From Android TVs to routers:
A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devi
Every confirmed data breach we've indexed across 5493+ incidents from healthcare, finance, technology, government, retail, and education. Sourced from Verizon DBIR, public disclosure feeds, and major security news outlets. Updated automatically.
A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devi
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying o
This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation, which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: t
A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers
10,144 records exposed — Email addresses, Names, Passwords, Purchases
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability — Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an un
Taiwan high‑speed rail was disrupted after a 23‑year‑old student spoofed signals and triggered an emergency alarm, stopping four trains for nearly an hour. Taiwan high‑speed rail system, one of the most important pieces
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft. The post Iranian APT Intrusion Masquerades as Chaos Ransomware Attack appeared first on Securi
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. [...]
Sergiu Gatlan reports: The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Hav
As enterprises rush to deploy internal LLMs, AI copilots, and autonomous agents, most security conversations focus on familiar threats: prompt injection, jailbreaks, model abuse, and data exfiltration. But some security
Sarah Motter reports: Missouri regulators say a major national vendor is stonewalling their investigation into a cybersecurity breach that could affect millions of consumers. The Missouri Department of Commerce and Insur
A Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the bro
The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new national initiative aimed at helping critical infrastructure operators withstand and recover from major cyberattacks by preparing to opera
Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies and modern security tooling. On paper, these environments
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group. [...]
Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies. The post Karakurt Ransomware Negotiator Sentenced to Prison appeared first on SecurityWeek.
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM i
ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. [...]
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). [...]
119,167 records exposed — Email addresses, Names