Latest updates from top security sources
West Pharmaceutical Services, a $3 billion S&P 500 drug‑packaging firm, disclosed on May 13, 2026 that it was hit by a material cyberattack. The company detected the intrusion on M...
Cybersecurity researchers have identified a sophisticated campaign dubbed "GemStuffer" that has compromised the RubyGems package repository with over 150 malicious gems designed to...
A sophisticated phishing operation dubbed "Operation HookedWing" has been systematically targeting organizations across critical sectors for over four years, according to threat in...
Braintrust, an AI infrastructure provider, disclosed on March 5 2026 that an unauthorized party had gained access to one of its Amazon Web Services (AWS) accounts. The intrusion, d...
RansomHouse, a known ransomware operation, has claimed responsibility for a breach at Trellix, a prominent cybersecurity vendor. The group posted several screenshots on a dark‑web ...
General Motors has agreed to pay a $12.75 million settlement to the State of California for collecting and sharing sensitive driver data without proper consent, marking the largest...
A federal jury in Virginia has convicted 39-year-old Richmond resident James E. Thornton on multiple charges stemming from a 2023 cyber intrusion that resulted in the deletion of 9...
On Thursday, May 30 2025, a coordinated cyber incident hit Instructure's Canvas learning management system, displaying a ransom note from an unidentified cybercriminal group to stu...
The Hacker News recently highlighted an emerging cybersecurity threat model dubbed "Patient Zero" that organizations increasingly struggle to detect. A specialized webinar hosted b...
NVIDIA has officially confirmed a data breach impacting its GeForce NOW service, exposing personal information for a subset of users in Armenia. The disclosure, made in a statement...
Trellix, a prominent cybersecurity vendor, disclosed on [date] that its internal source‑code repository had been compromised. The intrusion was promptly claimed by the RansomHouse ...
Zara, the Spanish fast‑fashion giant, has confirmed a data breach that exposed the personal information of approximately 197,000 customers. The compromise was uncovered after the b...
A massive data‑extortion campaign slammed the widely‑used learning‑management platform Canvas on Tuesday, forcing districts and universities across the United States to suspend onl...
ShinyHunters, the notorious threat group behind a string of high‑profile data thefts, announced on March 5 that it had executed a second intrusion into Instructure, the education‑t...
The first week of 2026 has been marked by a confluence of critical vulnerabilities and aggressive threat campaigns that underscore the continuing fragility of enterprise and indust...
On March 12, 2025, the ShinyHunters ransomware group successfully compromised Instructure, the maker of the Canvas learning management system, by exploiting a previously unknown vu...
Organizations investing heavily in data loss prevention (DLP) solutions are discovering a critical blind spot: the browser has become the primary vector for inadvertent data exfilt...
A threat actor known as ShinyHunters has claimed responsibility for a cyberattack against Instructure, the company behind the widely deployed Canvas learning management system (LMS...
Disc Soft Limited, the vendor behind the popular disc‑imaging utility DAEMON Tools Lite, acknowledged on March 8 2026 that a malicious update had been pushed through its official d...
Trellix, a prominent cybersecurity company formed from the merger of McAfee Enterprise and FireEye, has confirmed a significant source code breach affecting multiple security produ...
A new proof‑of‑concept (PoC) published by security researcher Alex Chen of CyberX Labs shows that Microsoft Edge stores user passwords in plaintext within the browser’s process mem...
Education technology provider Instructure has disclosed a significant data breach after a threat actor operating under the alias 'CSAMKing' claimed to have stolen approximately 280...
The ShinyHunters extortion group has claimed responsibility for a significant data breach at Vimeo, the popular online video platform owned by IAC. Security researchers first ident...
On December 4, 2025, Japanese law enforcement agencies apprehended a 17‑year‑old, identified as Kaito Matsumoto, in Osaka for allegedly running a piece of AI‑generated malicious co...
Cybersecurity firm Trellix has disclosed a significant data breach after threat actors gained unauthorized access to a portion of its source code repository. The incident, discover...
Instructure, the educational technology company behind the popular Canvas learning‑management system, confirmed on March 5 2026 that unauthorized actors had accessed its internal n...
Trellix has officially acknowledged a security incident in which an unauthorized party gained access to a portion of its source code repositories. The company said it identified th...
A newly uncovered Vietnamese‑linked phishing campaign has compromised roughly 30,000 Facebook accounts by abusing Google’s low‑code AppSheet platform as a covert relay. Researchers...
Instructure, the company behind the widely used Canvas learning management system, disclosed on March 2 2026 that it had identified a cyber incident affecting its internal infrastr...
French police (the Direction centrale de la police judiciaire, DCPJ) and the Paris Prosecutor’s Office have detained a 15‑year‑old, known by the alias "M4L", on suspicion of sellin...
BleepingComputer published a story on March 5, 2026 claiming that Instructure, the education‑technology company behind the Canvas learning‑management platform, had suffered a new d...
Law enforcement agencies in the United States and Europe have dismantled a sprawling SMS phishing campaign that leveraged fake cellular base stations, known as IMSI catchers, to bl...
Security researchers using an AI‑driven code analysis platform identified 38 distinct vulnerabilities in the OpenEMR electronic health record (EHR) system, including 12 rated criti...
Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...
In the rush to hybrid cloud adoption, many organizations treat data movement as a simple connectivity chore. Open a ticket, spin up an SFTP gateway, push the data across, and consi...
Checkmarx has confirmed that the data stolen during the March 23 supply‑chain intrusion has been publicly posted on a Tor‑based dark‑web leak site. The company’s incident response ...
Tyler Robert Buchanan, a 24‑year‑old British national known in the cybercrime underground as “Tylerb,” pleaded guilty on June 5 2024 in a U.S. District Court to one count of wire‑f...
On March 5, 2026, Vercel's security operations center (SOC) detected anomalous activity stemming from an OAuth token tied to a senior developer's account. The token, scoped to the ...
WhatsApp has patched a critical flaw that allowed attackers to harvest user metadata simply by knowing a victim's phone number, according to a Dark Reading analysis published this ...
Even major online services that pride themselves on seamless login experiences are quietly exposing sensitive user data through SMS sign‑in links. Security researchers analyzing th...
Google announced on Monday that it will retire the Dark Web Report feature from its Google Account dashboard, ending a service that warned users when their personal information app...
Google on Monday rebuffed recent reports—published by Ars Technica—that claimed a massive breach exposing all 2.5 billion Gmail accounts, asserting that its security controls are r...
Clorox has filed a lawsuit against a service desk vendor following a 2023 cybersecurity breach that cost the company approximately $380 million. The legal action centers on allegat...
Nintendo has alerted owners of its upcoming Switch 2 console that the built‑in GameChat feature creates temporary local copies of voice and text conversations, and that those recor...
Over the weekend, Nelnet Servicing, a major U.S. student‑loan servicer operating under contract with the Department of Education’s Federal Student Aid (FSA) office, disclosed a dat...
Peiter “Mudge” Zatko, Twitter’s former head of security, filed a whistleblower complaint in July 2022 with the Federal Trade Commission (FTC) and the Senate Select Committee on Int...