Western Alliance Bank suffered a data breach impacting 21,899 customers, exposing sensitive personal and financial information due to a third-party vendor's software vulnerability exploited by ...

A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...

WEMIX, a blockchain gaming platform, suffered a $6.1 million crypto theft. Hackers stole authentication keys, planning the attack for two months before executing 13 successful ...

Microsoft discovered StilachiRAT, a new RAT malware using sophisticated techniques to steal cryptocurrency and perform reconnaissance. Its advanced evasion capabilities make proactive defense crucial.

A supply chain attack on the popular tj-actions/changed-files GitHub Action exposed CI/CD secrets. Attackers compromised a PAT, impacting 23,000 repositories. GitHub has since removed the ...

Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.

A massive GitHub phishing campaign uses fake "Security Alert" issues and a malicious OAuth app to hijack accounts, granting attackers full control. Immediate action is ...

Lingnan University in Hong Kong suffered a data breach exposing thousands of records, including sensitive personal data. The university is taking steps to enhance security.

A Florida hospital, CDH, suffered a data breach impacting over 120,000 patients. Sensitive data, including Social Security numbers and health information, was compromised. The BianLian ...

The BlackBasta ransomware group uses an automated tool, BRUTED, to brute-force VPNs and firewalls, highlighting the need for robust multi-factor authentication.

JD.com, a major Chinese retailer, faces a massive data breach after the Babuk ransomware cartel claims to have stolen customer passwords and other sensitive information. ...

Fog ransomware group claims responsibility for a major data breach at UDMI, a radiology firm, impacting over 138,000 individuals. The incident underscores the critical need ...

The FBI warns of escalating Medusa ransomware attacks targeting Gmail, Outlook, and VPN users, urging immediate security enhancements to mitigate the threat.

A key LockBit ransomware developer, Rostislav Panev, has been extradited to the US to face charges for his role in the group's global attacks.

Three healthcare providers suffered data breaches from insider attacks, extortion, and third-party vulnerabilities, highlighting the need for robust cybersecurity measures.

A joint advisory from CISA, FBI, and MS-ISAC reveals Medusa ransomware impacted over 300 US critical infrastructure organizations by February 2025. The advisory details mitigation ...

Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates are crucial.

The Lazarus Group, a North Korean hacking collective, deployed six malicious npm packages, infecting hundreds of developers. The packages steal credentials and deploy backdoors.

Kansas' Sunflower Medical Group suffered a data breach impacting 220,968 individuals. The Rhysida ransomware group claimed responsibility for the incident in January.

A devastating Infostealer malware campaign has compromised 26 million devices, stealing bank card details and passwords. Kaspersky's report highlights the scale of the threat.