Category: CySecurity News – Latest Information Security and Hacking Incidents

  Panera Bread has allegedly fallen victim to a cyberattack carried out by the notorious hacking collective ShinyHunters, with millions of customer records said to have been stolen. The threat group recently listed Panera Bread, along with CarMax and Edmunds,…

Read more →

  Over six thousand SmarterMail systems sit reachable online, possibly at risk due to a serious login vulnerability, found by the nonprofit cybersecurity group Shadowserver. Attention grows as hackers increasingly aim for outdated corporate mail setups left unprotected.   On…

Read more →

  A legal conflict between online creators and companies dedicated to artificial intelligence has entered an increasingly personal and sharper stage. In recent weeks, well-known YouTubers have filed suits in federal court against Snap alleging that the company built its…

Read more →

Palo Alto Network pulls back According to two people familiar with the situation, Palo Alto Networks (PANW.O), which opens a new tab, decided against linking China to a global cyberespionage effort that the company revealed last week out of fear…

Read more →

  The HoneyMyte threat group, also known as Mustang Panda or Bronze President, has escalated its cyber espionage efforts by significantly upgrading its CoolClient backdoor malware. This China-linked advanced persistent threat (APT) actor, active since at least 2012, primarily targets…

Read more →

  Cybersecurity researchers have identified multiple coordinated cyber espionage campaigns targeting organizations connected to India’s defense sector and government ecosystem. These operations are designed to infiltrate both Windows and Linux systems using remote access trojans that allow attackers to steal…

Read more →

  The Model Context Protocol (MCP) continues to face mounting security concerns that show no signs of fading. When vulnerabilities were first highlighted last October, early research already pointed to serious risks. Findings from Pynt indicated that installing just 10…

Read more →

Purposely flawed training apps are largely used for security education, product demonstrations, and internal testing. Tools like bWAPP, OWASP Juice Shop, and DVWA are built to be unsafe by default, making them useful to learn how common attack tactics work…

Read more →

  A breach transformed the AgreeTo plug-in for Microsoft Outlook – once meant for organizing meetings – into a weapon that harvested over four thousand login details. Though built by a third-party developer and offered through the official Office Add-in…

Read more →

In the shadows of geopolitics, KONNI has been operating quietly for more than a decade, building on its playbook of carefully staged spear-phishing campaigns and political lures targeted at South Korean institutions. In the past, KONNI’s operations followed the fault…

Read more →

  Researchers at Varonis have discovered a new malware-as-a-service (MaaS) offering, dubbed “Stanley,” which allows malicious Chrome extensions to evade Google’s review process and be listed on the official Chrome Web Store. Dubbed after the alias of the seller, Stanley…

Read more →

  Security monitoring teams are tracking a new ransomware strain called Reynolds that merges system sabotage and file encryption into a single delivery package. Instead of relying on separate utilities to weaken defenses, the malware installs a flawed system driver…

Read more →

The IT workers related to the Democratic People’s Republic of Korea (DPRK) are now applying for remote jobs using LinkedIn accounts of other individuals. This attack tactic is unique.  According to the Security Alliance (SEAL) post on X, “These profiles…

Read more →

  Fixed income manager FIIG Securities has been ordered by the Federal Court to pay $2.5 million in penalties over serious cybersecurity shortcomings. The ruling follows findings that the firm failed to adequately safeguard client data over a four-year period,…

Read more →

  Air gaps, long hailed as the ultimate defense for sensitive data, are under siege according to Black Hat researcher Mordechai Guri. In a compelling presentation, Guri demonstrated multiple innovative methods to exfiltrate information from supposedly isolated computers, shattering the…

Read more →

  As Safer Internet Day 2026 approaches, expanding AI capabilities and a rise in network-based attacks are reshaping digital risk. Automated systems now drive both legitimate platforms and criminal activity, prompting leaders at Ping Identity, Cloudflare, KnowBe4, and WatchGuard to…

Read more →

  In the past, automotive sophistication was measured in mechanical terms. Conversations centered around engine calibration, refinement of drivetrains, suspension geometry, and steering feedback were centered around engine calibration.  The shorthand used to describe innovation was horsepower output, torque delivery,…

Read more →

  In January 2026, a construction company in the United Kingdom found an unwelcome presence inside one of its Windows servers. Cybersecurity analysts from eSentire’s Threat Response Unit (TRU) determined that the intruder was a long-running malware network known as…

Read more →

  An urgent cybersecurity alert has been issued to households across Ireland amid warnings of “large scale” cyberattacks that could compromise everyday home devices. Grant Thornton Ireland has cautioned that devices such as Android TV boxes and TV streaming hardware…

Read more →

SolarWinds compromised  The threat actors used internet-exposed SolarWinds Web Help Desk (WHD) instances to gain initial access and then proceed laterally across the organization’s network to other high-value assets, according to Microsoft’s disclosure of a multi-stage attack.  However, it is…

Read more →