Skip to content
July 4, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Top 8 biggest hacks of 2017
  • Data Leak
  • News

Top 8 biggest hacks of 2017

Do Son December 28, 2017 6 minutes read
Add as a preferred
source on Google

1. Equifax data leak

Equifax, founded in 1899, has more than 800 million consumers and more than 88 million businesses worldwide. As a veteran credit information agency, it has important information about a large number of US consumers, such as your name, date of birth, home address, Social Security number SSN, driver’s license ID, and credit card information.

Equifax, with so much important information on it, was targeted by hackers in May of this year and did not notice until the end of July. Worse still, it was not announced to the public until September.

During this time, a total of three executives from Equifax’s CFO, US Information Solutions President, and Staffing Program President sold Equifax shares with a total value of nearly $ 1.8 million …

Frightened Americans began to worry that some people on the Internet had already sold their information to customers such as banks, landlords, and employers, and those who bought the information would know you better.

2. Yahoo admitted that 3 billion user account information fell into the hands of hackers in 2013

Last September, Yahoo! Inc. announced that hackers stole account information for at least 500 million of its users in August 2013. In December of that year, Yahoo also said that the number of stolen accounts of about 1 billion. According to information released on October 3 this year, Yahoo confirmed that all 3 billion of its user accounts should be hacked. The company has sent more prompts to more users to change their login password and related login information.

Yahoo and the investigators have said that the “state-funded hacker” launched the attack, but did not specify which country it was.

Stolen information includes user name, e-mail address, phone number, birthday and part of the user some customers encrypted or not encrypted security problems and answers. On October 3, Yahoo again stressed that hackers should not have access to computers that have unprotected passwords, payment card data, and bank account information, meaning that user account information is partially stolen.

Yahoo said there should be fewer than 3 billion affected users due to the existence of some accounts that are either permanently or rarely used and some that have multiple Yahoo accounts.

3. NSA attack tools leak, triggering “WannaCry” and other 

In the early hours of April 6, the United States conducted military sanctions on Syria on the grounds of opposing the anti-personnel chemical weapons and launched 59 Tomahawk cruise missiles on the Syrian government space base.

It was not long before the hacker group Shadow Brokers, protesting the U.S. attack on Syrian airbase, announced it would proclaim to the world that it had obtained a copy of the Equation Group, a hacker group affiliated with the NSA (the U.S. National Security Agency) The decryption key – CrDj “(; Va.*NdlnzB9M? @ K2) #> deB7mN, so that everyone in the world can view the United States network warfare weapons.

To put it bluntly, the United States bullied Syria. The Shadow Brokers felt uncomfortable. As a result, they released the dirty gadgets of the U.S. government for dirty work to the world and showed great fearlessness.

Hackers can exploit these tools to compromise a variety of Windows servers and operating systems, including Windows 7 and Windows 8 systems.

Although Microsoft said in March this year released a patch for the related security vulnerabilities, but many companies did not update. Subsequently, the “shadow broker” tool released to create a number of major international hacker events, such as “WannaCry” “blackmail incident.

4. WannaCry ransomware

People have seen that the author of the outbreak of ransomware received 350,000 U.S. dollars and it seems that there is not much more than its global influence. But many people do not know that this worm-transmitted virus is version 2.0, whereas in the previous version 1.0 virus authors had made tens of millions of dollars.

On the night of December 18, the U.S. government made a public statement that North Korea is behind the WannaCry incident.

5. Petya Ransomware

On June 27, Twitter reported that a new ransomware similar to “WannaCry” swept across Europe, causing many large enterprises, including RosneftPJSC and Danish AP Muller-Maersk Co., Ltd., to be attacked, And the government system in Ukraine was also hit by the virus. The virus code-named “Petya.”

In June of this year, the “Nott Petilia” computer virus targeted Ukrainian companies that use poisoning tax software. Several large multinational companies recruit, including FedEx, WPP Advertising UK, Rosneft and Maersk Line Denmark.

The Nottpea’s method of communication also exploits the security loopholes exposed by Shadow Brokers.

US FedEx said in September that the virus has caused a loss of 300 million U.S. dollars and its TNT International Courier Company was forced to suspend business.

6. Bad Rabbit ransomware

Another ransomware that caused a lot of commotion was the “bad rabbit.” Bad Rabbit infiltrated the user’s computer with Adobe Flash software installation requests popped up on the news media site, and those news sites were hacked.

This wave of blackmail wave occurred in October and mainly hit Russia. However, some experts found that victims also appeared in Ukraine, Turkey, and Germany.

This thing reminds us that users must not download the software through an advertisement pop-up window or a website that does not belong to a software company.

7. Voter records exposed

In June, a computer security researcher found that a U.S. Republican data company had made a mistake in choosing the security settings for its Amazon cloud storage service, resulting in the disclosure of nearly 200 million voters.

This is the latest major breach caused by the unsafe Amazon server. The server’s default option is safe, but cybersecurity officer Chris Vickery often discovers there is a company setting error.

Verizon and the U.S. Department of Defense have the same information stored on Amazon servers.

8. Uber paid $100,000 to hacker

In 2016, hackers stole data from 57 million Uber users, and Uber subsequently paid $ 100,000 to quell the incident. It was not until November of this year that the case was revealed by Dara Horaosossi, the new chief executive of Uber. Uber is now facing a question from legislators. Three federal senators to promote the relevant bills, it is likely to lead to those who intentionally cover up the data invasion of the face of prison.

Source: CNN

 

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Brazilian Banking Malware Targets Spain: An Emerging Cyber Threat Landscape
  • CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk
  • IBM Spends $11 Billion on Confluent to Build Its AI ‘Intelligent Data Platform’
  • Apple’s New AirPods Pro 3: The Ultimate Upgrade for Sound and Health
  • End of an Era: Apple Has Reportedly Cancelled the Mac Pro Lineup

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Bad Rabbit ransomware Petya Ransomware WannaCry Ransomware

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
  • CVE-2026-28496CVSS 9.4
    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
    Admin intel📅 Updated: Jun 25, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-58426CVSS 9.6
    Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read...
  • CVE-2026-58289CVSS 9.0
    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based)...
  • CVE-2026-22874CVSS 9.6
    Gitea versions up to and including 1.26.2 have incomplete SSRF protection in...
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by...
  • CVE-2026-4321CVSS 9.8
    Improper neutralization of special elements used in an SQL command ('SQL injection')...
  • CVE-2026-14544CVSS 9.8
    A flaw was found in HPLIP (HP Linux Imaging and Printing Software)....
  • CVE-2026-9725CVSS 9.1
    The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress...
  • CVE-2026-13768CVSS 10.0
    Gardyn devices expose a privileged iothubowner key. Access to this key will...
  • CVE-2026-57100CVSS 9.9
    Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an...
  • CVE-2026-45499CVSS 9.9
    Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to...
Powered by CVE WATCHTOWER

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.

    We respect your inbox. Unsubscribe anytime.

    Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.