Recent news

A 32-year-old was arrested in Vienna after sending millions of phishing texts via an SMS blaster attack during Eurovision 2026.

GitHub confirmed a data breach after a poisoned VS Code extension gave attackers access to 3,800 internal repositories. Customer data is not believed to be affected.

Grafana Labs confirmed a data breach after a stolen access token gave hackers full access to its codebase. The company refused to pay.

INTERPOL's Operation Ramz led to 201 arrests, 53 server seizures, and nearly 4,000 confirmed victims across the Middle East and North Africa.

TeamPCP is selling 450 stolen Mistral AI repositories for $25,000 after a supply chain attack harvested developer credentials across npm and PyPI.

Two OpenAI employee devices were breached in the Mini Shai-Hulud supply chain attack. No user data was compromised, but certificates are being rotated.

The Nitrogen ransomware group hit Foxconn factories across North America, claiming 8TB of stolen data tied to Apple, Intel, Google, and Nvidia.

Škoda Auto confirmed a data breach after attackers exploited a vulnerability in its online shop software, exposing customer names, addresses, and password hashes.

Instructure and ShinyHunters reportedly reached an agreement aimed at preventing stolen Canvas platform data from leaking publicly.

German authorities dismantled a rebooted Crimenetwork darknet marketplace and arrested its administrator in Mallorca after the platform generated €3.6M.

A Zara data breach linked to a compromised analytics vendor has exposed the personal information of 197,000 people across multiple countries.

World Password Day 2026 falls on May 7. Here's why credential habits remain a critical security risk and what you can do today.

Official DAEMON Tools installers were trojanized from April 8, delivering backdoors to thousands of systems across 100+ countries. The attack is ongoing.

Trellix confirmed unauthorized access to its source code repository. Here's what happened, what remains unknown, and why it matters.

Canvas LMS maker Instructure confirms a data breach exposing names, emails, and student IDs. ShinyHunters claims 275 million records stolen.

Austrian and Albanian authorities dismantled a crypto investment fraud operation with 450 employees, causing €50M in losses across seven countries.

Medtronic confirmed a data breach after ShinyHunters claimed 9 million records stolen. Patient safety and operations were not affected.

Vimeo confirmed a data breach after analytics vendor Anodot was compromised. ShinyHunters stole tokens and accessed email addresses and metadata.

Canadian police arrested three men for operating SMS blaster devices across Toronto, causing 13 million network disruptions and mass smishing.

ADT confirmed a data breach after ShinyHunters threatened to leak over 10 million stolen records. Names, addresses, and partial SSNs were exposed.

Dutch cosmetics brand Rituals confirmed a data breach exposing customer names, addresses, and dates of birth from its My Rituals loyalty database.

North Korea's Lazarus Group is linked to a $290 million exploit of KelpDAO's cross-chain bridge, triggering a DeFi liquidity crisis.

France's ANTS has confirmed a data breach after a hacker claimed to have stolen up to 19 million citizen records and put them up for sale.

Hackers defaced the Seiko USA website, claimed to steal its Shopify customer database, and issued a 72-hour ransom deadline.

Vercel confirmed a data breach after attackers used a compromised AI tool to access internal systems and environment variables.

Kraken is facing extortion after insiders leaked client data from its support systems. Here is what happened and what it means for crypto security.

A cyberattack on Basic-Fit compromised names, bank details, and personal data belonging to roughly 1 million gym members in six EU countries.

ShinyHunters leaks 78.6 million Rockstar Games records stolen via a third-party breach at analytics vendor Anodot through Snowflake access tokens.

Booking.com has confirmed a data breach exposing names, contact details, and reservation data for an unknown number of customers.

Storm-2755 is hijacking Microsoft 365 sessions to redirect Canadian employee salaries. Here's how the attack works and what organizations must do.

Hackers stole $3.6 million in Bitcoin from Bitcoin Depot's corporate wallets after gaining access to internal settlement account credentials.

Iranian-linked hackers are disrupting U.S. water, energy, and government systems by targeting internet-exposed PLCs. Here's what happened.

LinkedIn's BrowserGate scandal exposes covert browser scanning of 6,000+ extensions. Here's what it means for your privacy and security.

Qilin ransomware has stolen data from Germany's Die Linke party. Employee data is at risk, but the membership database was spared.

A cyberattack on Hasbro has knocked systems offline and warned of weeks of order and shipping delays as the investigation continues.

An AI phishing campaign abusing Railway's cloud platform has compromised over 344 organisations, bypassing MFA with stolen Microsoft OAuth tokens.

Attackers used credentials stolen from the Trivy supply chain attack to breach Cisco's dev environment and steal source code.

Iran-linked hackers breached Kash Patel's personal Gmail and published photos and emails online. The FBI confirmed the compromise.

ShinyHunters has claimed a 350GB European Commission data breach, leaking databases, emails, and contracts from its AWS cloud environment.

HackerOne has disclosed a data breach affecting 287 employees after attackers exploited an API flaw at third-party benefits provider Navia.

Mazda confirmed a data breach exposing 692 employee and partner records after attackers exploited vulnerabilities in a warehouse system.

The Dutch Ministry of Finance confirmed a cyberattack on March 19 that breached internal systems and affected staff in the policy department.

Nordic fitness giant SATS has confirmed a cyber incident is more serious than initially assessed after a ransomware group claimed the attack.

A Meta AI agent gave flawed advice that exposed sensitive user and company data to unauthorized employees for two hours.

US, German, and Canadian authorities disrupted four IoT botnets behind record-breaking DDoS attacks, seizing domains and C2 infrastructure.

Aura has confirmed a data breach affecting nearly 900,000 records following a voice phishing attack on an employee. ShinyHunters claimed responsibility.

The EU sanctioned three firms and two individuals for cyberattacks on member states, including a campaign that compromised 65,000 devices.

Hackers targeted Poland's National Centre for Nuclear Research. The attack was detected and stopped before any systems were compromised.

ShinyHunters claims to have stolen up to 1 petabyte of data from Telus Digital in a multi-month breach tied to a third-party credential leak.

A threat actor has leaked source code from Sweden's e-government platform after breaching CGI Sverige AB. Passwords, credentials, and citizen data are exposed.

ShinyHunters is targeting misconfigured Salesforce Experience Cloud sites in an ongoing data theft and extortion campaign affecting hundreds of companies.

Iran-linked hacktivist group Handala claims a wiper attack on Stryker, wiping 200,000 devices across 79 countries and stealing 50TB of data.

Ericsson US data breach exposes sensitive employee and customer data after attackers hacked a third-party service provider storing personal records.

FBI wiretap breach prompts urgent investigation after attackers accessed systems used to coordinate court-authorized surveillance operations.

PayPal data breach exposed Social Security numbers and personal data due to a loan system coding error lasting nearly six months.

LeakBase cybercrime forum seized in global law enforcement operation as the FBI captures database data linked to more than 142,000 registered members.

AWS data centers were damaged by drone strikes in the Middle East, causing outages in UAE and Bahrain regions and disrupting multiple cloud services.

UK warns about Iran-linked cyber threats as Middle East tensions rise, urging organisations to strengthen cybersecurity and prepare for potential risks.

Japanese chip equipment maker Advantest suffered a ransomware attack, prompting an investigation into possible data exposure.

Poly HP data breach claims have emerged following allegations

Panera Bread has confirmed a data exposure incident that affected

Claims of an Iron Mountain data breach have begun circulating