🔴BreachesHIGH
ADT confirms data breach after ShinyHunters leak threat
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]
🔴Breaches161 stories
Breaches
Latest cybersecurity breaches news, analysis, and intelligence.
🔴BreachesHIGH
New BlackFile extortion group linked to surge of vishing attacks
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]
🔴BreachesHIGH
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security. The post In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device appeared first on SecurityWee
🔴BreachesHIGH
DORA and operational resilience: Credential management as a financial risk control
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missing. [...]
🔴BreachesMEDIUM
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk e
🔴BreachesHIGH
China-Backed Hackers Are Industrializing Botnets
China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable way.
🔴BreachesHIGH
Luxury Cosmetics Giant Rituals Discloses Data Breach
The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses. The post Luxury Cosmetics Giant Rituals Discloses Data Breach appeared first on SecurityWeek.
🔴BreachesMEDIUM
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]
🔴BreachesHIGH
Chinese Cybersecurity Firms AI Hacking Claims Draw Comparisons to Claude Mythos
360 Digital Security Group claims to have uncovered 1,000 vulnerabilities using AI, including at the Tianfu Cup hacking contest. The post Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos appeared first on SecurityWeek.
🔴BreachesMEDIUM
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk em
🔴BreachesHIGH
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
🔴BreachesMEDIUM
Regular Password Resets Arent as Safe as You Think
Regular Password Resets Aren’t as Safe as You Think
🔴BreachesHIGH
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems
🔴BreachesMEDIUM
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in 'bw1.js,' a file included in the package
🔴BreachesHIGH
Cosmetics giant Rituals discloses data breach affecting customers
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. [...]
🔴BreachesHIGH
UK warns of Chinese hackers using proxy networks to evade detection
The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices to evade detection and disguise their malicious activity. [...]
🔴BreachesHIGH
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set o
🔴BreachesHIGH
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not
A company that ran anonymous tip lines for 35,000 American schools - handling reports of bullying, weapons, and self-harm - boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a challenge, with predictab
🔴BreachesMEDIUM
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activi
🔴BreachesMEDIUM
New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]
🔴BreachesHIGH
French govt agency confirms breach as hacker offers to sell data
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]
🔴BreachesHIGH
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
🔴BreachesCRITICAL
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initi
🔴BreachesHIGH
KelpDAO suffers $290 million heist tied to Lazarus hackers
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. [...]
🔴BreachesHIGH
Vercel Employee's AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.
🔴BreachesHIGH
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
🔴BreachesMEDIUM
WhatsApp Leaks User Metadata to Attackers
WhatsApp Leaks User Metadata to Attackers
🔴BreachesMEDIUM
Supply Chain Compromise Impacts Axios Node Package Manager
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environment
🔴BreachesHIGH
Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push pay
🔴BreachesHIGH
Seiko USA website defaced as hacker claims customer data theft
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]
🔴BreachesMEDIUM
Bluesky Disrupted by Sophisticated DDoS Attack
Bluesky Disrupted by Sophisticated DDoS Attack
🔴BreachesHIGH
British Scattered Spider hacker pleads guilty to crypto theft charges
British Scattered Spider hacker pleads guilty to crypto theft charges
🔴BreachesHIGH
Next.js Creator Vercel Hacked
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million. The post Next.js Creator Vercel Hacked appeared first on SecurityWeek.
🔴BreachesHIGH
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the com
🔴BreachesHIGH
Vercel confirms breach as hackers claim to be selling stolen data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]
🔴BreachesHIGH
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that b
🔴BreachesHIGH
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API to
🔴BreachesMEDIUM
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. [...]
🔴BreachesHIGH
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. [...]
🔴BreachesHIGH
Sometimes changing the password on your email mailbox isnt enough
Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the Fortra blog.
🔴BreachesHIGH
Another DraftKings Hacker Sentenced to Prison
Kamerin Stokes sold stolen credentials through an online marketplace even after pleading guilty to his role in the DraftKings attack. The post Another DraftKings Hacker Sentenced to Prison appeared first on SecurityWeek.
🔴BreachesMEDIUM
Two North Korean IT Worker Scheme Facilitators Jailed in the US
Kejia Wang and Zhenxing Wang compromised the identities of dozens of US persons to help land jobs at over 100 companies. The post Two North Korean IT Worker Scheme Facilitators Jailed in the US appeared first on SecurityWeek.
🔴BreachesHIGH
Man gets 30 months for selling thousands of hacked DraftKings accounts
Man gets 30 months for selling thousands of hacked DraftKings accounts
🔴BreachesHIGH
Anviz Multiple Products
View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications,
🔴BreachesHIGH
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
🔴BreachesHIGH
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API to
🔴BreachesHIGH
ThreatsDay Bulletin: Defender 0-Day,SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough s
🔴BreachesHIGH
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month. [...]
🔴BreachesHIGH
Smashing Security podcast #463: This AI company leaked its own code. Its also built something terrifying
A hacking group claims to have broken into the flood defence system protecting Venice's Piazza San Marco - and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mi
🔴BreachesHIGH
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
🔴BreachesMEDIUM
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
🔴BreachesHIGH
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. [...]
🔴BreachesHIGH
McGraw-Hill confirms data breach following extortion threat
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]
🔴BreachesHIGH
Europes Largest Gym Chain Says Data Breach Impacts 1 Million Members
Basic-Fit has reported that hackers have stolen names, dates of birth, and even bank account details. The post Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members appeared first on SecurityWeek.
🔴BreachesHIGH
5 Ways Zero Trust Maximizes Identity Security
Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral movement. [...]
🔴BreachesHIGH
Europes Largest Gym Chain Says Data Breach Impacts 1 Million Members
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
🔴BreachesHIGH
European Gym giant Basic-Fit data breach affects 1 million members
Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. [...]
🔴BreachesHIGH
Stolen Rockstar Games analytics data leaked by extortion gang
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. [...]
🔴BreachesHIGH
New Booking.com data breach forces reservation PIN resets
Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. [...]
🔴BreachesMEDIUM
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]
🔴BreachesHIGH
Booking.com Says Hackers Accessed User Information
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek.
🔴BreachesHIGH
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delive
🔴BreachesMEDIUM
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies o
🔴BreachesHIGH
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. Th
🔴BreachesHIGH
Hims Breach Exposes the Most Sensitive Kinds of PHI
Hims Breach Exposes the Most Sensitive Kinds of PHI
🔴BreachesHIGH
Your Next Breach Will Look Like Business as Usual
Your Next Breach Will Look Like Business as Usual
🔴BreachesHIGH
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]
🔴BreachesCRITICAL
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]
🔴BreachesCRITICAL
Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday
Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday
🔴BreachesMEDIUM
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
🔴BreachesMEDIUM
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers @font-face {font-family:Roboto;font-style:normal;font-weight:400;src:url(/cf-fonts/s/roboto/5.0.11/cyrillic/400/normal.woff2);unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;font-display:swap;}@font-face
🔴BreachesMEDIUM
Google Rolls Out Cookie Theft Protections in Chrome
Google Rolls Out Cookie Theft Protections in Chrome
🔴BreachesHIGH
Do Ceasefires Slow Cyberattacks? History Suggests Not
The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn't actually name or directly involve them.
🔴BreachesHIGH
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]
🔴BreachesMEDIUM
When attackers already have the keys, MFA is just another door to open
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]
🔴BreachesMEDIUM
Apple Intelligence AI Guardrails Bypassed in New Attack
Apple Intelligence AI Guardrails Bypassed in New Attack
🔴BreachesHIGH
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX
🔴BreachesHIGH
Eurail says December data breach impacts 300,000 individuals
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. [...]
🔴BreachesHIGH
$3.6 Million Stolen in Bitcoin Depot Hack
$3.6 Million Stolen in Bitcoin Depot Hack
🔴BreachesHIGH
300,000 People Impacted by Eurail Data Breach
In December 2025, hackers stole names and passport numbers from the European travel company’s network. The post 300,000 People Impacted by Eurail Data Breach appeared first on SecurityWeek.
🔴BreachesHIGH
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
🔴BreachesHIGH
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict. The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on SecurityWeek.
🔴BreachesHIGH
Google: New UNC6783 hackers steal corporate Zendesk support tickets
Google: New UNC6783 hackers steal corporate Zendesk support tickets
🔴BreachesHIGH
Hackers use pixel-large SVG trick to hide credit card stealer
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]
🔴BreachesMEDIUM
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
🔴BreachesMEDIUM
Fraud Rockets Higher in Mobile-First Latin America
Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.
🔴BreachesMEDIUM
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
🔴BreachesHIGH
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek.
🔴BreachesHIGH
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution. The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek.
🔴BreachesHIGH
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quietly functio
🔴BreachesCRITICAL
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC fun
🔴BreachesCRITICAL
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
Federal agencies warn attackers are manipulating PLC and SCADA systems across multiple sectors, triggering operational disruptions and raising concerns over broader OT targeting. The post Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks appeared first on SecurityWeek.
🔴BreachesHIGH
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]
🔴BreachesHIGH
Snowflake customers hit in data theft attacks after SaaS integrator breach
Snowflake customers hit in data theft attacks after SaaS integrator breach
🔴BreachesHIGH
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tok
🔴BreachesHIGH
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since
🔴BreachesCRITICAL
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
🔴BreachesMEDIUM
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
🔴BreachesMEDIUM
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automat
🔴BreachesHIGH
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek.
🔴BreachesHIGH
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeF
🔴BreachesHIGH
The Hidden Cost of Recurring Credential Incidents
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments,
🔴BreachesHIGH
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
The high-end casino and hotel operator has likely paid a ransom to avoid a data leak. The post Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack appeared first on SecurityWeek.
🔴BreachesHIGH
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
🔴BreachesHIGH
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, inv
🔴BreachesHIGH
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
🔴BreachesHIGH
Why Simple Breach Monitoring is No Longer Enough
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]
🔴BreachesHIGH
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
🔴BreachesHIGH
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials. The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
🔴BreachesHIGH
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 202
🔴BreachesHIGH
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. [...]
🔴BreachesHIGH
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek.
🔴BreachesHIGH
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
🔴BreachesHIGH
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.
🔴BreachesHIGH
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]
🔴BreachesHIGH
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults. The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek.
🔴BreachesHIGH
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underpre
🔴BreachesMEDIUM
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineerin
🔴BreachesHIGH
Apple Rolls Out DarkSword Exploit Protection to More Devices
The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek.
🔴BreachesMEDIUM
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst
🔴BreachesMEDIUM
Axios NPM Package Compromised in Precision Attack
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.
🔴BreachesHIGH
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.
🔴BreachesCRITICAL
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The post Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks appeared first
🔴BreachesHIGH
Hacker charged with stealing $53 million from Uranium crypto exchange
U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer. [...]
🔴BreachesHIGH
Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare
Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost. The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek.
🔴BreachesHIGH
European Commission Reports Cyber Intrusion and Data Theft
The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems. The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek.
🔴BreachesHIGH
European Commission confirms data breach after Europa.eu hack
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. [...]
🔴BreachesHIGH
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website tha
🔴BreachesHIGH
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446
🔴BreachesHIGH
LeakNet ransomware: what you need to know
A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.
🔴BreachesHIGH
Denver’s crosswalks hacked to broadcast anti-Trump messages
Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog.
🔴BreachesHIGH
Critical CVSS 10.0 Flaw in WAGO Industrial Managed Switches Allows Full Device Takeover
CISA has issued an advisory for CVE-2026-3587, a maximum-severity hidden functionality vulnerability in WAGO industrial managed switches that lets unauthenticated remote attackers escape the CLI and fully compromise the device. Over 30 firmware/hardware combinations across critical infrastructure sectors are affected.
🔴BreachesMEDIUM
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named
🔴BreachesMEDIUM
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March
🔴BreachesHIGH
China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation
The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. The post China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation appeared first on SecurityWeek.
🔴BreachesMEDIUM
Security Firm Executive Targeted in Sophisticated Phishing Attack
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages. The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek.
🔴BreachesHIGH
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
Broadcom, Bechtel, Estée Lauder, and Abbott Technologies are the only major companies that have yet to issue a public statement. The post Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact appeared first on SecurityWeek.
🔴BreachesHIGH
Hacking Attempt Reported at Poland’s Nuclear Research Center
Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag.
🔴BreachesMEDIUM
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
🔴BreachesMEDIUM
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a
🔴BreachesHIGH
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolific phishing-as-a-service platforms - has been dismantled.
🔴BreachesHIGH
Your Signal account is safe – unless you fall for this trick
Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts - with government officials and journalists among those being targeted.
🔴BreachesHIGH
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
🔴BreachesHIGH
Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War
Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants. The post Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks Dur
🔴BreachesHIGH
Starbucks Data Breach Impacts Employees
Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.
🔴BreachesHIGH
Loblaw Data Breach Impacts Customer Information
Personal information such as names, email addresses, and phone numbers was accessed by hackers.
🔴BreachesHIGH
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA
🔴BreachesHIGH
Poland's nuclear research centre targeted by cyberattack
Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]
🔴BreachesHIGH
Starbucks discloses data breach affecting hundreds of employees
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. [...]
🔴BreachesHIGH
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feel
🔴BreachesHIGH
Canadian Retail Giant Loblaw Forces Mass Logout Following Data Breach Notification
Loblaw, one of Canada's largest retail and food service companies, has confirmed a data breach, prompting the company to automatically log out all customer accounts as a precautionary measure. This incident underscores the persistent cybersecurity challenges faced by major corporations holding vast amounts of customer data, necessitating immediate user action to re-authenticate and maintain account security.
🔴BreachesMEDIUM
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. [...]
🔴BreachesHIGH
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. [...]
🔴BreachesMEDIUM
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. [...]
🔴BreachesHIGH
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity
🔴BreachesHIGH
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more t
🔴BreachesHIGH
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. [...]
🔴BreachesHIGH
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used t
🔴BreachesCRITICAL
MediSecure Health Network Exposes 14 Million Patient Records in Catastrophic Data Breach
A ransomware-linked breach at MediSecure Health Network has exposed the personal health information of over 14 million patients across 38 US states. The attack, attributed to the BlackSuit ransomware group, compromised EHR databases containing Social Security numbers, diagnoses, and insurance data.
🔴BreachesHIGH
2.1 Billion Records Exposed in AWS S3 Misconfiguration Sweep Conducted by Security Researcher
Security researcher Jeremiah Fowler has discovered and responsibly disclosed a series of misconfigured AWS S3 buckets exposing over 2.1 billion records across hundreds of companies. The data includes customer PII, API keys, internal source code, and HR records.
🔴BreachesHIGH
Bybit Cryptocurrency Exchange Loses $47M in Sophisticated Hot Wallet Compromise
Dubai-based Bybit confirmed that attackers drained $47 million in ETH, BTC, and stablecoins from its hot wallet infrastructure. The attack, one of the most technically sophisticated exchange hacks of 2025, exploited a multi-signature wallet vulnerability via a supply chain compromise.