Navia Data Breach Impacts 2.7 Million Individuals
Navia Benefit Solutions, a provider of health and financial benefit administration services, has disclosed a significant data breach affecting approximately 2.7 million individuals. The incident...
Latest Articles
‘PolyShell’ Vulnerability Enables Unauthenticated Remote Code Execution on Magento E-Stores
A newly disclosed critical vulnerability dubbed “PolyShell” is raising serious concerns across the e-commerce sector, as it allows attackers to execute remote code on vulnerable Magento-based online...
Aura Data Breach Exposes 900,000 Records After Employee Falls for Phone Phishing Attack
Aura, the consumer digital safety company best known for identity theft and fraud protection services, has disclosed a data breach affecting approximately 900,000 records after an employee was...
DarkSword iPhone Spyware Exposes Millions of Devices to One-Click Data Theft
A newly disclosed iPhone spyware framework known as DarkSword has sharpened concerns around mobile security after researchers said it was used in real-world attacks against Apple devices through...
Critical Microsoft SharePoint Flaw CVE-2026-20963 Now Exploited in Attacks, CISA Warns
Microsoft SharePoint is again under scrutiny after U.S. authorities confirmed active exploitation of CVE-2026-20963, a critical vulnerability that can open the door to remote code execution on...
China Tops America’s 2026 Cyber Threat List as U.S. Intelligence Warns of Pre-Positioned Disruption Risk
The U.S. intelligence community’s latest threat assessment places China at the center of America’s cyber risk outlook, while warning that Russia, Iran and North Korea continue to sharpen capabilities...
Interlock Ransomware Group Exploits Critical Cisco Firepower Zero-Day Vulnerability in Sophisticated 2026 Campaign
Interlock emerged in mid-2024 as a successor-style group following the decline of several legacy ransomware families. Early activity showed modest ransom demands and limited technical sophistication....
Russia-Linked Hackers Use Advanced iPhone Exploit to Target Ukrainians
Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign in which Russia-linked hackers are exploiting advanced vulnerabilities in Apple iPhones to target individuals in...
US Intelligence Chief Questioned Over Absence of Election Threats in Security Assessment
Senior officials within the United States intelligence community have come under scrutiny after a recent security assessment reportedly omitted explicit references to election-related threats....
Marquis Ransomware Gang Claims Theft of Data Belonging to 672,000 Individuals
A ransomware group known as Marquis has claimed responsibility for a large-scale cyberattack that allegedly resulted in the theft of personal data belonging to approximately 672,000 individuals. The...
Global Fraud Summit Ends With a Warning: AI, Scam Centres and Organized Crime Are Industrializing Fraud
Fraud has moved far beyond nuisance crime. It is now being treated by international law enforcement as a global security issue, one that is expanding across borders, industries and criminal markets...
Critical AI Vulnerabilities: Data Exfiltration and Remote Code Execution Enabled by Flaws in Amazon Bedrock, LangSmith, and SGLang
Amazon Bedrock AgentCore Code Interpreter provides a managed Python execution environment for AI agents built on the Bedrock platform. The service is marketed with strong guarantees of network...
Medusa Ransomware Gang Claims Attacks on Prominent Mississippi Hospital and New Jersey County
The Medusa ransomware group has rapidly established itself among the most active and ruthless players in the ransomware-as-a-service ecosystem since its emergence in mid-2021. Operating primarily...
GlassWorm’s GitHub Supply Chain Campaign: Technical Analysis and Analyst Guidance
The latest GlassWorm campaign is more than a malicious package incident. It is a multi-ecosystem software supply-chain operation that spans GitHub repositories, npm packages, and VS Code or OpenVSX...
EU Sanctions Chinese and Iranian Cyber Firms Over Critical Infrastructure Attacks and 65,000-Device Compromise
The European Union has moved to sharpen its cyber deterrence posture, imposing sanctions on three companies and two individuals it says were responsible for cyberattacks against EU member states and...
Handala Hack Exposed: How Iran-Linked Void Manticore Breaks In, Moves Fast, and Wipes at Scale
The latest research into Handala Hack strips away much of the mythology that often surrounds destructive state-linked cyber actors. What emerges is not an elite group relying on exotic zero-days or...
Sophisticated Phishing Campaign Targets Outpost24 Executive Using DKIM, Cisco Redirects, Nylas, and Cloudflare
A highly targeted phishing campaign against a C-level executive at Swedish cybersecurity company Outpost24 is a reminder that even security firms are not insulated from modern social engineering....
Stryker Cyberattack Was an Identity and Admin-Control Failure, Not an Intune Failure
In the wake of the Stryker cyberattack, a familiar reaction has started spreading across security teams and IT forums: panic about Microsoft Intune. Some organizations are even talking about moving...
ForceMemo Campaign: Stealthy Takeover Compromises Hundreds of Python Repositories in Ongoing Supply Chain Assault
The ForceMemo campaign has infiltrated repositories belonging to hundreds of GitHub accounts, with the total number of modified projects already exceeding several hundred and continuing to rise. The...
Mustang Panda’s Rapid PlugX Campaign Exploits Middle East Conflict With Arabic Lures and Advanced Obfuscation
A newly disclosed espionage campaign shows how quickly state-aligned threat actors can turn geopolitical shock into an intrusion opportunity. Researchers at Zscaler ThreatLabz say a China-nexus actor...