p>In a concerning development for the artificial intelligence and machine learning community, three consecutive versions of the popular Xinference Python package on PyPI were compromised with...
A low-privilege technician account should not become the master key to a remote support server. In vulnerable SimpleHelp deployments, CVE-2024-57726 breaks that boundary. The flaw allows...
A claimed breach at Udemy is not just another “user records” headline. If ShinyHunters’ claim proves accurate, the exposed data could give attackers a useful map of learners, instructors, corporate...
On April 24, 2026, ADT Inc. confirmed that unauthorized actors accessed a limited set of customer and prospective customer data. The confirmation followed public threats from the extortion group...
Two major US banks are now dealing with the same uncomfortable question: how much customer risk can sit outside the bank, inside a vendor’s environment, before it becomes the bank’s incident...
Bluesky, the decentralized social media platform, faced a prolonged and sophisticated distributed denial-of-service attack that began late on April 15, 2026. The incident started around 11:40 PM...
The most capable offensive-security AI model Anthropic has ever built was compromised not by a novel exploit chain, but by a contractor login and an educated guess about a URL pattern. That single...
For most cities, a cyber intrusion is a data problem. For Venice, it can become a water problem. That is what makes the reported breach of the Piazza San Marco flood-control environment so...
Loyalty programs are breach goldmines. They aggregate exactly what attackers want — verified identities, physical addresses, purchase histories, and contact details - all in one database, all tied to...
All Windows endpoints running Microsoft Defender face active exploitation of three privilege escalation and defense-degradation zero-days; only one has a patch, and two remain open with no...
On April 22, 2026, the emerging ransomware group BravoX publicly listed 1st Solution CTC as a new victim on its data leak site. The claim quickly gained attention in cybersecurity monitoring...
In a significant blow to public trust in government systems, France Titres, the national agency responsible for issuing and managing secure identity documents, has confirmed a major cybersecurity...
China-linked threat actor Mustang Panda appears to be widening its playbook. New research shows the group, long associated with geopolitical espionage, has pushed a fresh LOTUSLITE campaign into...
NSW Police arrested a 45-year-old man identified as Jagan Ganti Venkata Satya on Monday in connection with a major internal data security incident at the New South Wales Treasury. The individual,...
Vercel has disclosed a security incident involving unauthorized access to certain internal systems, tracing the intrusion back to a compromise of Context.ai, a third-party AI tool used by a Vercel...
7-Eleven has been named on the ShinyHunters leak site in a new extortion claim that says more than 600,000 Salesforce records containing personally identifiable information and internal corporate...
The Gentlemen is not yet as famous as some of the older ransomware brands, but that may not last long. According to Check Point Research, the ransomware-as-a-service operation has rapidly expanded...
For years, defenders have treated vulnerability management as a race they could still partly control. A critical flaw would be disclosed, security teams would assess exposure, patch windows would be...
The UAE Cyber Security Council has issued a stark warning about how much sensitive data is still being exposed through everyday file-sharing habits. According to the Council, roughly 25 percent of...
Cybercriminals have found a way to turn Apple’s own account-change notification system into a phishing delivery channel, sending fake purchase alerts through Apple’s real mail infrastructure rather...