The ‘Miasma’ worm source code
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
Every confirmed data breach we've indexed across 5489+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing
454,635 records exposed — Academic records, Citizenship statuses, Dates of birth, Disabilities and 11 more
ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users.
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]
Shane Fraser reports: A Saskatoon man who allegedly conspired to install malware, steal login credentials, and mine cryptocurrency from American educational institutions is facing extradition to the United States. The cy
ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct support cases.
Buranond Kijwatanachai reports: Private personal information of nearly 11 million people may have been leaked after a Kyushu power company lost a storage drive earlier this year. According to Asahi Shimbun, the storage d
Pattaya Mail reports: A civil society group has petitioned a parliamentary committee to investigate a massive data breach after a government agency leaked the national ID numbers and healthcare details of approximately 6
Australia's second-largest sugar producer said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial acces
Genevieve Serra reports: In a shocking breach of privacy, the confidential medical records of almost 3 000 local police officers have been leaked among staff, raising serious concerns about the security of sensitive data
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability — Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HT
Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable.
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability — Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability — Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerab
Mason Lewsey reports: Thousands of Essex patient records were compromised in a cyber attack linked to a major NHS data breach, MSE has confirmed. Mid and South Essex NHS Foundation Trust revealed that around 2,380 patien
Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing.
The social media giant has informed authorities about the impact of the recent attack involving an account recovery support tool. The post Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse appeared first on Se
Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk.
Waqas reports: Meta has disclosed a security incident involving an Instagram account recovery tool after attackers used a flaw to send password reset links to email addresses that were not connected to the targeted accou
Hackers accessed personal information stored on certain Lansing Community College systems in February 2025. The post 174,000 Impacted by Lansing Community College Data Breach appeared first on SecurityWeek.