Third-party software supplier breached leading to leak of notes Around 15.8 million administrative files were stolen after attackers breached a software supplier to France's health ministry.…

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices.…

'Expect elevated activity for the foreseeable future' Iranian hackers have launched spying expeditions, digital probes, and distributed denial of service (DDoS) attacks in the wake of the US and Israel launching missile strikes over the weekend, and security researchers urge organizations to expect ...

NCSC urges all to review posture as escalating tensions increase risk of indirect digital spillover The UK's cybersecurity agency is warning British organizations to brace for potential digital blowback as the Middle East conflict spills further into the online world.…

Vulnerable citizens targeted by criminals purporting to represent fake police crisis department Scammers targeted Dubai citizens mere hours after missiles struck the city, attempting to gain access to their bank accounts, police have warned.…

Went from triumph at having busted tax dodgers to embarrassment at losing the proceeds South Korea’s National Tax Service has apologized after it leaked passwords to a stash of stolen crypto, which parties unknown used to make off with the digi-cash.…

Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife A new remote access trojan (RAT) being sold on cybercrime networks enables double extortion attacks on Windows machines by bundling ransomware and data theft, along with credential and cryptocurrency ...

Who is knocking at the Dohdoor? Digital intruders with possible links to North Korea have been infecting US education and healthcare sectors with a never-before-seen backdoor since at least December, according to security researchers.…

Smaller crews piled in as old names splintered and rebranded Ransomware payments cratered in 2025, but it seems like the cybercrooks launching the attacks didn't get the memo.…

Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor Updated  French online marketplace ManoMano is warning customers their personal data was siphoned off after a cyberattack hit one of its customer support subcontractors – and criminals are already claimin...

Company refuses to pay ransom as attackers threaten larger daily dumps The Netherlands' national police is backing Odido's refusal to pay a ransom after ShinyHunters leaked a second round of records belonging to the telco.…

Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.…

UNC2814 historically targets governments and telcos A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, whi...

Former Trenchant manager profited millions from cyber tools reserved for the US The former general manager of L3Harris's cyber arm will spend the next seven years behind bars for selling trade secrets to Russia.…

Security pros question assurances as company offers staff credit monitoring Wynn Resorts has confirmed that employee data was stolen from its servers, and is taking the hackers' word that they've since deleted it.…

Note to secret agents: ChatGPT is NOT a private diary A ChatGPT user with links to Chinese law enforcement tried to use the AI chatbot to run smear campaigns targeting the Japanese prime minister and other critics of the Chinese Communist Party, according to OpenAI's latest report on malicious uses ...

New ransomware of choice, same critical targets North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and...

Public prosecutor mulls sentencing following investigations into two separate attacks Two South Korean teenagers were this week charged with breaching Seoul's public bike service, Ttareungyi.…

Quartet accused of attacking public institutions, claiming the government was responsible for 2024 tragedy Spanish police say four self-proclaimed members of Anonymous are in custody after allegedly carrying out several cyberattacks on public authorities in the wake of the 2024 DANA floods.…

Off-the-shelf tools helped Russian-speaking cybercrime group run riot Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS.…

PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more Infosec In Brief  An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.…

About 100 customers affected PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…

What happens in Vegas… Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

Polish arrest leads to extradition and federal prison sentence Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.…

$300 a month buys you a backdoor that looks like legit software Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.…

FBI warns these cyber-physical attacks are on the rise Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States.…

'Potential data protection incident' at an 'independent licensing partner,' we're told Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant.…

Latest in a rash of grab-and-leak data incidents updated  CarGurus purportedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday.…

'First time we have detected a crime using this method,' cops say Spanish police arrested a hacker who allegedly manipulated a hotel booking website, allowing him to pay one cent for luxury hotel stays. He also raided the mini-bars and didn't settle some of those tabs, police say.…

National rail bookings and timetables disrupted for nearly 24 hours If you wanted to book a train trip in Germany recently, you would have been out of luck. The country's national rail company says that its services were disrupted for hours because of a cyberattack.…

Full scale of infections remains 'unknown' China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, accordin...

Plus 3 new goon squads targeted critical infrastructure last year Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas co...

Police say seized kit contained logins, passwords, and server IP addresses Polish police have arrested and charged a man over ties to the Phobos ransomware group following a property raid.…

Fashion brand latest to succumb to ShinyHunters' tricks Canada Goose says an advertised breach of 600,000 records is an old raid and there are no signs of a recent compromise.…

High-severity CSS flaw let malicious webpages run code inside the sandbox Google has quietly pushed out an emergency Chrome fix after attackers were caught exploiting the browser's first reported zero-day of 2026.…

PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more Infosec in Brief  The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week....

Names, addresses, bank account numbers accessed – but biz insists passwords and call data untouched The Netherlands' largest mobile network operator (MNO) has admitted that a breach of its customer contact system may have affected around 6.2 million people.…

As if snooping on your workers wasn't bad enough Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.…

Flaw abused 'in an extremely sophisticated attack against specific targeted individuals' Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.…

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.…

Meanwhile, IP-stealing 'distillation attacks' on the rise A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks against US organizations, the company says.…

Attackers using social engineering to exploit business processes, rather than tunnelling in via tech Exclusive  When fraudsters go after people's paychecks, "every employee on earth becomes a target," according to Binary Defense security sleuth John Dwyer.…

Operation Cyber Guardian involved 100-plus staff across government and industry Singapore spent almost a year flushing a suspected China-linked espionage crew out of its telecom networks in what officials describe as the country's largest cyber defense operation to date.…

HR outsourcer Conduent confirms intruders accessed benefits-related records tied to US personnel Nearly 17,000 Volvo employees had their personal data exposed after cybercriminals breached Conduent, an outsourcing giant that handles workforce benefits and back-office services.…

So many CVEs, so little time Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims' IT environments, move laterally, and steal high-privilege credentials, according to Microsoft researchers.…

Staff data belonging to the regulator and judiciary's governing body accessed The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.…

Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity Brussels is digging into a cyber break-in that targeted the European Commission's mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff.…

Attackers may have snapped user locations and activity information, message warns Legacy image-sharing website Flickr suffered a data breach, according to customer emails seen by The Register.…

Contact details were accessed in an intrusion that went undetected for months, the blogging outfit says Newsletter platform Substack has admitted that an intruder swiped user contact details months before the company noticed, forcing it to warn writers and readers that their email addresses and othe...

And their toolkit includes a new, Linux kernel rootkit A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.…