Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishin
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codename
_Cagkan_Sayin_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Europe's GCVE Raises Concerns Over Fragmentation in Vulnerability Databases
GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.
Hand CVE Over to the Private Sector
How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data
The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data.
Surging Cyberattacks Boost Latin America to Riskiest Region
The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI.
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by
Mass Spam Attacks Leverage Zendesk Instances
The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.
Critical 'MongoBleed' Bug Under Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
_Krot_Studio_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
2 Separate Campaigns Probe Corporate LLMs for Secrets
A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding attack surface.
BreachForums Breached, Exposing 324K Cybercriminals
A massive data dump reveals real identities and details of administrators and members of the notorious hacker forum.