A ransomware leak-site claim against a major fintech provider is never just another name on a victim board. On 3 May 2026, Ransomware.live listed Fiserv as a newly discovered victim claimed by the...
ZenBusiness has now moved from alleged extortion target to searchable breach record. Have I Been Pwned listed a ZenBusiness data breach on 2 May 2026, identifying 5.1 million affected accounts...
A source-code repository is not just a developer workspace. For a cybersecurity vendor, it is a map of product logic, assumptions, controls, and potential weak points. That is why Trellix’s...
A control panel bug has turned into a hosting-layer emergency. CVE-2026-41940 is not just another web vulnerability waiting for routine patch cycles. It is a critical authentication bypass in...
On April 30, 2026, a sophisticated supply chain attack quietly infiltrated one of the most trusted frameworks in the artificial intelligence development ecosystem. PyTorch Lightning, a widely...
A sophisticated phishing campaign dubbed “AccountDumpling” has compromised approximately 30,000 Facebook accounts worldwide, leveraging Google AppSheet as a deceptive relay platform. The...
Date: May 2026 Education technology provider Instructure has disclosed a cybersecurity incident involving a criminal threat actor, triggering widespread concern across academic institutions and...
The sharpest part of these campaigns is not the phishing page. It is what happens after the login works. Cordial Spider and Snarky Spider are showing how quickly an attacker can turn one socially...
CISA’s decision to add CVE-2026-31431 to the Known Exploited Vulnerabilities catalog changes the urgency around this Linux kernel flaw. This is no longer just a high-severity kernel bug with public...
In a concerning development that underscores the relentless nature of modern cyber threats, the notorious Qilin ransomware group has publicly claimed responsibility for successful breaches against...
EtherRAT is not trying to trick random users into opening a flashy lure. It is aiming at the people who already hold the keys: administrators, DevOps engineers, security analysts, and cloud operators...
The Mini Shai-Hulud campaign is a reminder that a poisoned package does not need months of persistence to create an enterprise incident. A few hours in the wrong dependency chain can be enough to...
The European Commission has issued preliminary findings accusing Meta Platforms Inc. of failing to adequately protect minors on its platforms, particularly Instagram and Facebook. The allegations...
A sophisticated cyberattack campaign has emerged targeting developers and DevOps environments by exploiting critical vulnerabilities in the Qinglong open-source task scheduler. Attackers leveraged...
On April 22, 2026, a sophisticated supply chain attack targeted Checkmarx's popular open source Infrastructure as Code (IaC) scanning tool KICS. Attackers gained access to official distribution...
Vimeo was not breached through a flashy exploit or a direct hit on its core video platform. The more important story is quieter: a trusted analytics integration became the path into downstream...
In the ever-evolving landscape of cyber threats, a new ransomware variant has emerged that challenges traditional assumptions about extortion-based attacks. VECT 2.0, a ransomware-as-a-service...
In a development that has sent ripples through the United Kingdom's cultural landscape, the hacker group known as M3RX has publicly claimed responsibility for a significant breach targeting Anvil...
April 2026 marks a significant escalation in the ongoing GlassWorm campaign, as security researchers from Socket have identified 73 malicious sleeper extensions on the Open VSX marketplace. These...
A critical zero-day vulnerability in the Litecoin network has recently been exploited to launch a large-scale denial-of-service (DoS) attack, temporarily disrupting operations across several major...