Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS...

When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity.

The economics of industrial cybersecurity is no longer a straightforward matter of considering preventive expenses but a broader... The post Rising breach costs and operational downtime redefine...

Unauthorized access to Auger & Auger‘s network lasted all of 25 minutes on February 17, 2026. On March 30, the North Carolina personal injury law firm notified those affected and offered them 1...

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been...

Edith Lin reports: Hong Kong’s privacy watchdog and police are investigating a large-scale data leak involving over 56,000 patients served by the Hospital Authority, which reported the...

Bill Toulas reports: Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a...

Phil Tenser reports: A cybersecurity attack is affecting several Massachusetts towns that share a regional emergency communications center. The cyberattack affecting the Patriot Regional Emergency...

Robbie Meredith reports: An IT system used by schools across Northern Ireland has been targeted in a cyber attack, the Education Authority (EA) has said. On Thursday, schools received a message...

Maxwell Zeff, Zoë Schiffer, and Lily Hay Newman report: Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup,...

The Education Authority (EA) of Northern Ireland has confirmed that a cyber attack has hit schools. On April 3, the EA said that the C2k network, which provides online and IT services to schools,...

From smart cat feeders and robot vacuum cleaners to online chess, Russians have found new ways to communicate with loved ones as foreign messaging apps have been blacklisted. The Russian...

Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more.

A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses GitHub as command and control (C2) infrastructure. The campaign relies...

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]

After hackerbot-claw, another AI-powered campaign exploiting pull_request_target confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed.

St. Joseph County officials acknowledged a cyber attack by an Iranian-backed hacker group called Handala earlier this week. County officials and council members held a news conference Thursday...

Omax Autos Limited has confirmed a ransomware attack on its IT infrastructure, first detected on March 26, 2026. The company stated that while IT systems were affected, its core operations and...

An IT system used by schools across Northern Ireland has been targeted in a cyber attack, the Education Authority (EA) has said. On Thursday, schools received a message that as part of "work to...

The Uffizi Galleries in Florence have confirmed they were subject to a cyber-attack - but denied that the security systems protecting their famous works had been compromised. The Uffizi stressed...

A Vulnerability has been discovered in Fortinet FortiClientEMS that could allow for arbitrary code execution. FortiClientEMS is a centralized management platform for deploying, configuring,...

In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk...

In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses...

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has...

Ex-CISA official tells The Reg: 'this would weaken the system for managing cyber risk' The US Cybersecurity and Infrastructure Security Agency's budget will see yet another deep cut if Congress...

Abraham Jewett reports: The Cherry Creek School District sent a message to families recently after some students received a notice about a class action settlement over a 2024 data breach involving...

BakerHostetler’s annual report, which shares their experiences as a law firm representing data breach clients, is always one of my favorite reads, and their 2026 Data Security Incident Response...

Politico reported: The European Commission is investigating a cyber attack on its websites, with early findings suggesting that some data was taken, it said Friday. The EU executive said it...

Chad van Alstin reports: A hospital in Texas revealed that it’s fallen victim to a data breach that exposed the personal information of more than 257,000 patients to hackers. Nacogdoches Memorial...

When criminals store or host data on U.S. servers, victims may get lucky. This is one of those situations. Matthew Sockol reports that data from the town of Apex in North Carolina had been stolen...