Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake…
Category: Security
Global Security News, Security
Owner of Incognito dark web drugs market gets 30 years in prison
A Taiwanese man was sentenced to 30 years in prison for operating Incognito Market, one of the world’s largest online narcotics marketplaces that sold over $105 million worth of illegal drugs to customers worldwide. […]
AI, AWS, Cloud Security, cyber attacks, Global Security News, Security
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes
Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach.
Cloud Security, CloudFlare, Global Security News, Phishing Scam, Security
Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises
ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.
Global Security News, Security
Coinbase confirms insider breach linked to leaked support tool screenshots
Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December. […]
CryptoCurrency, Global Security News, Security
Step Finance says compromised execs’ devices led to $40M crypto theft
Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company’s team of executives. […]
Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2019-19006 Sangoma FreePBX Improper Authentication…
Global Security News, Security
Wave of Citrix NetScaler scans use thousands of residential proxies
A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of residential proxies to discover login panels. […]
Exploits, Global Security News, Security
CISA flags critical SolarWinds RCE flaw as exploited in attacks
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. […]
APT28, cyber attack, cyber attacks, Exploits, Global Security News, Microsoft, Security
Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks
A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania.
Global Security News, Security
Iron Mountain: Data breach mostly limited to marketing materials
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. […]
Breaking News, Exploits, Global Security News, hacking, hacking news, Security
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a…
Global Security News, Security
AI Agent Identity Management: A New Security Control Plane for CISOs
Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. […]
Artificial Intelligence, Global Security News, Security
UK privacy watchdog probes Grok over AI-generated sexual images
The United Kingdom’s data protection authority launched a formal investigation into X and its Irish subsidiary over reports that the Grok AI assistant was used to generate nonconsensual sexual images. […]
agentic ai, AI, Artificial Intelligence, Global Security News, Security
Meet Moltbook, the Social Platform Where AI Agents Talk and Humans Watch
Moltbook is a new social platform where AI agents post and interact while humans observe, raising questions about autonomy, security, and agent behavior.
Exploits, Global Security News, Security
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. […]
Exploits, Global Security News, Security
ThreatDown Study Highlights AI-Driven Ransomware Surge
Cybercriminals are rapidly shifting from human-led intrusions to AI-orchestrated operations that move at machine speed, according to ThreatDown’s newly released 2026 State of Malware report. The research warns that artificial intelligence is now removing many of the constraints that once limited cybercrime, allowing small attacker groups—or even single operators—to execute large-scale, multi-stage intrusions in minutes…
Exploits, Global Security News, Security
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. […]
AI, Global Security News, Security, security policy, Security resilience, Security Software, security solutions
Cisco is Proud to Champion the UK’s Software Security Code of Practice
Cisco champions the UK’s Software Security Code of Practice in support of secure software supply chains and strengthening trust in digital services.
Global Security News, Security, security policy, Security resilience, Security Software, security solutions
Cisco is Proud to Champion the UK’s Software Security Code of Practice
Cisco champions the UK’s Software Security Code of Practice in support of secure software supply chains and strengthening trust in digital services.
AI, Global Security News, Security, security policy, Security resilience, Security Software, security solutions
Cisco is Proud to Champion the UK’s Software Security Code of Practice
Cisco champions the UK’s Software Security Code of Practice in support of secure software supply chains and strengthening trust in digital services.
AI, Global Security News, Security, security policy, Security resilience, Security Software, security solutions
Cisco is Proud to Champion the UK’s Software Security Code of Practice
Cisco champions the UK’s Software Security Code of Practice in support of secure software supply chains and strengthening trust in digital services.
AI, Global Security News, Security, security policy, Security resilience, Security Software, security solutions
Cisco is Proud to Champion the UK’s Software Security Code of Practice
Cisco champions the UK’s Software Security Code of Practice in support of secure software supply chains and strengthening trust in digital services.
Artificial Intelligence, Global Security News, Security
French prosecutors raid X offices, summon Musk over Grok deepfakes
French prosecutors have raided X’s offices in Paris on Tuesday as part of a criminal investigation into the platform’s Grok AI tool, widely used to generate sexually explicit images. […]
cyber attack, cyber attacks, Cybersecurity, data breach, Global Security News, Security
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data.
APT, Exploits, Global Security News, hacking, intelligence, malware, Security
APT28 exploits Microsoft Office flaw in Operation Neusploit
Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…
cyber attack, cyber attacks, Cybersecurity, data breach, Global Security News, Security
Everest Ransomware Claims 90GB Data Theft From HP Inc.’s Polycom Systems
Everest ransomware claims a breach involving legacy Polycom systems now under HP Inc, alleging 90GB of internal data, with no confirmation from HP so far.
APT, Asia Pacific, Breaking News, Global Security News, hacking, malware, Security
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom
Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
Global Security News, Security
New GlassWorm attack targets macOS via compromised OpenVSX extensions
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. […]
Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security
MoltBot Skills exploited to distribute 400+ malware packages in days
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…
Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security
MoltBot Skills exploited to distribute 400+ malware packages in days
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…
Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security
MoltBot Skills exploited to distribute 400+ malware packages in days
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…
Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security
MoltBot Skills exploited to distribute 400+ malware packages in days
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…
Exploits, Global Security News, Security
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. […]
Breaking News, cyber crime, Cybercrime, data breach, Global Security News, Security
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive…
Breaking News, cyber crime, Cybercrime, data breach, Global Security News, Security
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive…
Breaking News, cyber crime, Cybercrime, data breach, Global Security News, Security
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive…
Breaking News, cyber crime, Cybercrime, data breach, Global Security News, Security
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive…
cyber attack, Cybersecurity, Exploits, Global Security News, Phishing Scam, Security
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.
cyber attack, Cybersecurity, Exploits, Global Security News, Phishing Scam, Security
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.
cyber attack, Cybersecurity, Exploits, Global Security News, Phishing Scam, Security
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.
cyber attack, Cybersecurity, Exploits, Global Security News, Phishing Scam, Security
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials.
Artificial Intelligence, Global Security News, Security
Malicious MoltBot skills used to push password-stealing malware
More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub. […]
cyber attack, cyber attacks, Cybersecurity, Global Security News, malware, Security
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider.
cyber attack, cyber attacks, Cybersecurity, Global Security News, malware, Security
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider.
cyber attack, cyber attacks, Cybersecurity, Global Security News, malware, Security
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider.
cyber attack, cyber attacks, Cybersecurity, Global Security News, malware, Security
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider.
Global Security News, Security
CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams
Fake high-yield investment platforms are surging worldwide, promising “guaranteed” returns that mask classic Ponzi schemes.CTM360 explains how HYIP scams scale through social media, recycled templates, and referral abuse. […]
0day, cyber attack, Cybersecurity, EPMM, Global Security News, Security
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software.
0day, cyber attack, Cybersecurity, EPMM, Global Security News, Security
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software.
0day, cyber attack, Cybersecurity, EPMM, Global Security News, Security
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software.
0day, cyber attack, Cybersecurity, EPMM, Global Security News, Security
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software.
Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using…
Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using…
Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using…
Breaking News, cyber crime, Exploits, Global Security News, hacking, hacking news, Security
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using…
Global Security News, Security
Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. […]
Global Security News, Security
Human Risk Management: Das Paradoxon der Sicherheitsschulungen
Security Awareness Trainings sollten auf dem Human-Risk-Management-Ansatz basieren. FAMILY STOCK – shutterstock.com Unternehmen investieren Millionen von Dollar in Firewalls, Endpunktsicherheit oder Verschlüsselung. Doch eine einzige Person kann eine Katastrophe auslösen. Es reicht, wenn sie eine infizierte Datei herunterlädt oder auf einen betrügerischen Link klickt. Analysen zeigen: Zwischen 70 und 90 Prozent aller Sicherheitslücken entstehen, weil…
Global Security News, Security
Human Risk Management: Das Paradoxon der Sicherheitsschulungen
Security Awareness Trainings sollten auf dem Human-Risk-Management-Ansatz basieren. FAMILY STOCK – shutterstock.com Unternehmen investieren Millionen von Dollar in Firewalls, Endpunktsicherheit oder Verschlüsselung. Doch eine einzige Person kann eine Katastrophe auslösen. Es reicht, wenn sie eine infizierte Datei herunterlädt oder auf einen betrügerischen Link klickt. Analysen zeigen: Zwischen 70 und 90 Prozent aller Sicherheitslücken entstehen, weil…
Global IT News, Global Security News, News and Trends, Security, Tools & Platforms
CyberFox Co-Founders on Recent Investment & 2026 Opportunity
CyberFOX, a cybersecurity software provider focused on managed service providers and IT organizations, has secured a nine-figure growth investment led by Level Equity, with participation from Radian Capital and the company’s founders. Channel Insider spoke with co-founders Adam Slutskin and David Bellini ahead of the announcement to learn more about why they chose to take…
Global IT News, Global Security News, News and Trends, Security, Tools & Platforms
CyberFox Co-Founders on Recent Investment & 2026 Opportunity
CyberFOX, a cybersecurity software provider focused on managed service providers and IT organizations, has secured a nine-figure growth investment led by Level Equity, with participation from Radian Capital and the company’s founders. Channel Insider spoke with co-founders Adam Slutskin and David Bellini ahead of the announcement to learn more about why they chose to take…
Global Security News, Security
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. […]
Asia Pacific, Breaking News, Cybercrime, data breach, Global Security News, hacking, Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
Asia Pacific, Breaking News, Cybercrime, data breach, Global Security News, hacking, Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
Asia Pacific, Breaking News, Cybercrime, data breach, Global Security News, hacking, Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
Asia Pacific, Breaking News, Cybercrime, data breach, Global Security News, hacking, Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
APT, Breaking News, Exploits, Global Security News, hacking, hacking news, Security
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
Global Security News, Security
NationStates confirms data breach, shuts down game site
NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. […]
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Security
Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Security
Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Security
Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, Security
Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DOJ releases details alleged talented hacker working for Jeffrey Epstein Cyberattacks Disrupt Communications at Wind, Solar,…
Global Security News, Security
Exposed MongoDB instances still targeted in data extortion attacks
A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. […]
Apple, Global Security News, Security
New Apple privacy feature limits location tracking on iPhones, iPads
Apple is introducing a new privacy feature that lets users limit the precision of location data shared with cellular networks on some iPhone and iPad models. […]
cyber attack, Cybersecurity, Global Security News, malware, Security
Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data
We usually think of computer viruses as silent, invisible programs running in the background, but a worrying discovery shows that modern hackers are getting much more personal.
Artificial Intelligence, Global Security News, Legal, Security
U.S. convicts ex-Google engineer for sending AI tech data to China
A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. […]
Global Security News, Security
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. […]
Global Security News, Security
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. […]
Global Security News, Security
Researcher reveals evidence of Instagram private profiles leaking photos
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. […]
Global Security News, Security
Researcher reveals evidence of private Instagram profiles leaking photos
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. […]
APT, Cyber warfare, Exploits, Global Security News, Security
Cyberattacks Disrupt Communications at Wind, Solar, and Heat Facilities in Poland
CERT Polska said cyberattacks hit 30+ wind and solar farms, a manufacturer, and a major CHP plant supplying heat to nearly 500,000 people. On December 29, 2025, Poland faced coordinated cyberattacks targeting over 30 wind and solar farms, a manufacturing company, and a major heat and power plant serving nearly 500,000 people, CERT Polska reported.…
DevOps, Global Security News, Security, Technology
DevSecOps Aware in Healthcare: SBOM-Driven Supply-Chain Assurance with Policy-Based Cost Guardrails and Continuous Security Validation
Cloud-native DevOps using microservices and Kubernetes improves telemedicine reliability through auto scaling, resilient deployments, and continuous observability.
Global Security News, Security
Crypto wallets received a record $158 billion in illicit funds last year
Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. […]
Global Security News, Microsoft, Security
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. […]
Android, cyber attack, Global Security News, malware, Security
Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries
Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps.
Breaking News, Exploits, Global Security News, hacking, hacking news, Security
SmarterTools patches critical SmarterMail flaw allowing code execution
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. “SmarterTools SmarterMail versions prior to build 9511 contain…
Breaking News, Exploits, Global Security News, hacking, hacking news, Security
SmarterTools patches critical SmarterMail flaw allowing code execution
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. “SmarterTools SmarterMail versions prior to build 9511 contain…
Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a code injection that impacts Ivanti Endpoint Manager…
Breaking News, CISA, Exploits, Global Security News, hacking, hacking news, Security
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a code injection that impacts Ivanti Endpoint Manager…
Breaking News, cyber crime, Cybercrime, Global Security News, Security
Empire Market co-founder faces 10 years to life after guilty plea
Empire Market co-founder Raheim Hamilton pleaded guilty to U.S. drug conspiracy charges in Chicago, facing a mandatory 10 years to life in prison. Raheim Hamilton (30) of Virginia, co-creator of the dark web marketplace Empire Market, pleaded guilty in Chicago to a federal drug conspiracy charge. Empire Market allowed users to anonymously buy and sell…
Breaking News, cyber crime, Cybercrime, Global Security News, Security
Empire Market co-founder faces 10 years to life after guilty plea
Empire Market co-founder Raheim Hamilton pleaded guilty to U.S. drug conspiracy charges in Chicago, facing a mandatory 10 years to life in prison. Raheim Hamilton (30) of Virginia, co-creator of the dark web marketplace Empire Market, pleaded guilty in Chicago to a federal drug conspiracy charge. Empire Market allowed users to anonymously buy and sell…
Global Security News, Mobile, Security
Hugging Face abused to spread thousands of Android malware variants
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. […]
Exploits, Global Security News, Security
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. […]
Global IT News, Global Security News, Security
Strategies for Container-Related Incidents Impact Security Goals
A recent survey from BellSoft, a software products and technologies company that primarily contributes to OpenJDK, found that the tools and strategies organizations use to protect themselves against container-related incidents are undermining their overall security goals. 427 developers provide insights into often flawed security practices While the container ecosystem continues to mature, this report emphasizes…
Advanced (300), AI, Apps, Automation, Compliance, Cybersecurity, Data Breaches, Data Security, Global Security News, Network Security, Risk Management, Security, Security, Identity, & Compliance
How to get started with security response automation on AWS
December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…
Advanced (300), AI, Apps, Automation, Compliance, Cybersecurity, Data Breaches, Data Security, Global Security News, Network Security, Risk Management, Security, Security, Identity, & Compliance
How to get started with security response automation on AWS
December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…
Advanced (300), AI, Apps, Automation, Compliance, Cybersecurity, Data Breaches, Data Security, Global Security News, Network Security, Risk Management, Security, Security, Identity, & Compliance
How to get started with security response automation on AWS
December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps…