Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Attackers hijacked Awesome Motive’s CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
MalExt Sentry found 23 Chrome extensions routing 758,000 users’ search queries through attacker relay servers to generate unauthorized advertising revenue.
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia’s Health Ministry and Denmark’s National Museum, using double extortion.
Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers
Google’s Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.