SimonMed says 1.2 million patients impacted in January data breach
U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive…
Massive multi-country botnet targets RDP services in the US
A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. The…
SonicWall VPN accounts breached using stolen creds in widespread attacks
Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen,…
Oracle releases emergency patch for new E-Business Suite flaw
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited…
Harvard investigating breach linked to Oracle zero-day exploit
Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged…
Fake 'Inflation Refund' texts target New Yorkers in new scam
An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer…
Spain dismantles “GXC Team” cybercrime syndicate, arrests leader
Spanish Guardia Civil have dismantled the “GXC Team” cybercrime operation and arrested its alleged leader, a 25-year-old…
Hackers exploiting zero-day in Gladinet file sharing software
Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local…
Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time
In today's hyper-connected world, cyber threats are more sophisticated and frequent than ever - ransomware attacks, data breaches, social…
Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories,…
FBI takes down BreachForums portal used for Salesforce extortion
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking…
New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok,…
Microsoft: Hackers target universities in “payroll pirate” attacks
A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in "pirate…
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and…
RondoDox botnet targets 56 n-day flaws in worldwide attacks
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first…
SonicWall: Firewall configs stolen for all cloud backup customers
SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month.…
Hacktivists target critical infrastructure, hit decoy plant
A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to…
Hackers claim Discord breach exposed data of 5.5 million users
Discord says they will not be paying threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk…
New FileFix attack uses cache smuggling to evade security software
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s…
Qilin ransomware claims Asahi brewery attack, leaks data
The Qilin ransomware group has claimed the attack on Japanese beer giant Asahi by adding the company to the list of victims on its data leak…
Crimson Collective hackers target AWS cloud instances for data theft
The 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data…
Hackers exploit auth bypass in Service Finder WordPress theme
Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass…
London police arrests suspects linked to nursery breach, child doxing
The UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack…
OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups
OpenAI’s latest “Disrupting Malicious Uses of AI” report shows that hackers and influence operators are moving toward a more…
New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens
Cybersecurity researchers at Point Wild’s Lat61 Threat Intelligence Team have found a new infostealer called Shuyal Stealer, a malware…
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that…
Docker makes Hardened Images Catalog affordable for small businesses
The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for…
Google won’t fix new ASCII smuggling attack in Gemini
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with…
DraftKings warns of account breaches in credential stuffing attacks
Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of…
13-Year-Old RediShell Vulnerability Puts 60,000 Redis Servers at Risk
A new vulnerability in Redis, now known as RediShell (CVE-2025-49844), has put tens of thousands of servers at risk of remote compromise. The…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…
Electronics giant Avnet confirms breach, says stolen data unreadable
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen…
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
A CVSS 10.0 deserialization vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution is now being actively exploited by…
Google's new AI bug bounty program pays up to $30,000 for flaws
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's…
New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
A team of researchers from the University of California, Irvine, has discovered a security risk right on your desk. It turns out that your…
Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users
If you use messaging apps in the United Arab Emirates (UAE), cybersecurity researchers at ESET have identified two mobile spyware campaigns…
XWorm malware resurfaces with ransomware module, over 35 plugins
New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project…
Massive surge in scans targeting Palo Alto Networks login portals
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses,…
Hackers steal identifiable Discord user data in third-party breach
Hackers stole partial payment information and personally identifying data associated with some Discord users after compromising a third-party…
Discord discloses data breach after hackers steal support tickets
Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users…
Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
A new leak site has gone live, operated by the notorious group calling itself “Scattered Lapsus$ Hunters,” (a coalition that…
Signal adds new cryptographic defense against quantum attacks
Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing…