4/22/2026

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

China’s Cyber Capabilities Now Equal to the U.S., Warns Dutch Intelligence

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

North Korean Hackers Siphon More Than $12 Million From Crypto Users in Sprawling Campaign

Anthropic’s Mythos Rollout Has Missed America’s Cybersecurity Agency

Anthropic’s Most Dangerous AI Model Just Fell Into the Wrong Hands

Anthropic’s Super-Scary Bug Hunting Model Mythos Is Shaping up to Be a Nothingburger

Microsoft to Integrate Anthropic’s Mythos Into Its Security Development Program

UK Financial Sector Prepared for Mythos and Others, Says BOE Co-Chaired Group

UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns

UK Government Says 100 Countries Have Spyware That Can Hack People’s Phones

Scotland Yard Can Keep Using Live Facial Recognition on People in London, Say Judges

Google Unleashes Even More AI Security Agents to Fight the Baddies

Spain Dismantles Major $4.7m Manga Piracy Platform, Arrests Four
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Surge in Silent Subject Phishing Attacks Targets VIP Users

MacOS Native Tools Enable Stealthy Enterprise Attacks

Kyber Ransomware Gang Toys With Post-Quantum Encryption on Windows

New GoGra Malware for Linux Uses Microsoft Graph API for Comms

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

New Npm Supply-Chain Attack Self-Spreads to Steal Auth Tokens

New Mirai Campaign Exploits RCE Flaw in EoL D-Link Routers

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

Over 1,300 Microsoft Sharepoint Servers Vulnerable to Spoofing Attacks

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Apple Fixes iOS Bug That Retained Deleted Notification Data

New Defense Department Cyber Strategy Imminent, Official Says

French Police Arrest Suspected Hacker Behind Dozens of Data Breaches

4/21/2026

Nation-States Want to Cause Harm, Not Just Steal Cash – Stop Handing Your Cyber Defenses to the Cheapest Contractor

Ukraine Busts ‘Bot Farm’ Supplying Thousands of Fake Telegram Accounts to Russian Spies

EU Targets Two Russian Propaganda Networks With New Sanctions

They Built a Legendary Privacy Tool. Now They’re Sworn Enemies

UK Probes Telegram, Teen Chat Sites Over CSAM Sharing Concerns

Meta Is Sued Over Scam Ads on Facebook and Instagram

Murder, She Wrote: Ex-FBI Chief Wants Some Ransomware Crims Charged With Homicide

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Krebs: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
French Gov’t Agency Confirms Breach as Hacker Offers to Sell Data

New Lotus Data Wiper Used Against Venezuelan Energy, Utility Firms

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

Actively Exploited Apache ActiveMQ Flaw Impacts 6,400 Servers

Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox

AI Hacking Tools Like Mythos Can Be ‘Net Positive’ Says Top Cyber Official

4/20/2026

The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad

Apple Hardware Executive John Ternus to Succeed Tim Cook as CEO

Banking Industry Scrambles for Anthropic’s Mythos as Global Regulators Review Risks

Claude Desktop Changes App Access Settings for Browsers You Don’t Even Have Installed Yet

Scot Becomes Second Scattered Spider-Linked Crook to Plead Guilty in U.S.

Italian Regulator Fines National Postal Service Orgs $15 Million for Data Privacy Violations

Elon Musk Fails to Appear for Questioning by French Police Over Sexualized AI Images on X

Bluesky Blames App Outage on ‘Sophisticated’ DDoS Attack

Mastodon Says Its Flagship Server Was Hit by a DDoS Attack
KelpDAO Suffers $290 Million Heist Tied to Lazarus Hackers

Cyberattack at French Identity Document Agency May Have Exposed Personal Data

Seiko USA Website Defaced as Hacker Claims Customer Data Theft

China’s Apple App Store Infiltrated by Crypto-Stealing Wallet Apps

Microsoft: Teams Increasingly Abused in Helpdesk Impersonation Attacks

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

The Gentlemen Ransomware Now Uses SystemBC for Bot-Powered Attacks

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

4/17-19/2026

Ukraine Confirms Suspected APT28 Campaign Targeting Prosecutors, Anti-Corruption Agencies

NSA Using Anthropic’s Mythos Despite Blacklist

The Shocking Secrets of Madison Square Garden’s Surveillance Machine

Republican Mutiny Sinks Trump’s Push to Extend Warrantless Surveillance

It Takes 2 Minutes to Hack the EU’s New Age-Verification App

Ransomware Attack Continues to Disrupt Healthcare in London Nearly Two Years Later

Grinex Exchange Blames “Western Intelligence” for $13.7M Crypto Hack

Man Gets 30 Months for Selling Thousands of Hacked DraftKings Accounts

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

Just Like Phishing for Gullible Humans, Prompt Injecting Ais Is Here to Stay
Cloud Development Platform Vercel Was Hacked

City of Tallahassee (FL) Technology Systems Hit by Cyberattack Friday, Officials Report No Operational Impacts

Apple Account Change Alerts Abused to Send Phishing Emails

Payouts King Ransomware Uses QEMU VMs to Bypass Endpoint Security

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Critical Flaw in Protobuf Library Enables JavaScript Code Execution

NIST to Stop Rating Non-Priority Flaws Due to Volume Increase

Time for Government, Business Leaders to Figure Out AI Cybersecurity Regulation

4/16/2026

ZionSiphon Malware Designed to Sabotage Water Treatment Systems

North Korean APT38 Targets macOS Users in Latest Heist

White House Works to Give U.S. Agencies Anthropic Mythos AI

Anthropic Rolls Out Claude Opus 4.7, an AI Model That Is Less Risky Than Mythos

OpenAI Launches AI Model GPT-Rosalind for Life Sciences Research

Google Expands Gemini AI Use to Fight Malicious Ads on Its Platform

Entry-Level Cyber Workers Are Losing Out to AI

New ATHR Vishing Platform Uses AI Voice Agents for Automated Attacks

Europe’s Online Age Verification App Is Here

European Police Email 75,000 People Asking Them to Stop DDoS Attacks

U.S. Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea

Russia-Linked Grinex Crypto Exchange Suspends Operations After Hack

Cargo Thieving Hackers Running Sophisticated Remote Access Campaigns, Researchers Find
Cookeville Medical Center (TN) Notifies Patients After July 2025 Ransomware Attack

Fashion Retailer Express Left Customers’ Personal Data and Order Details Exposed to the Internet

Data Breach at Edtech Giant McGraw Hill Affects 13.5 Million Accounts

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Operation PowerOFF Identifies 75k DDoS Users, Takes Down 53 Domains

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

APK Malformation Found in Thousands of Android Malware Samples

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

New Microsoft Defender “RedSun” Zero-Day PoC Grants SYSTEM Privileges

NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities

Microsoft’s Original Windows Secure Boot Certificate Is Expiring

4/15/2026

Russia-Linked Hackers Compromised Scores of Ukrainian Prosecutors’ Email Accounts

Sweden Blames Russian Hackers for Attempting ‘Destructive’ Cyberattack on Thermal Plant

Researchers Spot Surge in Brute-Force Attacks from Middle East

Trump Backs Government AI Safeguards in Banking System, Acknowledges Risks

ECB to Quiz Bankers About Risks of Anthropic’s New AI Model

AI Companies to Play Bigger Role in CVE Program, Says CISA

OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI

The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

Teen Arrested in Northern Ireland Over Cyberattack on School Network

French Cops Free Mother and Son After 20-Hour Crypto Kidnap Ordeal
New AgingFly Malware Used in Attacks on Ukraine Gov’t, Hospitals

Signed Adware Operation Disables Antivirus Across 23,000 Hosts

WordPress Plugin Suite Hacked to Push Malware to Thousands of Sites

CISA Flags Windows Task Host Vulnerability as Exploited in Attacks

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Microsoft Pays $2.3M for Cloud and AI Flaws at Zero Day Quest

NIST to Limit Work on CVE Entries as Submissions Surge

Big Tech Fails to Opt-Out Users Requesting Not to Be Tracked Much of the Time, New Research Says

4/14/2026

Russia Appears to Block Social Media Platform Bluesky Amid Wider Internet Restrictions

In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—And Strategy

UK Gov’s Mythos AI Tests Help Separate Cybersecurity Threat From Hype

No Honor Among Thieves as 0APT Threatens Rival Ransomware Gang Krybit

Fake Ledger Live App on Apple’s App Store Stole $9.5m in Crypto

Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market

Teen Hacker Sentenced to Federal Prison After Major PowerSchool Data Breach Exposes Student Records

Virginia Enacts Ban on Precise Geolocation Data Sales as Momentum for Similar Prohibitions Builds

CISOs Urged to Innovate with Talent Retention as Job Satisfaction Declines

Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
McGraw-Hill Confirms Data Breach Following Extortion Threat

Crypto-Exchange Kraken Extorted by Hackers After Insider Breach

Triad Nexus Expands Global Fraud Operations Despite U.S. Sanctions

New ‘JanaWare’ Ransomware Targeting Turkish Citizens as Cybercriminal Ecosystem Fragments

Malicious Chrome Extensions Campaign Exposes User Data

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Krebs: Patch Tuesday, April 2026 Edition

Microsoft Adds Windows Protections for Malicious Remote Desktop Files

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

4/13/2026

North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

Iran-Linked Group Handala Claims to Have Breached Three Major Uae Organizations

Anthropic Talking to the Trump Administration About Its Next AI Model

‘It Reads Like a Spy Novel’: $280 Million Theft From Drift Involved North Korean Fake Companies, Cutouts

The Dumbest Hack of the Year Exposed a Very Real Problem

Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators

FBI Takedown of W3LL Phishing Service Leads to Developer Arrest

Majority of Australian Youth Still Use Social Media Despite Ban, Researchers Find

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
Booking.com Warns Reservation Data May Have Checked Out With Intruders

Gym Giant Basic-Fit Confirms Data on a Million Members Stolen in Cyberattack

Stolen Rockstar Games Analytics Data Leaked by Extortion Gang

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

Fake Linux Leader Using Slack to Con Devs Into Giving up Their Secrets

Mirax Android Trojan Turns Devices Into Residential Proxy Node

The Silent “Storm”: New Infostealer Hijacks Sessions, Decrypts Server-Side

Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat

Critical Flaw in wolfSSL Library Enables Forged Certificate Use

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

4/10-12/2026

Nearly 4,000 U.S. Industrial Devices Exposed to Iranian Cyberattacks

Hungarian Government Creds Left in the Safe Hands of ‘FrankLampard’

Vance, Bessent Questioned Tech Giants on AI Security Before Anthropic’s Mythos Release

Your Push Notifications Aren’t Safe From the FBI

How the Internet Broke Everyone’s Bullshit Detectors

Over 20,000 Crypto Fraud Victims Identified in International Crackdown

UK Government Threatens Tech Bosses With Jail Time if They Do Not Adequately Fight Nudification Tools

Senator Grassley Launches Inquiry Into 8 Tech Giants for Failures to Adequately Report CSAM

Commvault Explores Sale After Takeover Interest, Sources Say

Florida Investigates OpenAI for Role ChatGPT May Have Played in Deadly Shooting

Google Rolls Out Gmail End-To-End Encryption on Mobile Devices
OpenAI Identifies Security Issue Involving Third-Party Tool, Says User Data Was Not Accessed

Hackers Give Rockstar Games Until April 14 to Pay for Stolen Data

Rockstar Games Says Hack Will Have ‘No Impact’

Spring Lake Park Schools (MN) Closed Monday Due to Suspected Ransomware Incident

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Microsoft: Canadian Employees Targeted in Payroll Pirate Attacks

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

4/9/2026

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

3 Russian Submarines Detected Near Britain Were Spying, UK. Says

Russia Accuses Former Radio Free Europe Journalist of Aiding Cyberattacks for Ukraine

Do Ceasefires Slow Cyberattacks? History Suggests Not

Politicians Are Spending More Money on Security as They Increasingly Become Targets

Crypto? Huh. Good Gosh Y’all, What Is It Good For? $45M in This Case

Microsoft Suspends Dev Accounts for High-Profile Open Source Projects

Google API Keys Quietly Gain Access to Gemini on Android Devices

U.S. Software Stocks Slump on Renewed AI Disruption Jitters
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

Treasury Department Announces Crypto Industry Cyber Threat Sharing Initiative

Cybercriminals Target Accountants to Drain Russian Firms’ Bank Accounts

STX RAT Targets Finance Sector With Advanced Stealth Tactics

Hackers Use Pixel-Large SVG Trick to Hide Credit Card Stealer

Smart Slider Updates Hijacked to Push Malicious WordPress, Joomla Versions

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Google Chrome Adds Infostealer Protection Against Session Cookie Theft

4/8/2026

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

‘We Were Not Ready for This’: Lebanon’s Emergency System Is Hanging by a Thread

Two Prominent Egyptian Journalists Targeted With Elaborate Spearphishing Campaign

Hack-For-Hire Group Caught Targeting Android Devices and iCloud Backups

Who Is Satoshi Nakamoto? My Quest to Unmask Bitcoin’s Creator

British Cryptographer Adam Back Denies NYT Report That He Is Bitcoin Creator Satoshi Nakamoto

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Criminal Wannabes Even More Dangerous Than the Pros, Says Ex-FBI Cyber Chief

AI Is Forcing a Rethink in Cybersecurity

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

CIA Director Quietly Elevated Agency’s Cyber Espionage Division

TikTok Removes Covert Networks Ahead of Hungary Vote as Disinformation Concerns Grow
Trove of Sensitive LAPD Records Leaked in Data Hack of City Attorney’s Office

Minnesota Governor Sends National Guard to Winona County After Cyberattack

Dutch Healthcare Software Vendor ChipSoft Goes Dark After Ransomware Attack

NHS Scotland-Linked Domains Caught Serving Porn and Dodgy Sports Streams

Passport Numbers for More Than 300,000 Leaked During December Eurail Data Breach

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Google: New UNC6783 Hackers Steal Corporate Zendesk Support Tickets

New macOS Stealer Campaign Uses Script Editor in ClickFix Attack

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

CISA Orders Feds to Patch Exploited Ivanti EPMM Flaw by Sunday

Hackers Exploit Critical Flaw in Ninja Forms WordPress Plugin

Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years

4/7/2026

Iran-Linked Hackers Are Sabotaging U.S. Energy and Water Infrastructure

Krebs: Russian Group APT28 Hacked Routers to Steal Microsoft Office Tokens

Hundreds of Orgs Compromised Daily in Microsoft Device Code Phishing Attacks

National Security Veterans Warn Against Delays in FISA 702 Reauthorization

FBI: Americans Lost a Record $21 Billion to Cybercrime Last Year

The College Student—and His Cat Meme—Who Hunted the World’s Biggest Cyberweapon

Anthropic Limits Mythos AI Rollout Over Fears Hackers Could Use Model for Cyberattacks

Anthropic Teams up With Its Rivals to Keep AI From Hacking Everything
Cyberattack on Telecom Giant Rostelecom Disrupts Internet Services Across Russia

Cyberattack Hits Northern Ireland’s Centralized School Network, Disrupting Access for Thousands

Massachusetts Hospital Turning Ambulances Away After Cyberattack

Snowflake Customers Hit in Data Theft Attacks After SaaS Integrator Breach

GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Max Severity Flowise RCE Vulnerability Now Exploited in Attacks

4/6/2026

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Krebs: Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

Suspect in Hacking of Climate Activists Is Extradited to New York

First Stalkerware Maker Prosecuted Since 2014 Receives No Jail Time

Drift $280M Crypto Theft Linked to 6-Month In-Person Operation

FBI: Cyber Fraud Surges to $17.6 Billion in Losses as Scams, Crypto Theft Soar

Embattled Startup Delve Has ‘Parted Ways’ With Y Combinator

A.I. Is on Its Way to Upending Cybersecurity
Major Outage Hits Russian Banking Apps, Metro Payments Across Regions

Hackers Threaten to Leak Data After Cyberattack on German Party Die Linke

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

New GPUBreach Attack Enables System Takeover via GPU Rowhammer

Microsoft Links Medusa Ransomware Affiliate to Zero-Day Attacks

CISA Orders Feds to Patch Exploited Fortinet EMS Flaw by Friday

Disgruntled Researcher Leaks “BlueHammer” Windows Zero-Day Exploit

Big Tech Vows to Continue Csam Scanning in Europe Despite Expiration of Law Allowing It

4/3-5/2026

CERT-EU: European Commission Hack Exposes Data of 30 EU Entities

EU Cyber Agency Attributes Major Data Breach to TeamPCP Hacking Group

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Chinese Firms Market Iran War Intelligence ‘Exposing’ U.S. Forces

Trump Officials Try to Fight Foreign Disinformation They Once Dismissed

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The Hack That Exposed Syria’s Sweeping Security Failures

LinkedIn Secretly Scans for 6,000+ Chrome Extensions, Collects Data

Man Admits to Locking Thousands of Windows Devices in Extortion Plot

Researchers Didn’t Want to Glamorize Cybercrims. So They Roasted Them

Ukraine Warns Russian Hackers Are Revisiting Past Breaches to Prepare New Attacks

Act-of-War Clauses Cloud Cyber Insurance Coverage

White House Says Trump Orders Back Pay From Shutdown to All Homeland Security Employees

Trump Wants to Take a Battle Axe to CISA Again and Slash $707M From Budget
Massachusetts Emergency Communications System Impacted by Cyberattack

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Anyone With a Link Can View Your Granola Notes by Default

Die Linke German Political Party Confirms Data Stolen by Qilin Ransomware

Cyberattack Targeted Italy’s Uffizi but Nothing Stolen, Museum Says

Hims & Hers Warns of Data Breach After Zendesk Support Ticket Breach

Venom: New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs

Traffic Violation Scams Switch to QR Codes in New Phishing Texts

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Device Code Phishing Attacks Surge 37X as New Kits Spread Online

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Hackers Exploit React2Shell in Automated Credential Theft Campaign

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

FCC Proposes $4.5 Million Fine for Voice Service Provider Hosting ‘Suspicious’ Foreign Call Traffic

4/2/2026

Drift Crypto Platform Confirms $280 Million Stolen in Hack as Researchers Point Finger at North Korea

Iran Says It Hit Oracle Facilities in UAE

Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime

The Company’s Biggest Security Hole Lived in the Breakroom

They Thought They Were Downloading Claude Code Source. They Got a Nasty Dose of Malware Instead

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Residential Proxies Evaded IP Reputation Checks in 78% of 4B Sessions

Fate of DHS Funding Uncertain as U.S. Congress Republicans Decide Next Steps

Trump Says He’ll Sign Order to Pay All DHS Employees as Shutdown Continues

French Senate Passes Bill That Would Ban Children Under 15 From Social Media

Boards Are Falling Short on Cybersecurity

RSAC 2026: AI Dominates, But Community Remains Key to Security
Medtech Giant Stryker Fully Operational After Data-Wiping Attack

Money Transfer App Duc Exposed Thousands of Driver’s Licenses and Passports to the Open Web

Oklahoma Tax Commission Data Breach Raises Concerns

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

New ‘Storm’ Infostealer Remotely Decrypts Stolen Credentials

New CrystalRAT Malware Adds RAT, Stealer and Prankware Features

Researchers Observe Sub-One-Hour Ransomware Attacks

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

New Progress ShareFile Flaws Can be Chained in Pre-Auth RCE Attacks

Over 14,000 F5 BIG-IP APM Instances Still Exposed to RCE Attacks

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Critical Cisco IMC Auth Bypass Gives Attackers Admin Access

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

4/1/2026

Chinese Hackers TA416 Target European Governments in Espionage Campaigns

FBI Warns Against Using Chinese Mobile Apps Due to Privacy Risks

Cambodia Extradites Alleged Cyber Scam Linchpin to China as Crackdown Intensifies

Romania Under Daily Barrage of Cyberattacks, Defense Minister Says

Cyberattacks Intensify Pressure on Latin American Governments

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

The Axios Hack: What to Know

Google Drive Ransomware Detection Now on by Default for Paying Users

Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool

The Forgotten Endpoint: Security Risks of Dormant Devices

Are We Training AI Too Late?
Hasbro Says It Was Hacked, and May Take ‘Several Weeks’ to Recover

Nissan Says Stolen Data Came From Third-Party Vendor After Hacking Group Claims Breach

Mercor Confirms Security Incident Tied to LiteLLM Supply Chain Attack

Crypto Platform Drift Suspends Services After Millions Stolen in Security Incident

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

New EvilTokens Service Fuels Microsoft Device Code Phishing Attacks

‘NoVoice’ Android Malware on Google Play Infected 2.3 Million Devices

New Venom Stealer MaaS Platform Automates Continuous Data Theft

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

3/31/2026

Iran’s Revolutionary Guard Threatens to Strike U.S. Companies in Mideast

Iran Threatens to Start Attacking Major U.S. Tech Firms on April 1

Iran’s Hackers Are on the Offensive Against the U.S. and Israel

Iran Targets M365 Accounts With Password-Spraying Attacks

North Korea-Linked Hack Hits Largely Invisible Software That Powers Online Services

Critical Compromise: Axios NPM Library With 100M Weekly Downloads Is Delivering Malware

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

Pro-Russian Hackers Pose as Ukraine’s Cyber Agency to Target Government, Businesses

Employee Data Breaches Surge to Seven-Year High

Cybercriminals Exploit Tax Season With New Phishing Tactics

Hacker Charged With Stealing $53 Million From Uranium Crypto Exchange
Claude Code Leak Exposes a Tamagotchi-Style ‘Pet’ and an Always-on Agent

Claude Code Source Code Accidentally Leaked in NPM Package

Cisco Source Code Stolen in Trivy-Linked Dev Environment Breach

Hackers Hit Minot Water Treatment Plant (ND) Server in Ransomware Case, FBI Investigating

Dutch Finance Ministry Takes Treasury Banking Portal Offline After Breach

Don’t Open That WhatsApp Message, Microsoft Warns

Leak Bazaar: New Criminal Service Plans to Monetize Data Stolen by Ransomware Gangs

CISA Orders Feds to Patch Actively Exploited Citrix Flaw by Thursday

GIGABYTE Control Center Vulnerable to Arbitrary File Write Flaw

Claude AI Finds Vim, Emacs RCE Bugs that Trigger on File Open

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google’s Vertex AI Has an Over-Privileged Problem

3/30/2026

European Commission Confirms Data Breach After europa.eu Hack

European Commission Downplays ShinyHunters Cyberattack Impact

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

State Department Reissues $10 Million Reward for Info on Iranian Hackers

ICO Fines UK Nuisance Call Scammers £100,000

Russian Court Sentences Notorious Card Fraud Ringleader ‘Flint’ and 25 Associates

Italian Regulator Fines Financial Giant $36 Million for Data Protection Failures

Microsoft Pulls KB5079391 Windows Update Over Install Issues
Healthcare Tech Firm CareCloud Says Hackers Stole Patient Data

Liberal Unified School District 480 (KS) Reports Computer Hack

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection

New RoadK1ll WebSocket Implant Used to Pivot on Breached Networks

Critical Fortinet Forticlient EMS Flaw Now Exploited in Attacks

OpenAI Patches ChatGPT Flaw That Smuggled Data Over DNS

Apple Adds macOS Terminal Warning to Block ClickFix Attacks

3/27-29/2026

Iran-Linked Hackers Breach FBI Director’s Personal Email, Publish Photos and Documents

Iran War Drives Urgent Need to Counter Underwater Attack Drones

Latvia Accuses Russia of of Unorthodox Disinformation Campaign Targeting Baltic States

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google

Dutch Court Threatens zAI With Fines Over Grok’s Nonconsensual Nude Images

European Parliament Rejects Extension of CSAM Scanning Rules for Tech Platforms

Anti-Piracy Coalition Takes Down AnimePlay App With 5 Million Users

Cybersecurity Stocks Fall on Report Anthropic Is Testing a Powerful New Model
European Commission Investigating Breach After Amazon Cloud Account Hack

Dutch Police Discloses Security Breach After Phishing Attack

Rocky Mountain Care Discloses Data Breach Following Ransomware Attack

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

New Infinity Stealer Malware Grabs macOS Data via ClickFix Lures

Fake VS Code Alerts on GitHub Spread Malware to Developers

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

File Read Flaw in Smart Slider Plugin Impacts 500K WordPress Sites

3/26/2026

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

Iran-Linked Pay2Key Ransomware Group Re-Emerges

Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies With Custom Ransomware

Indian Government Probes CCTV Espionage Operation Linked to Pakistan

Using a VPN May Subject You to NSA Spying

Invoice Fraud Costs UK Construction Sector Millions, NCA Warns

A $20 Billion Crypto Scam Market Xinbi Guarantee Faces a New Government Crackdown

U.S. Official Accuses China of Supporting, Exploiting Cyber Scam Crisis in Southeast Asia

Suspected RedLine Infostealer Malware Admin Extradited to U.S.

Brit Lawmaker Targeted by AI Deepfake Fails to Get Answers From U.S. Big Tech

EU Investigating Snapchat and Pornography Sites in Child Safety Crackdown
Ajax Football Club Hack Exposed Fan Data, Enabled Ticket Hijack

TikTok for Business Accounts Targeted in New Phishing Campaign

EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

Supply Chain Attack Hits Widely-Used AI Package, Risks Impacting Thousands of Companies

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

GitHub Adds AI-Powered Bug Detection to Expand Security Coverage

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

3/25/2026

UK Cyber Chief Urges ‘Full Court Press’ to Counter Rising Cyber Threats

CISA’s Acting Chief Warns Shutdown Is Increasing Cyber Risks, Causing Resignations

When Satellite Data Becomes a Weapon

Iranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning Map

Cloud Phones Linked to Rising Financial Fraud Threat

Fake X-Rays Created by AI Fool Radiologists and Even AI Itself

Meta and YouTube Lose Landmark Social-Media Addiction Trial

Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
Puerto Rico Government Agency Cancels Driver’s License Appointments After Cyberattack

Ransomware Attack Disrupts Operation at Major Spanish Fishing Port

New Torg Grabber Infostealer Malware Targets 728 Crypto Wallets

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Bubble AI App Builder Abused to Steal Microsoft Account Credentials

AI Supply Chain Attacks Don’t Even Require Malware…Just Post Poisoned Documentation

PTC Warns of Imminent Threat from Critical Windchill, FlexPLM RCE Bug

TP-Link Warns Users to Patch Critical Router Auth Bypass Flaw

Kali Linux 2026.1 Released with 8 New Tools, New BackTrack Mode

Blame Game: Why Public Cyber Attribution Carries Risks

3/24/2026

Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage

Iran-Linked Ransomware Gang Targeted U.S. Healthcare Org Amid Military Conflict

Stryker Says Malware Was Involved in Recent Cyberattack as Production Lines Reopen

DarkSword: Someone Has Publicly Leaked an Exploit Kit That Can Hack Millions of iPhones

Your Body Is Betraying Your Right to Privacy

‘Your Data Will Be Used Against You’: Author of New Book on the Dangers of a Surveillance Society

U.S. Settles Social Media Censorship Case, Bars Agencies From Threatening Penalties

UK Pilot Program to Test Social Media Restrictions on Families Before Government Decides on Ban

Russian Initial Access Broker Handed 81-Month Sentence

Firefox Now Has a Free Built-in VPN with 50GB Monthly Data Limit

How a Large Bank Uses AI Digital Twins for Threat Hunting
Dutch Ministry of Finance Discloses Breach Affecting Employees

Infinite Campus Warns of Breach After ShinyHunters Claims Data Theft

HackerOne Discloses Employee Data Breach After Navia Hack

Crunchyroll Confirms Data Breach After Hacker Claims Unauthorized Access

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

New Npm ‘Ghost Campaign’ Uses Fake Install Logs to Hide Malware

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

PTC Warns of Imminent Threat From Critical Windchill, FlexPLM RCE Bug

Vibe Coding Could Reshape SaaS Industry and Add Security Risks, Warns UK Cyber Agency

3/23/2026

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

FBI Warns of Handala Hackers Using Telegram in Malware Attacks

Krebs: ‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A Mysterious Numbers Station Is Broadcasting Through the Iran War

U.S. Soldier Sentenced for Helping North Korean IT Workers

U.S. Regulator Bans Imports of New Foreign-Made Routers, Citing Security Concerns

High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports

Smooth Criminals Talking Their Way Into Cloud Environments, Google Says

U.S. Sentences Nigerian National to 7 Years in $6 Million Email Fraud Scheme

Russia-Linked Malware Operation Collapses After Security Failures, Developer’s Arrest

Online Crime Busts Are Teaching Hackers How to Avoid Getting Caught

Tycoon2FA Phishing Service Resumes Activity Post-Takedown
Crunchyroll Probes Breach After Hacker Claims to Steal 6.8m Users’ Data

Mazda Discloses Security Breach Exposing Employee and Partner Data

California-Based Semiconductor Testing Company Trio-Tech International Reports Ransomware Attack to SEC

Education Company Kaplan Reports Data Breach Impacting More Than 230,000

Hacker Walks Away With $24.5 Million After Breaching Resolv DeFi Platform

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems

Claude Attacks Were ‘Rorschach Test’ for Infosec Community, Scaring Former NSA Boss

Google Unleashes Gemini AI Agents on the Dark Web

OpenAI Rolls Out ChatGPT Library to Store Your Personal Files and Images

3/20-22/2026

White House AI Plan Favors Speed Over New Rules

Private-Sector Role Clarified in Offensive U.S. Cyber Strategy

Ex-Data Analyst Stole Company Data in $2.5m Extortion Scheme

Musician Admits to $10M Streaming Royalty Fraud Using AI Bots

Krebs: Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

Police Take Down 373,000 Fake CSAM Sites in Operation Alice

FBI Takes Down Leak Sites Tied to Iran’s Ministry of Intelligence and Security

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online

A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine

Cryptographers Engage in War of Words Over RustSec Bug Reports and Subsequent Ban
Cyberattack on Vehicle Breathalyzer Company Intoxalock Leaves Drivers Stranded Across the U.S.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Foster City (CA) Hit by Ransomware Attack, Plans to Declare State of Emergency

VoidStealer Malware Steals Chrome Master Key via Debugger Trick

Microsoft Azure Monitor Alerts Abused for Callback Phishing Attacks

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

AI Conundrum: Why Model Context Protocol (MCP) Security Can’t Be Patched Away

3/19/2026

Russian Hackers Exploit Zimbra Flaw in Ukrainian Gov’t Attacks

Bitrefill Blames North Korean Lazarus Group for Cyberattack

CISA Urges U.S. Orgs to Secure Microsoft Intune Systems After Stryker Breach

FBI Seizes Handala Data Leak Site After Stryker Cyberattack

Orthodox Jewish News Site Yeshiva World News Hacked After Threats of Iran Cyber Attack

Ransomware Affiliate Exposes Details of ‘The Gentlemen’ Operation

Jeff Bezos in Talks to Raise $100 Billion for AI Manufacturing Fund

Signal’s Creator Is Helping Encrypt Meta AI

U.S. Intel Chiefs Urge Lawmakers to Extend Section 702 Surveillance Power Without Changes

Google Gives Android Users a Way to Install Unverified Apps if They Prove They Really, Really Want To
Navia Discloses Data Breach Impacting 2.7 Million People

Aura Confirms Data Breach Exposing 900,000 Marketing Contacts

Financial Brands Targeted in Global Mobile Banking Malware Surge

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

C2 Implant ‘SnappyClient’ Targets Crypto Wallets

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Unknown Attackers Exploit Yet Another Critical Sharepoint Bug

New ‘PolyShell’ Flaw Allows Unauthenticated RCE on Magento e-Stores

Max Severity Ubiquiti Unifi Flaw May Allow Account Takeover

3/18/2026

Thank you for reading our 1,500th post!

Russia-Linked Hackers UNC6353 Use Advanced iPhone Exploit to Target Ukrainians

DarkSword: Hackers Can Raid iOS 18 With an Infected Link

Israel Is Hunting Down Iranian Regime Members in Their Hideouts, One by One

Israel Behind ‘Highly Accurate’ Cyber Attack on Iranian Port

Greek Firms Scan Computer Systems as Iran War Raises Cyberattack Risks

CISA Official Says Agency Has Not Seen Uptick in Cyber Threats Amid Iran War

North Korea’s 100,000-Strong Fake IT Worker Army Rake in $500M a Year for Kim Jong Un

Crypto E-Commerce Platform Bitrefill Accuses North Korea of Stealing 18,500 Purchase Records

Crypto Scam “ShieldGuard” Dismantled After Malware Discovery

Moscow Seeks to Limit Internet to State-Approved Websites Amid Ongoing Outages
Marquis: Ransomware Gang Stole Data of 672K People in Cyberattack

Nordstrom’s Email System Abused to Send Crypto Scams to Customers

Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

CISA Orders Feds to Patch Zimbra XSS Flaw Exploited in Attacks

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

ConnectWise Patches New Flaw Allowing ScreenConnect Hijacking

New Ubuntu Flaw Enables Local Attackers to Gain Root Access

AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure

Users Hate It, but Age-Check Tech Is Coming: Here’s How It Works

3/17/2026

U.S. Cyber Assault on Iran Before Bombing Hasn’t Stopped Hackers

Stryker Says Cyberattack on Its Network Contained

Stryker Says It’s Restoring Systems After Pro-Iran Hackers Wiped Thousands of Employee Devices

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears

EU Sanctions Iranian Cyber Front Over Election Meddling, Charlie Hebdo Breach

Europe Sanctions Chinese and Iranian Firms for Cyberattacks

Russia Is Sharing Satellite Imagery and Drone Technology With Iran

How World ID Wants to Put a Unique Human Identity on Every AI Agent

Finance Bros to Tech Bros: Don’t Mess With My Bloomberg Terminal

Georgia Man Charged for Robbing NBA, NFL Players Through Stolen Apple Account Details

Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026
Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Medusa Ransomware Gang Claims Attacks on Prominent Mississippi Hospital, New Jersey County

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

GlassWorm Malware hits 400+ Code Repos on GitHub, npm, VSCode, OpenVSX

Warlock Ransomware Group Augments Post-Exploitation Activities

Android OS-Level Attack Bypasses Mobile Payment Security

New Font-Rendering Trick Hides Malicious Commands From AI Tools

Researchers Disclose Vulnerabilities in IP KVMs From Four Manufacturers

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

‘CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment

Energy Department Set to Release Its First-Ever Cyber Strategy

3/16/2026

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

EU Sanctions Chinese and Iranian Companies for Cyber Attacks

Stryker Attack Wiped Tens of Thousands of Devices, No Malware Needed

Stryker Says Hospital Tools Are Safe, but Digital Ordering Systems Still Down After Cyberattack

Cybercrime Has Skyrocketed 245% Since the Start of the Iran War

‘100 Video Calls per Day’: Models Are Applying to Be the Face of AI Scams

OpenAI’s Bid to Allow X-Rated Talk Is Freaking Out Its Own Advisers

OpenAI Says ChatGPT Ads Are Not Rolling Out Globally for Now
Firms Urged to Check if Other Users Edited Their Data on Companies House

Cyberattack Disrupts Parking Payments in Russian City

Researchers Warn of Global Surge in Fake Shipment Tracking Scams

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

CISA Flags Wing FTP Server Flaw as Actively Exploited in Attacks

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

Luxembourg Court Overturns $858 Million Privacy Fine Against Amazon

SEC Prepares Proposal to Eliminate Quarterly Reporting Requirement

3/13-15/2026

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

Poland’s Nuclear Research Centre Targeted by Cyberattack

Cyberwarfare Puts Civilian Businesses at Risk

What Does the Iran War Mean for the Threat of Attacks in the U.S.? Here’s What Experts Say

Rogue AI Agents Can Work Together to Hack Systems and Steal Secrets

Trump Administration Set to Receive $10 Billion Fee for Brokering TikTok Deal

Interpol’s ‘Operation Synergia III’ Nets 94 Arrests in Major Cybercrime Sweep

FBI Seeks Victims of Steam Games Used to Spread Malware

European Council Includes Ban on Nudification Tools in Its Proposal for Amending AI Act

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

Betterleaks, a New Open-Source Secrets Scanner to Replace Gitleaks
Canadian Retail Giant Loblaw Notifies Customers of Data Breach

Starbucks Discloses Data Breach Affecting Hundreds of Employees

Fake Enterprise VPN Sites Used to Steal Company Credentials

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

AppsFlyer Web SDK Hijacked to Spread Crypto-Stealing JavaScript Code

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Microsoft Releases Windows 11 OOB Hotpatch to Fix RRAS RCE Flaw

A CEO’s Hack: Ask AI for A Performance Review

3/12/2026

Stryker Tells SEC That Timeline for Recovery From Cyberattack Unknown

Stryker Cyberattack Adds to Fears of New Front in Iran War

How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

What Role Has Cyber Warfare Played in Iran?

New Data Shows Increase in FBI Searches of Americans’ Data Last Year

U.S. Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access

Police Scotland Fined After Sharing Victim’s Phone Data

U.S. Charges Another Ransomware Negotiator Linked to BlackCat Attacks

Operation Lightning Takes Down SocksEscort Proxy Network Blamed for Tens of Millions in Fraud

U.S. Sanctions North Korea IT Worker Networks in Laos, Vietnam

China’s CERT Warns OpenClaw Can Inflict Nasty Wounds

Israeli Cyber Firm Onyx Security Launches Operations With $40 Million Funding Round

UK Regulators Demand Social Media Platforms Make It Harder for Kids Under 13 to Access Sites
Lloyds, Bank of Scotland and Halifax Apps Showed Customers Other Users’ Transactions

Telus Says It Is Investigating Hack of Its Systems

England Hockey Investigating Ransomware Data Breach

INC Ransomware Group Holds Healthcare Hostage in Oceania

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

PixRevolution Malware Hijacks Brazil’s PIX Transfers in Real Time

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Veeam Warns of Critical Flaws Exposing Backup Servers to RCE Attacks

Google Paid $17.1 Million for Vulnerability Reports in 2025

3/11/2026

Krebs: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

Iran Plots ‘Infrastructure Warfare’ Against Multiple U.S. Tech Giants

Iran-Linked Hackers Claim Cyberattack on Albania’s Parliament Email Systems

Iranian Influence Operation Using Fake Personas to Deceive U.S. Instagram Users Disrupted, Meta Says

Meta Ramps up Efforts to Disrupt Industrialized Scamming

AI Cyber Startup Kai Raises $125 Million

Senators Propose Federal AI Commission Days After Anthropic Ban

Researchers Discover Major Security Gaps in LLM Guardrails

Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes

Foreign Hacker in 2023 Compromised Epstein Files Held by FBI, Source and Documents Show
238,000 Impacted by Bell Ambulance Data Breach

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

New Phantomraven npm Attack Wave Steals Dev Data via 88 Packages

Xygeni GitHub Action Compromised Via Tag Poison

SQLi Flaw in Elementor Ally Plugin Impacts 250k+ WordPress Sites

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Krebs: Microsoft Patch Tuesday, March 2026 Edition

France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025

Cyber-Attacks on UK Firms Increase at Four Times Global Rate

WhatsApp Introduces Parent-Managed Accounts for Pre-Teens

3/10/2026

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Finnish Intelligence Warns of Persistent Cyber Espionage From Russia, China

Israeli Cyber Authority Uses AI to Mock Iranian Hackers, Counter Psychological Warfare

Cybercrime Isn’t Just a Cover for Iran’s Government Goons – It’s a Key Part of Their Operations

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Signal Issues Scam Warning to Users After Hackers Target Officials

Your Data Has Been Breached! (And This Notice Is a Scam!)

Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds

U.S. Judiciary to Fast-Track Court Records System Upgrade After Hacking

Meta Acquires AI Agent Social Network Moltbook

OpenAI’s Promptfoo Deal Plugs Agentic AI Testing Gap

Microsoft Brings Phishing-Resistant Windows Sign-Ins via Entra Passkeys
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

New BeatBanker Android Malware Poses as Starlink App to Hijack Devices

New ‘BlackSanta’ EDR Killer Spotted Targeting HR Departments

Crooks Compromise WordPress Sites to Push Infostealers via Fake CAPTCHA Prompts

New ‘Zombie ZIP’ Technique Lets Malware Slip Past Security Tools

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

HPE Warns of Critical AOS-CX Flaw Allowing Admin Password Resets

Critical Microsoft Excel Bug Weaponizes Copilot Agent for Zero-Click Information Disclosure Attack

UK Plans to Shift Fraud Fight Onto Telecoms, Tech Companies

Rudd Confirmed to Head NSA, Cyber Command After Near Year-Long Vacancy

3/9/2026

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

Dutch Gov’t Warns of Russian Signal, WhatsApp Account Hijacking Attacks

Krebs: How AI Assistants are Moving the Security Goalposts

AI vs AI: Agent Hacked McKinsey’s Chatbot and Gained Full Read-Write Access in Just Two Hours

FBI Warns of Phishing Attacks Impersonating U.S. City, County Officials

UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source

White House Floats Victims Restoration Program for Millions Affected by Cyber Fraud

New White House Cyber Strategy Pledges to Ease Regulations, ‘Impose Costs’ on Bad Actors

CrowdStrike Sues Rival AiStrike for Trademark Infringement
ShinyHunters Claims More High-Profile Victims in Latest Salesforce Customers Data Heist

Ericsson U.S. Discloses Data Breach After Service Provider Hack

Ontario Health Agency Vendor Suffered Major Ransomware Attack in 2025

Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data

Microsoft Teams Phishing Targets Employees With A0Backdoor Malware

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Google: Cloud Attacks Exploit Flaws More Than Weak Credentials

Are We Ready for Auto Remediation With Agentic AI?

Trump Nominee Lt. Gen. Joshua Rudd to Lead Cyber Command, NSA Clears Key Senate Hurdle

3/6-8/2026

FBI Investigates Breach of Surveillance and Wiretap Systems

China Suspected in Breach of FBI Surveillance Network

China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks

Mojtaba Khamenei to Succeed His Father as Iran’s Supreme Leader

Iran Internet Blackout Reaches 6th Day as Rights Groups Call for End to Digital Shutdown

The Future of Iran’s Internet Is More Uncertain Than Ever

Iran’s MuddyWater Hackers Hit US Firms with New ‘Dindoor’ Backdoor

White House Publishes Long-Awaited Cybersecurity Strategy

Trump Signs Executive Order Aimed at Cybercrime Gangs

CBP Used Online Ad Data to Track Phone Locations

Online Age-Verification Tools Spread Across U.S. For Child Safety, but Adults Are Being Surveilled

Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester

Palantir Rallies 15% for the Week as Iran War Boosts Prospects, Muting Anthropic Concern

AI Agents Now Help Attackers, Including North Korea, Manage Their Drudge Work

Speakeasies to Shadow AI: Banning AI Browsers Will Fail

EU Court Adviser Says Banks Must Immediately Refund Phishing Victims

Ghanain Man Pleads Guilty to Role in $100 Million Fraud Ring
TfL Hack in 2024 Affected Around 10 Million People, BBC Can Reveal

DeKalb County (IN) Officials Release Data Breach Notice to Residents

Tennis Player Shares Threats Sent to Personal Phone, WTA Tour Says No Breach of Private Data

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

Bing AI Promoted Fake OpenClaw GitHub Repo Pushing Info-Stealing Malware

Fake Claude Code Install Guides Push Infostealers in InstallFix Attacks

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Termite Ransomware Breaches Linked to ClickFix CastleRAT Attacks

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Hackers Abuse .arpa DNS and ipv6 to Evade Phishing Defenses

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

CISA Warns Feds to Patch iOS Flaws Exploited in Crypto-Theft Attacks

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Ransomware’s New Target: The Systems Built to Recover From It

Indonesia to Ban Children Under 16 From Social Media

3/5/2026

Israel Says It Knocked Out Iran’s Cyber Warfare Headquarters

How Israel’s Cyber Chief Is Navigating Through the Dystopian Cyber-AI Period

Iran’s Pro-Regime Hackers Cannot Back Up Their Claims of Successful Cyber Attacks

How a Music Streaming CEO Built an Open-Source Global Threat Map in His Spare Time

Trump, Bondi Face Lawsuit Over Approval of ByteDance TikTok U.S. Asset Sale

Police Dismantles Online Gambling Ring Exploiting Ukrainian Women

FBI Arrests Suspect Linked to $46M Crypto Theft From U.S. Marshals

62 People Indicted by Taiwanese Prosecutors Over Ties to Cyber Scam Company Prince Group

Phobos Ransomware Admin Pleads Guilty to Wire Fraud Conspiracy
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

Italian Prosecutors Confirm Journalist Was Hacked With Paragon Spyware

Passaic County (NJ) IT Systems Hacked as Officials Warn Other NJ Towns May Be Targeted

Wikipedia Hit by Self-Propagating JavaScript Worm That Vandalized Pages

ContextCrush Flaw Exposes AI Development Tools to Attacks

AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns

Cisco Flags More SD-WAN Flaws as Actively Exploited in Attacks

WordPress Membership Plugin Bug Exploited to Create Admin Accounts

Google Says 90 Zero-Days Were Exploited in Attacks Last Year

3/4/2026

Multi-Stage “BadPaw” Malware Campaign Targets Ukraine

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers

Spyware-Grade Coruna iOS Exploit Kit Now Used in Crypto Theft Attacks

Kaspersky Dismisses Claims Coruna iPhone Exploit Kit Is Connected to NSA-Linked Operation

Anthropic ‘Made a Mistake’ in Pentagon Talks and Should ‘Correct Course,’ FCC Boss Says

U.S. and EU Police Shut Down LeakBase, a Site Accused of Sharing Stolen Passwords and Hacking Tools

Microsoft Helps Bust Global Hacking Service Tycoon 2FA
Mississippi Medical Center Reopens Clinics Hit by Ransomware Attack

Hacker Mass-Mails HungerRush Extortion Emails to Restaurant Patrons

Fake LastPass Support Email Threads Try to Steal Vault Passwords

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cisco Warns of Max Severity Secure FMC Flaws Giving Root Access

Mail2Shell Zero-Click Attack Lets Hackers Hijack FreeScout Mail Servers

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

Bitwarden Adds Support for Passkey Login on Windows 11

Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows

Stranger Things Meets Cybersecurity: Lessons from the Hive Mind

3/3/2026

Hack of Cameras, AI Use: Wide Cyberattack on Iran Preceded Khamenei Killing

Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App

Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services

Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion

The Lead U.S. Cyber Agency Is Stretched Thin as Iran Hacking Threat Escalates

Cyberwarriors Elevated to Big Leagues in U.S. War With Iran

U.S. Banks on High Alert for Cyberattacks as Iran War Escalates

A Possible U.S. Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals

How Journalists Are Reporting From Iran With No Internet

With Developer Verification, Google’s Apple Envy Threatens to Dismantle Android’s Open Legacy

Western Allies Form 6G Security Coalition Amid Tech Rivalry With China

Google Urges Supreme Court to Strike Down Geofence Warrants as Unconstitutional
LexisNexis Confirms Data Breach as Hackers Leak Stolen Files

Paint Maker Giant AkzoNobel Confirms Cyberattack on u.s. Site

Star Citizen Game Dev Discloses Breach Affecting User Data

Until Last Month, Attackers Could’ve Stolen Info From Perplexity Comet Users Just by Sending a Calendar Invite

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

AI and Deepfakes Supercharge Sophisticated Cyber-Attacks, Says Cloudflare

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google Chrome Shifts to Two-Week Release Cycle for Increased Stability

Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks

Half of U.S. CISOs Work the Equivalent of a Six-Day Week

Chat at Your Own Risk! Data Brokers Are Selling Deeply Personal Bot Transcripts

Turns Out Most Cybercriminals Are Old Enough to Know Better

California Fines National High School Ticketing Platform $1.1 Million for Privacy Violations

3/2/2026

Cyber Command Disrupted Iranian Comms, Sensors, Top General Says

Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel

UK Warns of Iranian Cyberattack Risks Amid Middle-East Conflict

Iran-Backed Hackers Aim for Economic Disruption

Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity

Attacks on GPS Spike Amid U.S. and Israeli War on Iran

Space Has Become ‘War-Fighting Domain’ as Militaries Race to Orbit, SES Chief Says

CyberStrikeAI Tool Adopted by Hackers for AI-Powered Attacks

Florida Woman Imprisoned for Massive Microsoft License Fraud Scheme

Alabama Man Pleads Guilty to Hacking, Extorting Hundreds of Women

German Court Convicts Alleged Mastermind Behind Global Investment Scam Network
Anthropic Confirms Claude Is Down in a Worldwide Outage Across All Platforms

Cyberattack Briefly Disrupts Russian Internet Regulator and Defense Ministry Websites

Russian Propaganda Network Uses ChatGPT to Plan Influence Operations in Africa

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Alleged India-Linked Espionage Campaign Targeted Pakistan, Bangladesh, Sri Lanka

Phish of the Day: Microsoft OAuth Scams Abuse Redirects for Malware Delivery

Fake Google Security Site Uses PWA App to Steal Credentials, MFA Codes

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome Unveils Plan For Quantum-Safe HTTPS Certificates

2/27-3/1/2026

Iran’s Supreme Leader Ayatollah Ali Khamenei Killed in Major Attack by U.S. and Israel

Ahead of Strikes, Trump Was Told Iran Attack Is High Risk, High Reward

Israel Hacked Popular Iranian Prayer App to Urge Defections, Resistance

Hackers Hit Iranian Apps, Websites After U.S.-Israeli Strikes

Why the U.S. and Israel Struck When They Did: A Chance to Kill Iran’s Leaders

This Is the System That Intercepted Iran’s Missiles Over the UAE

The 5 Big ‘Known Unknowns’ of Donald Trump’s New War With Iran

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

CISA Is Getting a New Acting Director After Less Than a Year: Nick Andersen is Replacing Madhu Gottumukkala

New York State Elevates Its Cyber Chief to a Broader New Security Role

Krebs: Who is the Kimwolf Botmaster “Dort”?

‘Silent Failure at Scale’: The AI Risk That Can Tip the Business World Into Disorder

Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

Ukrainian Man Pleads Guilty to Running AI-Powered Fake ID Site

‘Project Compass’ Cracks Down on ‘The Com’: 30 Members of Notorious Cybercrime Gang Arrested

Intellexa Founder, Three Others Sentenced to 8 Years in Prison Over Greek Spyware Scandal

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
South Korea’s Tax Office Apologizes for Leaking Seed Phrase to Seized Crypto

Personal Data Stolen in Ransomware Attack on Hong Kong’s Ngong Ping 360 Attraction

University of Hawaii Cancer Center Hack Exposed Social Security Numbers Of Up To 1.15 Million

North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

QuickLens Chrome Extension Steals Crypto, Shows ClickFix Attack

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

CISA Warns That RESURGE Malware Can Be Dormant on Ivanti Devices

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

UK Vulnerability Monitoring Service Cuts Unresolved Security Flaws by 75%

Microsoft Testing Windows 11 Batch File Security Improvements

EU Lawmakers Propose That Youth Under 16 Be Barred From Social Media Without Parental Consent

Instagram to Start Alerting Parents When Children Search for Terms Relating to Self-Harm

Life Mirrors Art: Ransomware Hits Hospitals on Television (TV) & In Real Life (IRL)

Samsung TVs to Stop Collecting Texans’ Data Without Express Consent

2/26/2026

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Ransomware Payment Rate Drops to Record Low as Attacks Surge

Scattered Lapsus$ Hunters Auditioning Female Voices to Sharpen Social Engineering

This AI Agent Is Designed to Not Go Rogue

Momentum Builds for Offensive Private-Sector Cyber Roles

NATO Says iPhones & iPads Are Secure Enough to Handle Classified Data

Greece’s Watergate: Four Convicted Over Spyware Scandal That Shook Greece

Former Air Force Officer Arrested for Conspiring With Hacker to Provide Flight Training to Chinese Military

Justice Department Exposed Cooperating Witnesses in Epstein Files

New York Sues Valve for Promoting Illegal Gambling via Game Loot Boxes
Olympique Marseille Confirms ‘Attempted’ Cyberattack After Data Leak

European DYI Chain ManoMano Data Breach Impacts 38 Million Customers

ShinyHunters Hacking Group Begins Leaking Customer Data in Dutch Telecom Odido Hack

Aeternum Botnet Shifts Command Control to Polygon Blockchain

New AirSnitch Attack Breaks Wi-Fi Encryption in Homes, Offices, and Enterprises

Previously Harmless Google API Keys Now Expose Gemini AI Data

Critical Juniper Networks PTX Flaw Allows Full Router Takeover

Trend Micro Warns of Critical Apex One Code Execution Flaws

Exploitable Vulnerabilities Present in 87% of Organizations

Microsoft Expands Windows Restore to More Enterprise Devices

Wyden Blocks Rudd Confirmation to Lead Cyber Command, NSA

2/25/2026

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Chinese Cyberspies Breached Dozens of Telecom Firms, Gov’t Agencies

Iran-Linked Group Claims Hack of Israel’s Largest Healthcare Network

Critical Cisco SD-WAN Bug Exploited in Zero-Day Attacks Since 2023

U.S. Orders Diplomats to Fight Data Sovereignty Initiatives

How Mexico’s ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media

Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files

ADT Just Bought the Company That Invented Wi-Fi Motion Sensing

Cyber Startups Ride AI Wave to Funding Highs

Israeli AI-Cyber Firm Gambit Security Raises $61 Million

Nvidia Beats Back Bubble Fears With Record $68 Billion in Sales in Fourth Quarter

Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days

Inside the Story of the U.S. Defense Contractor Who Leaked Hacking Tools to Russia

Moscow Man Accused of Posing as FSB Officer to Extort Conti Ransomware Gang
Popular Sex Toy Company Tenga Admits Hacker Stole Sensitive Customer Information

Medical Device Maker UFP Technologies Warns of Data Stolen in Cyberattack

Health Insurance Tech Provider TriZetto Says More Than 3 Million Impacted by 2024 Breach

Phishing Campaign ‘Diesel Vortex’ Targets Freight and Logistics Orgs in the U.S., Europe

New York City Transit Union Purportedly Targeted by Qilin

Malicious NuGet Package Targets Stripe Developers

Fake ‘Interview’ Repos Lure Next.js Devs Into Running Secret-Stealing Malware

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Zyxel Warns of Critical RCE Flaw Affecting Over a Dozen Routers

U.S. Cybersecurity Agency CISA Reportedly in Dire Shape Amid Trump Cuts and Layoffs

FTC Says It Won’t Enforce COPPA Against Proper Use of Age Verification Tools

Discord Puts Global Age Verification Policy on Hold After Backlash

Chinese Prosecutors Raise Alarm About Growth of Domestic IP Theft

2/24/2026

North Korean Lazarus Group Expands Ransomware Activity With Medusa

Phishing Operation With Links to Russia, Armenia Compromised Western Cargo Companies, Researchers Find

Chinese AI Firms Hit Claude with Distillation Attacks, Anthropic Warns

AI Has Gotten Good at Finding Bugs, Not So Good at Swatting Them

AI Is Transformative, but Won’t Replace Established Software Anytime Soon

Cost of Insider Incidents Surges 20% to Nearly $20m

UK Fines Reddit $19 Million for Using Children’s Data Unlawfully

Marquis Sues Firewall Provider SonicWall, Alleges Security Failings With Its Firewall Backup Led to Ransomware Attack

Binance Fired Staff Who Flagged $1 Billion Moving to Sanctioned Iran Entities

U.S. ‘Committed’ to Fighting Transnational Gangs Behind Southeast Asian Scam Compounds: FBI

U.S. Sanctions Russian Exploit Broker for Buying Cyber Tools Stolen From Defense Contractor

Ukraine Pushes Tighter Telegram Regulation, Citing Russian Recruitment of Locals
CarGurus Data Breach Exposes Information of 12.4 Million Accounts

Conduent Data Breach Grows, Affecting at Least 25M People

Wynn Resorts Says Hackers Stole Employee Data

ShinyHunters Extortion Gang Claims Odido Breach Affecting Millions

University of Mississippi Medical Center Clinics Remain Closed Nearly a Week After Cyber Attack

Crypto Platform Step Finance Shutting Down After $40 Million Theft

Multifaceted Phishing Scheme Deceives Bitpanda Customers

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

1Campaign Platform Helps Malicious Google Ads Evade Detection

Android Mental Health Apps With 14.7m Installs Filled With Security Flaws

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

Critical SolarWinds Serv-U Flaws Offer Root Access to Servers

2/23/2026

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Ukraine Says Cyberattacks on Energy Grid Now Used to Guide Missile Strikes

Ransomware Gangs Advancing Moscow’s Geopolitical Aims, Romanian Cyber Chief Warns

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

Cybersecurity Stocks Drop for a Second Day as New Anthropic Tool Fuels AI Disruption Fears

IQM Quantum Computers to List Shares in Us at Initial $1.8 Billion Valuation

Suspected Anonymous Members Detained in Spain Over Post-Flood DDoS Blitz
Air Côte d’Ivoire Confirms Cyberattack Following Ransomware Claims

Ad Tech Firm Optimizely Confirms Data Breach Affecting Customers After Vishing Attack

Supply Chain Shai-Hulud-Like Worm Targets Developers via npm and AI Tools

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

PayPal Fraud Investigation Reveals Sophisticated Python Malware

CISA: Two Recently Patched RoundCube Webmail Flaws Now Exploited in Attacks

Global Data Protection Authorities Warn Generative AI Companies Against Replicating Real People

2/20-22/2026

UAE Foils Cyber Attacks, State News Agency Says

Hackers Breach Contractor Linked to Ukraine’s Central Bank Collectible Coin Store

Russia Stepping up Hybrid Attacks, Preparing for Long Standoff With West, Dutch Intelligence Warns

Dramatic Escalation in Frequency and Power of DDoS Attacks

Predator Spyware Hooks iOS SpringBoard to Hide Mic, Camera Activity

Krebs: ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies

New Cybersecurity Rules for U.S. Defense Industry Create Barrier for Some Small Suppliers

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

Two Former Google Engineers and Spouse Indicted Over Trade Secret Transfers to Iran
ShinyHunters Demands $1.5m Not to Leak Vegas Casino Wynn Resorts and Resort Chain Data

Japanese Tech Giant Advantest Hit by Ransomware Attack

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

PayPal App Code Error Leaked Personal Info and a ‘Few’ Unauthorized Transactions

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Arkanix Stealer Pops up as Short-Lived AI Info-Stealer Experiment

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

Romanian Hacker Faces up to 7 Years for Breaching Oregon Emergency Management Dept

2/19/2026

Researchers Warn Volt Typhoon Still Embedded in U.S. Utilities and Some Breaches May Never Be Found

Nation-State Hackers Hit Businesses For Commercial Edge

Industrial Control System Vulnerabilities Hit Record Highs

The AI Security Nightmare Is Here and It Looks Suspiciously Like Lobster

Researchers Reveal Six New OpenClaw Vulnerabilities

How to Organize Safely in the Age of Surveillance

Crims Hit a $20M Jackpot via Malware-Stuffed ATMs

INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown

Nigerian Man Gets Eight Years in Prison for Hacking Tax Firms

UK to Demand Social Platforms Take Down Abusive Intimate Images Within 48 Hours

West Virginia Sues Apple for Alleged Child Sexual Abuse Material Failures

Google Blocked Over 1.75 Million Play Store App Submissions From Obtaining Excessive Access in 2025

Orange Shares Hit 16-Year High on Profit Beat, New Targets and M&A Hopes
Cyberattack Cripples University of Mississippi Medical Center Systems, Forces Clinic Closures

Attackers Breach France’s National Bank Account Database

Rhysida Ransomware Gang Threatens Cheyenne and Arapaho Tribes After Shutting Down Schools

Microsoft Error Sees Confidential Emails Exposed to AI Tool Copilot

Bug in Student Admissions Website Ravenna Hub Exposed Children’s Personal Information

Billions of Records Exposed by Unsecured IDMerit Database

Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA

Hackers Target Microsoft Entra Accounts in Device Code Vishing Attacks

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Remcos RAT Expands Real-Time Surveillance Capabilities

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

2/18/2026

New Backdoor Found in Android Tablets Targeting Users in Russia, Germany and Japan

Predator Spyware Used to Infect Phone Belonging to Angolan Journalist

Parents Angered by Lack of Online Safety Strategy

Spain Orders NordVPN, ProtonVPN to Block LaLiga Piracy Sites

Glendale Man Gets 5 Years in Prison for Role in Darknet Drug Ring

Fraudster Hacked Hotel System, Paid 1 Cent for Luxury Rooms, Spanish Cops Say

Texas Sues TP-Link Over China Links and Security Vulnerabilities

Poland Bans Chinese-Made Cars From Entering Military Sites

Hacking Conference Def Con Bans Three People Linked to Jeffrey Epstein
A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

Data Breach at Fintech Firm Figure Affects Nearly 1 Million Accounts

ShinyHunters Allegedly Drove off With 1.7m Cargurus Records

Cryptojacking Campaign Exploits Driver to Boost Monero Mining

Telegram Channels Expose Rapid Weaponization of SmarterMail Flaws

Fed Agencies Ordered to Patch Dell Bug by Saturday After Exploitation Warning

Dell’s Hard-Coded Flaw: A Nation-State Goldmine

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical Infra Honeywell CCTVs Vulnerable to Auth Bypass Flaw

2/17/2026

China Remains Embedded in U.S. Energy Networks ‘For the Purpose of Taking It Down’

Chinese Hackers Exploiting Dell Zero-Day Flaw Since Mid-2024

A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes

Low-Skilled Cybercriminals Use AI to Perform “Vibe Extortion” Attacks

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Significant Rise in Ransomware Attacks Targeting Industrial Operations

Wrongly Sent Emails ‘Most Common Data Breach’

Palo Alto Networks Slumps 6% as Third Quarter Profit Guidance Falls Short

U.S. Lawyers Fire Up Privacy Class Action Accusing Lenovo of Bulk Data Transfers to China

Poland Arrests Suspect Linked to Phobos Ransomware Operation
Hackers Target Supporters of Iran Protests in New Espionage Campaign

Citizen Lab: Kenyan Authorities Used Cellebrite to Break Into Phone of Dissident

Fake Milano Cortina Sites Target Thousands With Discount Scams, Cybersecurity Firm Says

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

RMM Abuse Explodes as Hackers Ditch Malware

Flaws in Popular VSCode Extensions Expose Developers to Attacks

Notepad++ Boosts Update Security With ‘Double-Lock’ Mechanism

Android 17 Beta Introduces Secure-By-Default Architecture

Apple Expands RCS Encryption and Memory Protections in iOS 26.4

Ireland Now Also Investigating X Over Grok-Made Sexual Images

2/13-16/2026

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

China May Be Rehearsing a Digital Siege, Taiwan Warns

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third

NATO Must Impose Costs on Russia, China Over Cyber and Hybrid Attacks, Says Deputy Chief

Europe Must Adapt to ‘Permanent’ Cyber and Hybrid Threats, Sweden Warns

EU Can’t Be ‘Naive’ About Enemies Shutting Down Critical Infrastructure, Warns Tech Official

Space Emerges as New Front in Great Power Competition, Officials Warn

AI Coding Platform’s Flaws Allow BBC Reporter to Be Hacked

Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords

The El Paso No-Fly Debacle Is Just the Beginning of a Drone Defense Mess

Robot Dogs Are on Going on Patrol at the 2026 World Cup in Mexico

Ring Ends Partnership Plans With Flock Days After Privacy Blowback From Super Bowl Ad

Dutch Cops Arrest Man After Sending Him Confidential Files by Mistake

Louis Vuitton, Dior, and Tiffany Fined $25 Million Over Data Breaches

U.S. Needs to Impose ‘Real Costs’ on Bad Actors, State Department Cyber Official Says
Washington Hotel in Japan Discloses Ransomware Infection Incident

Canada Goose Ruffles Feathers Over 600K Record Dump, Says Leak Is Old News

Eurail Says Stolen Traveler Data Now up for Sale on Dark Web

Over 500,000 Vkontakte Accounts Hijacked Through Malicious Chrome Extensions

Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft

Snail Mail Letters Target Trezor and Ledger Users in Crypto-Theft Attacks

Pastebin Comments Push ClickFix JavaScript Attack to Hijack Crypto Swaps

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

New ClickFix Attack Abuses Nslookup to Retrieve Powershell Payload via DNS

Claude LLM Artifacts Abused to Push Mac Infostealers in ClickFix Attack

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

OysterLoader Evolves With New C2 Infrastructure and Obfuscation

CISA Flags Critical Microsoft Sccm Flaw as Exploited in Attacks

CISA Gives Feds 3 Days to Patch Actively Exploited BeyondTrust Flaw

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Starlink Restrictions Hit Russian Forces as Moscow Seeks Workarounds

Infosec Exec Sold Eight Zero-Day Exploit Kits to Russia, Says DOJ

2/12/2026

Palo Alto Chose Not to Tie China to Hacking Campaign for Fear of Retaliation From Beijing, Sources Say

Nation-State Hackers Embrace Gemini AI for Malicious Campaigns, Google Finds

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Kim Jong Un Chooses Teen Daughter as Heir, Says Seoul

Cloudflare Rises 5% as AI Agent Wave Led by Viral Moltbot Boosts Security Demand

Check Point Software Lifts Profit Outlook as AI-Driven Cyber Threats Surge

AI Skills Represent Dangerous New Attack Surface, Says TrendAI

Those ‘Summarize With AI’ Buttons May Be Lying to You

Crypto-Funded Human Trafficking Is Exploding

Guthrie Doorbell Video Delayed by Difficult Data Recovery, but Privacy Advocates Still Worry

FTC Push for Age Verification a ‘Major Landmark’ for Spread of the Tool

WhatsApp Says Russia Tried to Fully Block Platform, Push Users to State App
Odido Data Breach Exposes Personal Info of 6.2 Million Customers

Romania’s Oil Pipeline Operator Conpet Confirms Data Stolen in Attack

Fake AI Chrome Extensions With 300K Users Steal Credentials, Emails

World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Critical BeyondTrust RCE Flaw Now Exploited in Attacks, Patch Now

WordPress Plugin With 900K Installs Vulnerable to Critical RCE Flaw

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Microsoft: New Windows LNK Spoofing Issues Aren’t Vulnerabilities

Bitwarden Introduces ‘Cupid Vault’ for Secure Password Sharing

A Hard Truth in Munich: Cyber Defense Runs Through Silicon Valley

U.S. Wants Cyber Partnerships to Send ‘Coordinated, Strategic Message’ to Adversaries

2/11/2026

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Krebs: Kimwolf Botnet Swamps Anonymity Network I2P

Posting AI-Generated Caricatures on Social Media Is Risky, Infosec Killjoys Warn

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

AI Rising: Do We Know Enough About the Data Populating It?

40 State AGs Warn House KOSA Bill Falls Short of Protecting Children Online

Police Arrest Seller of JokerOTP MFA Passcode Capturing Tool

Moscow Moves to Throttle Telegram as Kremlin Pushes Its Own Messaging App

UK Blames Legacy Systems as Ministers Promise No Repeat of Afghan Breach
Georgia Healthcare Company ApolloMD Data Breach Impacts More Than 620,000

Tulsa International Airport Hit With Ransomware Attack

LummaStealer Infections Surge After Castleloader Malware Campaigns

Crazy Ransomware Gang Abuses Employee Monitoring Tool in Attacks

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Microsoft Fixes Notepad Flaw That Could Trick Users Into Clicking Malicious Markdown Links

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

Interim CISA Chief: ‘When the Government Shuts Down, Cyber Threats Do Not’

Is Spyware Hiding on Your Phone? How to Find Out and Remove It – Fast