How a malicious AI agent
A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts
Password manager LastPass is still dealing with the settlement from its 2022 data breach (see Related Posts, below, for background on that), but now it has another breach to disclose. Zack Whittaker reports: Password man
Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations cont
A 20-year-old and an 18-year-old admitted to infiltrating the network of Transport for London in 2024, disrupting public transportation services for months.
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25. The post Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy De
Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discloses Data Breach appeared first on SecurityWeek.
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]
CSOs must re-write their cyber risk strategies because threat actors are increasing using AI to evade defenses, says a group of national cybersecurity agencies – a call that one expert immediately complained is too vague
Ubiquiti UniFi OS Path Traversal Vulnerability — Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that coul
Ubiquiti UniFi OS Improper Access Control Vulnerability — Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to
Lantronix EDS5000 Code Injection Vulnerability — Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are exe
Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a data breach impacting near
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
Ubiquiti UniFi OS Improper Input Validation Vulnerability — Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injectio
Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. [...]
A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. [...]
Indian manufacturer Tata Electronics said a recent cybersecurity incident had "no impact" on operations. A cybercrime group had said it stolen confidential documents from the company.
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Great
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls global
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-sour
Customer data from several prominent cybersecurity firms was among that of hundreds of potential enterprise victims.
Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks.
What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response. The disc
Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek.