China Uses Dual-Method Cyberattack on
China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supp
Linux Kernel Improper Authentication Vulnerability — Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
Android Framework Integer Overflow Vulnerability — Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
177,860 records exposed — Device information, Email addresses, IP addresses, Passwords and 2 more
Oracle WebLogic Server Unspecified Vulnerability — Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, incl
The Bombay High Court granted interim relief to HDFC AMC after a ransomware group called “Morpheus” allegedly stole over 680 GB of sensitive company and investor data. The court barred unidentified hackers from publishin
Cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications, exposing millions of customer records after a failed extortion attempt. The ShinyHunters extortion group has published data allegedl
Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.
63,926 records exposed — Email addresses, IP addresses, Passwords, Support tickets and 1 more
A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues
Jaimie Ding reports: Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. 23andme is known for its direct-to-consumer DNA test kit
The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek.
Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other News: Trump Mobile
Noelle Crombie reports on today’s reminder of the insider threat: A former Snake River Correctional Institution employee accessed tens of thousands of Oregon Department of Corrections files over a six-month period
Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the op
Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. The post California Sues 23andMe, Alleging It Failed to Protect User Data in
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been P
Michel Gribouille reports: A major French health-care payments middleman says hackers broke into a key authorization portal and may have exposed sensitive personal data, including France’s equivalent of a Social Security
Big tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulations to come. While lawyers and experts quizzed by CSO broad
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability — Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorize
19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies