Data Breaches
A new extortion gang known as BlackFile, linked to the broader criminal network “The Com,” has been targeting retail and hospitality organizations since February 2026, using vishing-to-fake-SSO-phishing chains to steal credentials, exfiltrate SaaS data, and demand seven-figure ransom payments. ARLINGTON, VIRGINIA — A surge in sophisticated voice-phishing (vishing) attacks has put
Cyber Attacks
A newly-detailed telecommunications fraud campaign uses fake CAPTCHA verification prompts to trick users into sending up to 60 international SMS messages, quietly adding tens of dollars to phone bills while Keitaro traffic distribution campaigns drive parallel crypto-wallet drainer scams. SANTA CLARA, CALIFORNIA — Security researchers have uncovered a massive, multi-channel fraud
Data Breaches
Medtronic says an unauthorized party accessed data in “certain corporate IT systems,” validating claims by the ShinyHunters extortion group that it stole more than 9 million records of personally identifiable information from the medical-device giant. DUBLIN, IRELAND — Medtronic, the global heavyweight in medical technology, has officially moved from investigation to
Threat Intelligence
An update on the macOS ClickFix threat: North Korean actors Sapphire Sleet and UNC1069 are now deploying AppleScript-based delivery chains and "Terminal-paste" lures to steal crypto-wallets and credentials from enterprise targets. SEOUL, SOUTH KOREA — The "ClickFix" social engineering phenomenon has officially evolved into a targeted nation-state
Vulnerabilities
A stored cross-site scripting flaw in Zimbra Collaboration Suite (CVE-2025-48700) is now being exploited in the wild against more than 10,000 exposed servers worldwide, prompting CISA to add the bug to its Known Exploited Vulnerabilities catalog and order U.S. federal agencies to patch within three days. GLOBAL — For
Vulnerabilities
A newly-disclosed Server-Side Request Forgery flaw in the LMDeploy LLM inference-serving toolkit is already under active exploitation, with attackers using a vision-language-module endpoint as an SSRF primitive to probe AWS IMDS, internal databases, and admin planes within minutes of patch availability. SHANGHAI, CHINA — The window between a vulnerability disclosure and
Trending
German authorities say a wave of phishing attacks targeting lawmakers and senior officials via Signal was “presumably run from Russia,” marking a major escalation in a broader campaign against European political figures. BERLIN, GERMANY — What began as a targeted intrusion has evolved into a full-scale diplomatic and espionage crisis. German
Vulnerabilities
Security researchers at Kaspersky have uncovered PhantomRPC, an architectural-level vulnerability in Windows Remote Procedure Call that lets attackers deploy a fake RPC server and escalate privileges from low-privileged contexts to SYSTEM or Administrator — without requiring a classic memory-corruption bug. SINGAPORE — In the world of Windows exploitation, attackers usually hunt for
Ransomware
The Trigona ransomware-as-a-service (RaaS) group, linked to the Rhantus cybercrime umbrella, has begun using a privately-built exfiltration tool instead of common utilities like Rclone and MegaSync. The new “uploader_client.exe” client helps Trigona move data quickly, rotate connections to hide from network monitoring, and maintain a lower profile during
Italian-linked surveillance firm IPS Intelligence is tied to a new Android spyware, “Morpheus,” that tricks targets into installing a fake “update” app and then hijacks WhatsApp accounts using biometric-spoofing overlays. The case highlights how commercial spyware vendors are turning to mobile-phishing tactics to deploy powerful snooping tools. MILAN, ITALY — Another
A “mobile SMS blaster” deployed from vehicles in Toronto mimicked cell towers, hijacked tens of thousands of phones, and caused 13 million network disruptions—temporarily blocking 911 access while sending massive volumes of fraudulent texts under Project Lighthouse. TORONTO, ONTARIO — In a first-of-its-kind cybercrime investigation in Canada, the Toronto Police
Itron Inc. (NASDAQ: ITRI), a leading smart-meter and utility-technology provider, has disclosed a limited-scope cyberattack on its internal systems, confirming unauthorized access but saying operations and customer systems show no material disruption. LIBERTY LAKE, WASHINGTON — Itron Inc., a global heavyweight in the smart-metering and grid-management sector, has formally disclosed a
A newly-tracked threat cluster, UNC6692, is using social-engineering-driven Teams-chats to pose as IT support, tricking employees into installing a custom modular malware toolkit called SNOW. The attack signals a shift from pure-email-phishing to "chat-based intrusion." MOUNTAIN VIEW, CALIFORNIA — A sophisticated new threat cluster, identified by the Google Threat
A file-upload bug in the Breeze Cache plugin is under active exploitation, but only sites with the optional “Host Files Locally – Gravatars” feature enabled appear exposed. The issue highlights how a niche plugin setting can create outsized risk across a large WordPress install base. VALENCIA, SPAIN — Threat actors have begun
A 12-year-old TOCTOU bug in the Linux PackageKit daemon, now dubbed Pack2TheRoot (CVE-2026-41651), allows local users to silently install system packages and escalate to full root on many default-install Linux desktops and servers. BONN, GERMANY — Security researchers from Deutsche Telekom’s Red Team have disclosed a high-severity local privilege escalation
Ransomware group Incransom has targeted TruGreen, a major lawn-care and consumer-services provider, in a double-extortion attack that threatens the leaking of sensitive customer and operational data. MEMPHIS, TN — On April 22, 2026, the ransomware collective known as Incransom publicly claimed responsibility for a compromise of TruGreen Limited Partnership (trugreen.com)
Germany’s Bundestag President Julia Klöckner has reportedly become the latest victim of a Signal-based phishing campaign, in which attackers used social-engineering tactics to compromise her encrypted-messaging account and access sensitive group chats. BERLIN, GERMANY — The Federal Office for Information Security (BSI) and the Federal Office for the Protection of
The delayed 2026 notification of a massive 1.7-million-record exposure at Kettering Health highlights the "long tail" of healthcare ransomware, where the clinical recovery of a hospital often precedes the true regulatory and legal fallout by nearly a year. DAYTON, OH — A 2025 ransomware attack on Ohio-based Kettering
Notion pages published to the web may be silently leaking collaborators’ email addresses and profile photos, exposing thousands of users and organizations to potential phishing and social-engineering attacks. SAN FRANCISCO, CA — A design-driven privacy vulnerability in Notion’s "Publish to web" feature is currently exposing the personally identifiable
Same group behind ADT 10M breach claims 1.4M Udemy users via SaaS vishing. Education sector PII and corporate data at risk. April 27 leak deadline looms. SAN FRANCISCO, CA — Less than a week after the ADT data breach exposed 10 million records, the notorious threat collective ShinyHunters has claimed
America's largest home security provider confirms breach after vishing attackers claim 10M customer records. Okta SSO → Salesforce attack chain exposes PII and partial SSNs. BOCA RATON, FL — In a stinging blow to the world’s most recognized name in physical security, ADT Inc. (NASDAQ: ADT) has confirmed a
