their use of the app or review its privacy settings to protect their data.

Jul 16, 2026

Chinese actors leverage AI tools for automated cyberattacks on government and financial systems

SCM feed for Latest

Researchers from Hunt.io uncovered a significant cyber intrusion campaign attributed to Chinese actors using AI tools to automate attacks on government and financial systems. This campaign was detected in June 2026 and involved 13 servers located in Hong Kong. The servers contained sensitive materials, including victim source code, exploit scripts, and logs from the operators. The use of AI in these attacks could allow for faster and more efficient exploitation of vulnerabilities, raising concerns about the potential scale and impact of such attacks on critical infrastructure. As these methods evolve, organizations must remain vigilant and enhance their security measures to protect against increasingly sophisticated threats.

Jul 16, 2026

Daxin malware resurfaces with new backdoor targeting Taiwan manufacturer

SCM feed for Latest

The Daxin malware, a kernel-mode rootkit first identified in March 2022, has resurfaced, with researchers discovering it operating on a compromised system belonging to a manufacturer in Taiwan in 2026. This malware is particularly concerning because it can provide attackers with deep access to targeted systems, potentially leading to data theft or further exploitation. The resurgence of Daxin suggests that attackers are still actively using and developing sophisticated tools to breach security measures, particularly in regions like Taiwan, which is significant for its role in global technology supply chains. Companies in the region should enhance their defenses and monitor for any signs of compromise to mitigate the risks associated with this malware. The ongoing evolution of threats like Daxin emphasizes the need for continuous vigilance in cybersecurity practices.

Jul 16, 2026

23andMe agrees to $18 million settlement over data breach

SCM feed for Latest

23andMe has agreed to pay $18 million in a settlement following a data breach that affected approximately 6.9 million customers. This breach occurred between April and September 2023, and was caused by credential-stuffing attacks, where attackers used stolen usernames and passwords to access accounts. The compromised data included sensitive genetic ancestry information, raising significant privacy concerns for users. This incident underscores the risks associated with storing personal genetic data online, as it can be exploited for various malicious purposes. Customers affected by the breach may need to monitor their accounts closely and consider additional security measures to protect their personal information.

Jul 16, 2026