In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have…
Tag: EN
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software
We found EtherRAT malware being distributed by a website with a strange homepage. Following the trail, we discovered a vast network of malicious infrastructures, distributing malware, malicious documents, remote desktop software, and phishing pages. This article has been indexed from Malwarebytes Read the original article: Inside a malicious…
Cyber insurance forces companies to rethink risk management
<p>Cyber insurance is a unique risk transfer product for enterprises. When a company purchases property insurance, the fire that might damage its offices isn’t trying to figure out better ways to burn down the building.</p> <p>Cybersecurity professionals know that digital…
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has…
Australian Sugar Producer Mackay Sugar Reports Cyber Incident
Mackay Sugar, Australia’s second-largest sugar producer, disclosed a cyberattack on June 10, potentially affecting key processing operations. Mackay Sugar is one of Australia’s largest sugar producers and the country’s second-largest sugar manufacturer. The company is based in the Mackay region…
Conversational Risk Accumulation: Stateful Guardrails Beyond Single-Turn LLM Checks
Why Long Chats Need Session-Level Guardrails (CRA) Who this is for: Anyone building chat features, support bots, internal Q&A, coaching tools, RAG assistants. The Usual Setup (and What It Misses) A typical flow: This article has been indexed from DZone…
Hackers Demand $2M From Nintendo Over Alleged Data Breach
A threat actor claims to have stolen Nintendo data and is demanding $2 million. The post Hackers Demand $2M From Nintendo Over Alleged Data Breach appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Chinese hackers breached North American research institutions via REDCap servers
A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. UNC6508 exploits vulnerable REDCap servers GTIG attributed…
Healthcare Cyber Breach Raises Concerns After 33,000 Patients Affected
Initially perceived as a supply-chain disruption within the UK healthcare ecosystem, the ransomware attack has now revealed an even more severe and long-lasting impact on patient privacy. A cybercriminal attack on pathology services provider Synnovis two years ago has…
Council of Europe hacked in ShinyHunters’ PeopleSoft heist
Joins the ranks of Nottingham Uni and 100 other unnamed victims This article has been indexed from www.theregister.com – Articles Read the original article: Council of Europe hacked in ShinyHunters’ PeopleSoft heist
Zenith Live Conference 2026: AI-Powered Threats Demand AI-Powered Defense
At Zscaler Zenith Live 2026, Deepen Desai shared why AI-powered threats require zero trust and machine-speed defenses. The post Zenith Live Conference 2026: AI-Powered Threats Demand AI-Powered Defense appeared first on eSecurity Planet. This article has been indexed from eSecurity…
Microsoft Defender email security benchmarking: Key insights from one year of data
See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email security benchmarking: Key insights from one year of data appeared first on Microsoft Security Blog. This article…
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to…
The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives?
The National Cyber Security Centre (NCSC) is warning organisations to prepare for an unprecedented wave of vulnerability disclosures, driven by AI-accelerated exploitation of technical debt. This commentary sets out how Check Point Exposure Management helps government, public sector, and CNI…
Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click
A critical vulnerability chain in Microsoft 365 Copilot Enterprise that let attackers steal sensitive corporate data, MFA codes, email contents, calendar details, and confidential files with nothing more than a single click on a link pointing to a legitimate Microsoft…
Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users
Anthropic has updated its privacy policy for Claude, adding explicit terminology that allows the company to perform age and identity verification on consumer users. The change signals a tighter security and compliance stance across Claude Free, Pro, and Max plans.…
SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data
Threat intelligence sources have reported that the threat actor group SHADOWBYT3$ has allegedly breached Nintendo, claiming to have exfiltrated approximately 859 MB of sensitive internal data. The incident, first observed on June 13, 2026, remains unverified at the time of…
DPAPISnoop Tool Extracts CREDHIST Hashes for Offline Windows Credential Recovery
The open-source DPAPISnoop tool has been enhanced to extract CREDHIST entries, enabling offline cracking of historical Windows credentials and deeper insight into password patterns. Lefteris Panos, Security Consultant at LRQA Red Team, said the update adds CREDHIST extraction capabilities to…
Microsoft Site Showing Warning Following Certificate Expiry
Microsoft seems to have failed certificate management after a domain used by sysadmins globally to test connectivity to Microsoft 365 started generating untrusted connection warnings in browsers on Monday. The connectivity.office.com domain a widely relied-upon tool for IT professionals to…
Feds snooze as US datacenter law set to lapse with no replacement in site
Federal Data Center Enhancement Act (FDCEA) of 2023 covers standards including security and sustainability This article has been indexed from www.theregister.com – Articles Read the original article: Feds snooze as US datacenter law set to lapse with no replacement in…