Users of the Myspace93 parody web art site be warned: the dataset spilled after a reported breach in 2021 included the plaintext usernames and passwords of more than 46,000 registered users. The site's co-creator has blamed "trusted members" of a Windows93 Discord channel for the leakage. The figure of 46,000+ users is a recent estimate from HaveIBeenPwned (HIBP) - the web's go-to breach aggregator - which ingested the related data this week, more than five years after the January 2021 attack. READ MORE...
The retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring. At least 50 people have been impacted. 7-Eleven was hit with a cybersecurity attack earlier this spring that exposed some franchisee information, a company spokesperson confirmed to C-Store Dive on Tuesday. The retailer learned on April 8 that an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents. READ MORE...
The company, which operates a widely used observability platform, is refusing to pay an extortion demand. Grafana Labs said a hacker gained access to its GitHub environment and downloaded its codebase, according to a Saturday post on X and LinkedIn. The firm operates an open-source observability platform with more than 25 million users and 7,000 customers globally. The platform is used by major companies, including Nvidia, Microsoft, Anthropic and others, the company said. READ MORE...
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. Authorities have seized dozens of First VPN servers located in 27 countries, arrested the administrator, and conducted a house search in Ukraine. The VPN service was advertised on various cybercrime forums as a privacy-focused VPN that does not log user data and ignores law enforcement requests for user information. READ MORE...
The number of Chrome vulnerabilities discovered by Google has surged over the past month, likely driven by the company's use of AI. Chrome security advisories published by Google in late March and early April mentioned a handful of vulnerabilities "reported by Google", but the number increased to 16 for the Chrome update released on April 15 and 21 for the update issued on April 28. The number of vulnerabilities found by Google surged to 100 in the advisory published on May 5. READ MORE...
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. The first one, tracked as CVE-2026-41091, is a privilege escalation security flaw affecting Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, which provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. This flaw stems from an improper link resolution before file access (link following) weakness. READ MORE...
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity. esearchers are sounding the alarm on a class of exploit inherent in Internet infrastructure itself for which there is no simple fix and nearly half of all websites globally are at risk. Conceptually, the issue is a successor to "domain fronting," a trivial Internet routing sleight of hand popular in the mid-2010s. READ MORE...