Trending
A critical pre-authentication Remote Code Execution (RCE) vulnerability in the Marimo open-source Python notebook has seen active exploitation less than half a day after its public disclosure, highlighting the extreme speed of modern threat actors. SAN FRANCISCO, CA — Security teams are racing to patch installations of Marimo, a reactive Python
Trending
CVS Health subsidiary Aetna has disclosed two separate security incidents involving unauthorized access to member data. While distinct in their execution, both breaches highlight the persistent vulnerabilities within the healthcare sector's data management pipelines. HARTFORD, CT — Aetna, the Hartford-based health insurance giant owned by CVS Health, has filed
Trending
A newly identified threat actor, UNC6783, is bypassing the "front door" of major corporations by targeting Business Process Outsourcing (BPO) firms. By leveraging fake Okta portals and hijacked Zendesk tickets, the group has successfully extorted dozens of high-value targets, exposing a critical failure in the Managed Perimeter. MOUNTAIN
Trending
Yesterday, Nextend confirmed that its update servers were compromised, leading to the distribution of backdoored versions of Smart Slider 3 Pro. With nearly a million sites affected across WordPress and Joomla, this is one of the most significant supply chain attacks of the year. BUDAPEST, HUNGARY — Security researchers at Patchstack
Trending
A sophisticated social engineering campaign dubbed "ClickFix" has pivoted to target macOS users, leveraging fake browser errors to trick victims into executing malicious scripts that bypass standard Apple security prompts. CUPERTINO, CA — For years, the prevailing wisdom suggested that macOS was a "walled garden" largely immune
Cyber-Warfare
Yesterday, we reported on the unprecedented scale of the National Supercomputing Center (NSCC) breach. Today, the focus shifts from how much was taken to exactly what — and the implications for global stability. CHENGDU, CHINA — New intelligence regarding the 10-petabyte data theft from China’s National Supercomputing Center suggests the breach
Data Breaches
What began as a security "anomaly" in late 2025 has escalated into a major privacy crisis, as hackers begin offloading sensitive passport and contact information belonging to Interrail and Eurail customers. UTRECHT, NETHERLANDS — Eurail B.V., the organization behind the popular Interrail and Eurail passes, has confirmed that
Business Email Compromise (BEC)
The oil and gas recovery specialist has launched an investigation into a sophisticated cyberattack that successfully redirected a major project payment to an unauthorized third-party account. LONDON — Zephyr Energy, a technology-led energy company focused on responsible resource development, has disclosed a significant cyberattack that resulted in the diversion of approximately
Threat Intelligence
Researchers have uncovered a sophisticated spearphishing operation aimed at journalists and human rights defenders, leveraging custom spyware to exfiltrate private iCloud backups and Android device data. CAIRO — A new wave of targeted cyberattacks has been identified across the Middle East and North Africa (MENA), specifically focusing on members of the
Data Breaches
The world’s largest cryptocurrency ATM operator has confirmed a security incident involving its corporate hot wallets, leading to the unauthorized transfer of 50.9 Bitcoin. ATLANTA — Bitcoin Depot, the leading provider of cryptocurrency ATMs globally, has disclosed a significant security breach that occurred earlier this week. According to corporate
Threat Intelligence
A sweeping new federal mandate blocks the authorization and import of networking equipment from high-risk foreign adversaries, targeting vulnerabilities used in state-sponsored botnets. WASHINGTON — The Federal Communications Commission (FCC) has issued an unprecedented order banning the import and sale of new consumer and enterprise routers manufactured in several foreign nations,
Data Breaches
A major vulnerability in a prominent companion AI platform has led to the public exposure of sensitive prompts and account identifiers, highlighting the privacy risks of generative AI data retention. SAN FRANCISCO — Security researchers have confirmed a significant data breach at MyLovely.ai, a popular "AI companion" platform.