LATEST NEWS
Supply-chain attack injects backdoor on ShapedPlugin WordPress software
A supply-chain attack targeted ShapedPlugin, a WordPress plugin developer with more than 400,000 active installations across …
Canada introduces privacy law with GDPR-like penalties for data breaches
The Canadian government has introduced Bill C-36, a major privacy reform package that would recognize privacy as a fundamental …
Apple’s Hide My Email service will soon be easier to identify and block
Apple has announced plans to consolidate the email domains used by Sign in with Apple and iCloud+ Hide My Email under a new …
Firefox AI Chatbot feature exposed users to email theft risk
A vulnerability in Firefox's AI chatbot integration could allow malicious websites to inject hidden instructions into AI …
Session avoids shutdown as community donations save the project
Session, the decentralized encrypted messaging platform that warned earlier this year it could shut down due to a funding …
Steam Workshop hosts wallpapers with account-stealing malware
Researchers at Kaspersky have uncovered dozens of malicious wallpapers distributed through Steam Workshop that were designed to …
Imaging giant Kodak confirms hackers breached systems and stole data
Kodak says it is investigating a cybersecurity incident after the ShinyHunters extortion group claimed to have stolen more than …
ESET discovers Windows SprySOCKS variant with rootkit capabilities
ESET researchers have uncovered two previously undocumented Windows variants of SprySOCKS, a backdoor previously known only as …
Akira ransomware spotted using LimeWire service for data theft
An Akira ransomware affiliate used Easyupload.io, a file-sharing service operated by LimeWire, to exfiltrate stolen data during …
Supply-chain attack hits OptinMonster plugin used in 1.2 million WordPress sites
A supply-chain attack targeting the WordPress plugins OptinMonster, TrustPulse, and PushEngage exposed more than 1.2 million …
Misconfigured Tor hidden services leak IP addresses and server data
Tor hidden services are designed to conceal a website's real location and IP address, allowing operators to remain anonymous …
Researcher uses AI to hack Google and collect $500,000 in bounties
Security researcher Arvin Shivram has revealed how a custom AI-powered testing system uncovered dozens of vulnerabilities …
Google warns of Oracle PeopleSoft attacks hitting universities
Google's Mandiant and Google Threat Intelligence Group (GTIG) say the ShinyHunters extortion group exploited a critical Oracle …
Nexstar investigates potential breach after ShinyHunters claims theft of 1.1M Salesforce records
Nexstar Media Group is investigating a potential cybersecurity incident after the ShinyHunters extortion group claimed to have …
Hundreds of iPhone apps found leaking OpenAI, Gemini credentials
An academic study has found that LLM-powered iOS applications routinely expose API credentials that can be abused to access AI …
Coupang hit by massive $456 million fine for 2025 data breach incident
South Korea's Personal Information Protection Commission (PIPC) has fined e-commerce giant Coupang 624.68 billion won ($456 …
Kyushu Electric lost backup drive containing data of 10.9 million clients
Kyushu Electric Power Transmission and Distribution Co. has disclosed that an external storage device used for system backups …
VRChat discloses cloud breach exposing data of 2.4 million users
Article Update – VRChat has disputed the authenticity of the notice via an unofficial announcement on its Discord server. …
