Cybersecurity
69 articles RSS
ShinyHunters Claims Near-Petabyte Data Theft from Telus Digital After Breaching BPO Giant Through Stolen Cloud Credentials
Telus Digital confirmed a breach after ShinyHunters claimed to have stolen up to one petabyte of data using cloud credentials obtained in a prior third-party compromise.
GlassWorm Supply-Chain Attack Hijacks 72 VS Code Extensions and 151 GitHub Repositories to Steal Developer Credentials
A coordinated supply-chain campaign abused Open VSX extension dependencies and invisible Unicode payloads to compromise developer environments across VS Code and GitHub.
Nine CrackArmor Vulnerabilities in Linux AppArmor Expose 12.6 Million Servers to Root Takeover
Qualys discovers nine confused deputy flaws in AppArmor that have lurked since 2017, enabling unprivileged users to escalate to root, escape containers, and crash kernels across Ubuntu, Debian, and SUSE.
Google Patches Two Actively Exploited Chrome Zero-Days Affecting Skia and V8 Engines
Google releases emergency Chrome 146 update to fix two high-severity zero-days in the Skia graphics library and V8 JavaScript engine, both confirmed exploited in the wild.
Microsoft March 2026 Patch Tuesday Fixes 84 Vulnerabilities Including Two Public Zero-Days and a Critical AI-Discovered Flaw
Microsoft's March 2026 security update addresses 84 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET, with two publicly disclosed zero-days, eight critical-rated flaws, and a 9.8-severity remote code execution bug discovered by an autonomous AI agent.
Iran-Linked Hackers Weaponize Microsoft Intune to Wipe 200,000 Stryker Devices in Retaliatory Cyberattack
Pro-Iran hacktivist group Handala hijacked Stryker's Microsoft Intune tenant to remotely wipe over 200,000 systems across 79 countries, crippling the medical device giant and threatening global hospital supply chains.
ShinyHunters Claims Mass Data Theft From Hundreds of Salesforce Customers Using Weaponized Open-Source Tool
The ShinyHunters cybercrime group says it exploited misconfigured Salesforce Experience Cloud guest accounts to steal data from nearly 400 organizations using a modified version of Mandiant's AuraInspector tool.
OpenClaw Surpasses React as GitHub's Most-Starred Project, Then Triggers a Cascading Security Crisis
The open-source AI agent went from zero to 250,000 GitHub stars in four months, but critical vulnerabilities exposed over 135,000 instances across 82 countries.
Government-Grade iPhone Exploit Kit 'Coruna' Proliferated from Spy Tool to Cryptocurrency Heist in Under a Year
Google and iVerify reveal Coruna, a 23-exploit iOS framework that moved from a surveillance vendor to Russian spies to Chinese cybercriminals in months.
Google Patches Qualcomm Zero-Day Exploited in Targeted Android Attacks as March Update Fixes 129 Vulnerabilities
Google's March 2026 Android security update addresses 129 vulnerabilities including an actively exploited Qualcomm graphics flaw affecting 235 chipsets and a critical remote code execution bug in Android 16.
LexisNexis Confirms AWS Cloud Breach After Hackers Exploit Unpatched React Vulnerability and Leak 2 GB of Data Including Federal Judge Records
Threat actor FulcrumSec exploited the React2Shell vulnerability in LexisNexis AWS infrastructure, exfiltrating 3.9 million records and claiming access to 400,000 user profiles including U.S. government personnel.
Self-Propagating JavaScript Worm Vandalized Nearly 4,000 Wikipedia Pages in 23 Minutes Before Engineers Contained the Spread
A dormant malicious script planted on Russian Wikipedia in 2024 was inadvertently activated during a Wikimedia security review, modifying thousands of pages and 85 user scripts before engineers locked down editing across all projects.