Docker makes Hardened Images Catalog affordable for small businesses
The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for…
Google won’t fix new ASCII smuggling attack in Gemini
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with…
DraftKings warns of account breaches in credential stuffing attacks
Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of…
13-Year-Old RediShell Vulnerability Puts 60,000 Redis Servers at Risk
A new vulnerability in Redis, now known as RediShell (CVE-2025-49844), has put tens of thousands of servers at risk of remote compromise. The…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…
Electronics giant Avnet confirms breach, says stolen data unreadable
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen…
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
A CVSS 10.0 deserialization vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution is now being actively exploited by…
Google's new AI bug bounty program pays up to $30,000 for flaws
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's…
New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
A team of researchers from the University of California, Irvine, has discovered a security risk right on your desk. It turns out that your…
Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users
If you use messaging apps in the United Arab Emirates (UAE), cybersecurity researchers at ESET have identified two mobile spyware campaigns…
XWorm malware resurfaces with ransomware module, over 35 plugins
New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project…
Massive surge in scans targeting Palo Alto Networks login portals
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses,…
Hackers steal identifiable Discord user data in third-party breach
Hackers stole partial payment information and personally identifying data associated with some Discord users after compromising a third-party…
Discord discloses data breach after hackers steal support tickets
Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users…
Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
A new leak site has gone live, operated by the notorious group calling itself “Scattered Lapsus$ Hunters,” (a coalition that…
Signal adds new cryptographic defense against quantum attacks
Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing…
Renault and Dacia UK warn of data breach impacting customers
Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was…
Japanese beer giant Asahi confirms ransomware attack
Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories…
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches,…
CommetJacking attack tricks Comet browser into stealing emails
A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow…
Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers
Cybersecurity experts are on high alert as a group claiming ties to the infamous Cl0p ransomware gang is bombarding companies with emails that…
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were…
Gmail business users can now send encrypted emails to anyone
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. To send an…
Renault UK Customer Records Stolen in Third-Party Breach
Renault UK is informing customers that their personal data may have been compromised following a cyberattack on one of its third-party service…
Microsoft Outlook stops displaying inline SVG images used in attacks
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks.…
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow…
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the past 12 months. HackerOne manages over…
Microsoft Defender bug triggers erroneous BIOS update alerts
Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output…
$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk
Cybersecurity researchers at Bishop Fox have revealed security vulnerabilities in the popular, inexpensive YoLink Smart Hub (v0382), leaving…
Google Patches “Gemini Trifecta” Vulnerabilities in Gemini AI Suite
Cybersecurity researchers at Tenable recently discovered three critical security flaws within Google’s Gemini AI assistant suite, which…
Android spyware campaigns impersonate Signal and ToTok messengers
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok…
Malicious ZIP Files Use Windows Shortcuts to Drop Malware
A new wave of phishing attacks has been detected by the cybersecurity research firm, Blackpoint Cyber, that is exploiting users’ trust…
Small Businesses and Ransomware: Navigating the AI Era Threat
Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in the crosshairs. While…
Red Hat confirms security incident after hackers claim GitHub breach
An extortion group calling itself the Crimson Collective claims to have breached Red Hat's private GitHub repositories, stealing nearly 570GB…
Red Hat confirms security incident after hackers breach GitLab instance
Correction: After publishing, Red Hat confirmed that it was a breach of one of its GitLab instances, and not GitHub. Title and story updated.…
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data…
Data breach at dealership software provider impacts 766k clients
A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000…
WestJet Confirms Passenger IDs and Passports Stolen in Cyberattack
WestJet, a leading Canadian airline based in Calgary, has confirmed that a cybersecurity attack exposed personal information belonging to some…
Adobe Analytics bug leaked customer tracking data to other tenants
Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances…
Android malware uses VNC to give attackers hands-on access
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000…
F-Droid project threatened by Google's new dev registration rules
F-Droid is warning that the project could reach an end due to Google’s new requirements for all Android developers to verify their…
WestJet data breach exposes travel details of 1.2 million customers
This story was updated with new information on the number of customers impacted. Canadian airline WestJet is informing customers that the…