CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Vyro AI Leak Exposes Sensitive User Data from Three Applications

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

Vyro AI, a maker of AI-content creation applications, has inadvertently leaked 116GB of sensitive user data from three of its products: ImagineArt, Chatly, and Chatbotx. The data, which includes AI prompts, bearer authentication tokens, and user agents, was exposed for several months. The leak could have allowed attackers to monitor user behavior, extract sensitive information, and hijack user accounts. Separately, audio streaming platform SoundCloud has confirmed a security breach in which threat actors stole a database containing user information. The breach affected 29.8 million accounts, approximately 20% of SoundCloud's users, and exposed email addresses, geographic locations, names, usernames, profile statistics, and avatars. The breach was followed by denial-of-service attacks, VPN connectivity issues, and extortion attempts by the ShinyHunters extortion gang.

Timeline

  1. 16.12.2025 02:38 2 articles · 1mo ago

    SoundCloud confirms breach affecting 28 million users

    SoundCloud confirmed a security breach involving unauthorized access to a database containing user information. The breach affected 29.8 million accounts, approximately 20% of SoundCloud's users, and exposed email addresses, geographic locations, names, usernames, profile statistics, and avatars. The breach was followed by denial-of-service attacks, VPN connectivity issues, and extortion attempts by the ShinyHunters extortion gang, who deployed email flooding tactics to harass users, employees, and partners.

    Show sources
    Open in new tab
  2. 12.09.2025 00:01 1 articles · 4mo ago

    Vyro AI Leak Exposed Sensitive User Data

    Vyro AI inadvertently leaked 116GB of sensitive user data from three of its applications: ImagineArt, Chatly, and Chatbotx. The data, which includes AI prompts, bearer authentication tokens, and user agents, was exposed for several months. The leak could have allowed attackers to monitor user behavior, extract sensitive information, and hijack user accounts. The exposed tokens are of particular concern, as they could be used to exploit the leaked data and lock users out of their accounts.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

World Leaks Ransomware Group Exfiltrates 1.4TB of Nike Data

The World Leaks ransomware group has claimed responsibility for a data breach affecting Nike, posting a 1.4TB cache of stolen internal data. The leaked files include R&D and product details, supply chain information, and internal documents dating back to 2020. Nike is investigating the incident, but no customer or employee PII has been identified in the dump. The breach could have significant commercial and operational impacts, including potential disruptions to product launches and supply chain operations. World Leaks removed the Nike entry from its leak site, suggesting potential negotiations or ransom payment. World Leaks is believed to be a rebrand of the Hunters International ransomware group, which emerged in late 2023 and was flagged as a possible Hive ransomware rebrand due to code similarities. Hunters International claimed responsibility for over 280 attacks, including victims such as the U.S. Marshals Service, Tata Technologies, Hoya, AutoCanada, and Austal USA.

Open in new tab

Grubhub Data Breach and Extortion Attempt by ShinyHunters

Grubhub confirmed a recent data breach where unauthorized individuals accessed and downloaded data from its systems. The company stated that sensitive information such as financial data or order history was not affected. However, sources indicate that the ShinyHunters cybercrime group is extorting Grubhub, demanding Bitcoin to prevent the release of stolen Salesforce and Zendesk data. The breach is believed to be connected to stolen credentials from the recent Salesloft Drift data theft attacks.

Open in new tab

Cyberattack on French Interior Ministry Email Servers

The French Interior Ministry confirmed a cyberattack on its email servers, detected between December 11 and 12, 2025. The breach allowed unauthorized access to document files, though data exfiltration remains unconfirmed. The ministry has tightened security protocols and launched an investigation to determine the origin and scope of the attack. Possible motives include foreign interference, activism, or cybercrime. On December 17, 2025, a 22-year-old suspect was arrested in connection with the attack. The suspect is accused of unauthorized access to an automated personal data processing system as part of an organized group. Investigations are being conducted by OFAC, France's Office for Combating Cybercrime. A BreachForums admin claimed responsibility for the attack, alleging it was in revenge for the arrests of forum moderators and admins. The forum post claims that data on 16,444,373 people from France's police records was stolen. In April 2025, France attributed a widespread hacking campaign to APT28, a group linked to Russia's GRU, targeting various French entities.

Open in new tab

ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage

Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.

Open in new tab

Crimson Collective targets multiple organizations including Red Hat and Brightspeed for data theft and extortion

The Crimson Collective has been targeting various organizations, including Red Hat and Brightspeed, for data theft and extortion. The group claims to have breached Red Hat's private GitLab repositories, stealing nearly 570GB of data across 28,000 internal projects, including 800 Customer Engagement Reports (CERs) containing sensitive information about customer networks and platforms. The breach occurred approximately two weeks prior to the announcement. The hackers claim to have accessed downstream customer infrastructure using authentication tokens and other private information found in the stolen data. The affected organizations span various sectors, including finance, healthcare, government, and telecommunications. Red Hat has initiated remediation steps and stated that the security issue does not impact its other services or products. The hackers published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram. The Centre for Cybersecurity Belgium (CCB) has issued an advisory stating there is a high risk to Belgian organizations that use Red Hat Consulting services. The CCB also warns of potential supply chain impact if service providers or IT partners worked with Red Hat Consulting. The CCB advises organizations to rotate all tokens, keys, and credentials shared with Red Hat or used in any Red Hat integrations, and to contact third-party IT providers to assess potential exposure. The ShinyHunters gang has now joined the extortion attempts against Red Hat, partnering with the Crimson Collective. ShinyHunters has released samples of stolen CERs on their data leak site and has set an October 10th deadline for Red Hat to negotiate a ransom demand to prevent the public leak of stolen data. The breach is part of a series of supply chain threats involving compromised code repositories. In May 2024, threat actors exploited a critical vulnerability (CVE-2023-7028) to take over GitLab accounts. GitLab disclosed and patched two similar vulnerabilities (CVE-2024-5655 and CVE-2024-6385) that jeopardized customers' CI/CD pipelines. Nissan Motor Co. Ltd. has confirmed that information of approximately 21,000 customers has been compromised due to the Red Hat breach. The leaked data includes full names, physical addresses, phone numbers, email addresses, and customer data used in sales operations. Financial information such as credit card details was not exposed in the breach. Nissan noted that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted. Nissan has no evidence that the leaked information has been misused. This is the second cybersecurity incident for Nissan Japan this year, following a Qilin ransomware attack in late August that hit its design subsidiary Creative Box Inc. (CBI). The Crimson Collective has also claimed responsibility for a breach at Brightspeed, an ISP operating across 20 US states. The group claims to have obtained PII on over one million customers and disrupted their connectivity. The PII includes account master records, address coordinates, payment history, payment methods, and appointment/order records. The group posted samples of the data on Telegram and claimed to have disconnected users' home internet. Jacob Krell from Suzu Labs commented on the broader implications of such breaches, noting their societal and national security impact.

Open in new tab