Cosmetics giant Rituals
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. [...]
2026 Data Breaches Year-to-Date (644 indexed)
New Checkmarx supply-chain breach affects
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
Africa Relinquishes Cyberattack Lead to
The volume of cyberattacks targeting Africa declined in the past year, with weekly attacks down 22%, as attackers seemingly shifted their focus to other regions.
South Korea’s regulator fines matchmaking
Hyun Su-a reports: Duo Info, South Korea’s top matchmaking company, leaked the personal information of 430,000 members, authorities said. The leaked items went far beyond names and email addresses to include religi
RAMP Uncovered
Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of h
RAMP Uncovered
Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alon
Claude Mythos signals a new
The Claude Mythos Preview appears to be living up to the hype, at least from a cybersecurity standpoint. The model, which Anthropic rolled out to a small group of users, including Firefox developer Mozilla, earlier this
Malicious pgserve, automagik developer tools
Application developers are being warned that malicious versions of pgserve, an embedded PostgreSQL server for application development, and automagik, an AI coding tool, have been dropped into the npm JavaScript registry,
UK’s NCSC calls passkeys the
The UK’s National Cyber Security Centre (NCSC) is recommending passkeys as the default authentication method for businesses to offer consumers, citing industry progress that now makes them a more secure and user-friendly
Luxury cosmetics giant Rituals
Rituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals disclosed a data breach impacting My Rituals members after att
Luxury Cosmetics Giant Rituals Discloses
The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses. The post Luxury Cosmetics Giant Rituals Discloses Data Breach appeared first on SecurityWeek.
Microsoft Defender
Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr
Bluesky Back Online After DDoS
Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported.
BlueLeaks 2.0
Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about
Microsoft SharePoint vulnerability widely
The disclosure comes just weeks after a prior SharePoint flaw was discovered.
Microsoft SharePoint servers vulnerable to
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. [...]
Self-Propagating Supply Chain Worm Hijacks
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been
22 BRIDGE:BREAK Flaws Expose 20,000
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged
French govt agency
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]
Actively exploited Apache ActiveMQ flaw
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]
Ransomware negotiator caught secretly assisting
Angelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working
No Exploit Needed
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still ha
Minidoka Memorial Hospital updates Easter
Dysruption Hub reports: Minidoka Memorial Hospital in Rupert, Idaho, said a cyber incident on Easter morning, April 5, limited imaging services and led to some emergency patient transfers, though the hospital and its cli
Cyberattack at French identity document agency may have
A cyberattack targeting a French government website used to manage identity documents and driver’s licenses may have exposed users’ personal data, the Interior Ministry said.