From the Garante’s press release, below, it sounds like the banking group experienced an insider-wrongdoing breach in which an employee improperly accessed 3,573 customer accounts over a period of...
Zack Whittaker reports: American toy-making giant Hasbro has confirmed a cyberattack, and the company says it may take “several weeks” before the incident is resolved. The owner of properties...
DysruptionHub reports: North Attleboro Public Schools in Massachusetts said Wednesday it is responding to unauthorized activity on its network after what the superintendent described as a...
Matt Binder reports that Mac users have a new malware threat to be on the watch out for. According to a new report by Malwarebytes, Infiniti Stealer is a new malware attack targeting Mac users...
Abdelaziz Fathi reports: Blockchain analytics firm Elliptic said the $285 million exploit of Solana-based Drift Protocol shows multiple indicators associated with North Korea’s state-sponsored...
Aaron Graf of Amundsen Davis LLC writes: Under Wisconsin law, employees must first be the victim of identity theft or other concrete, imminent harm to have standing to sue employer for data...
Jake Bleiberg reports: The Federal Bureau of Investigation has concluded that last month’s breach of the networks it uses to manage wiretaps and other surveillance work qualifies as a “major...
PYMNTS reports: Payday loan provider Check City has notified 322,687 people about a March 2025 data breach, Comparitech reported Thursday (April 2). The data breach compromised names, Social...
Eduard Kovacs reports: A notice submitted to the Maine Attorney General’s Office this week informs its recipient that T-Mobile recently detected unauthorized access to limited information from...
TRENTON, N.J. – A Missouri man has pleaded guilty to crimes related to his hacking of computer networks and extortion of employees, U.S. Attorney Robert Frazer announced. Daniel Rhyne, 59, of...
Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications. The post When an Attacker Meets a...
Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models.
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft...
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. If we are all building on such shaky foundation, what can we do to keep safe?
Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure.
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors...
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor...
A practical look at securing identities, devices and applications wherever work happens Webinar Promo The shift to hybrid work has reshaped the enterprise perimeter. Users are logging in from home...
The data center boom is worsening a “significant market imbalance” of gas turbines, suggesting the build-out of artificial intelligence infrastructure is about to get much more expensive,...
In 2025, undersea cables in the Baltic Sea, Taiwan Strait, and Red Sea were sabotaged or meddled with, disrupting global connectivity. Despite NATO warnings and coast guard interceptions, the...
The energy sector has long been targeted as a point of leverage in geopolitical conflict. Historically, energy disruptions were concentrated on logistical and supply interruptions to exert...
Recent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to a preemptive exposure management strategy. Learn why endpoint detection...
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the...
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a...
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]
SentinelOne stops LiteLLM supply chain attack in real time, attackers weaponize Axios to deploy RAT, and Chrome zero-day enables RCE.
A recap of all the media moments that surprised us—and everyone’s still talking about
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]
On March 30, 2026, two malicious versions of the widely used axios HTTP client library were published to npm; [email protected] and [email protected]. The malicious versions inject a new dependency,...