Unisys has announced that it has been selected by the European Commission to deliver cybersecurity services to public-sector organizations across ...

TwoNet breached a decoy water-treatment HMI in September, altering PLC setpoints and disabling alarms within about 26 hours after exploiting a known XSS vulnerability.

Two AI companion apps exposed 43 million messages and 600,000 media files after an unprotected Kafka Broker leaked data for over 400,000 users; instance now ...

Salesforce refused extortion demands after attackers stole large CRM datasets via OAuth social engineering and stolen SalesLoft tokens; companies are revoking tokens and investigating scope.

Avnet confirmed a cyberattack on an EMEA cloud storage system. The company said stolen data was largely unreadable without its proprietary tools and global operations ...

A November 2024 breach at Doctors Imaging Group exposed PHI and PII for 171,000 patients; forensics concluded in August 2025 and patient notifications followed.

DraftKings confirmed credential stuffing attacks targeting customer accounts, exposing limited personal data. The company ordered password resets, mandated multifactor authentication, and confirmed no internal breach ...

BK Technologies confirmed a late-September cyberattack compromising internal systems and employee data, but swift containment and forensic analysis prevented further escalation or operational disruption.

Red Hat faces escalated extortion as ShinyHunters lists sampled Customer Engagement Reports from the breach; samples name major clients and set an October 10 ransom ...

Critical RediShell zero-day (CVE-2025-49844) enables Lua-based remote code execution on Redis; administrators must patch, disable Lua where possible and secure exposed instances immediately.

Oracle E-Business Suite zero-day CVE-2025-61882 is under active exploitation; emergency patches are available and organizations must patch and investigate potential compromise immediately.

NIST analysis finds DeepSeek models lag U.S. counterparts, cost more, are easier to hijack, and exhibit CCP-aligned censorship, prompting security and policy warnings for adopters.

A Unity runtime flaw (CVE-2025-59489) allows malicious apps or inputs to load attacker libraries, enabling code execution on Android and privilege escalation on Windows; developers ...

A hacking consortium claims Salesloft OAuth tokens were abused to extract CRM records from 700+ companies; Salesforce says claims relate to past or unverified incidents ...

Discord confirmed attackers accessed a third-party support system, stealing support tickets, IDs, IPs, messages and partial billing data; investigation and user notifications are ongoing.

Broadcom warns of zero-day flaws in VMware software exploited by China-linked hackers, allowing privilege escalation for months, raising concerns over virtualization security and global enterprise ...

J Group ransomware gang claims to have stolen 11GB of sensitive internal documents from Boeing supplier Dimensional Control Systems, raising cybersecurity concerns across global manufacturing ...

Lynx claims a ransomware intrusion at TriMed, posting alleged executive, legal, employee and proprietary files; Henry Schein is investigating with law enforcement and forensic partners.

DrayTek patched CVE-2025-10547, an uninitialized-variable flaw in Vigor routers that can lead to memory corruption and potential remote code execution; administrators must update firmware and ...