The ShinyHunters ransomware group has claimed the theft of data containing 10 million records belonging to the Match Group and 14 million records from bakery-café chain Panera Bread. The Match Group, that runs multiple popular online dating services like Tinder, Match.com, Meetic, OkCupid, and Hinge has confirmed a cyber incident and is investigating the data breach. Panera Bread also confirmed that an incident occurred and has alerted authorities. READ MORE...
China-linked advanced persistent threat (APT) groups are wreaking havoc in Asia with new cyber weaponry, targeting Chinese gambling sites and government entities in the region. The Asia-Pacific (APAC) region is among the world's busiest in terms of cyberattacks, accounting for just over half of all APT activity in the world. It helps that a plurality of people in the world live there, and that countries like Japan, China, and South Korea have fat economies and geopolitical influence. READ MORE...
Ivanti on Thursday announced emergency patches for two critical-severity vulnerabilities in Endpoint Manager Mobile (EPMM) that have been exploited in the wild as zero-days. Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8), the bugs are described as code injection issues that could be exploited by unauthenticated attackers to achieve remote code execution (RCE). The flaws impact the in-house application distribution and the Android file transfer configuration features of EPMM. READ MORE...
Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero-day, tracked as CVE-2026-21509, and classified it as a "Microsoft Office Security Feature Bypass Vulnerability" with a CVSS score of 7.8 out of 10. READ MORE...
The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack that peaked at 31.4 Tbps and 200 million requests per second, setting a new record. The attack was part of a campaign targeting multiple companies, most of them in the telecommunications sector, and was detected and mitigated by Cloudflare last year on December 19. Aisuru is responsible for the previous DDoS record that reached 29.7 Tbps. READ MORE...
Growing up I always wanted to play the newest and most exciting games, and for me it was FIFA, Zelda and Red Alert. For my kids today it's Roblox, Minecraft, and Call of Duty. I remember, it wasn't easy to convince your parents to constantly pay for these new games, so you compromise or you look up in Google "Free FIFA 2003 download." While today I know it's illegal, for most kids, it starts innocently. READ MORE...
The cybercriminals in control of Kimwolf - a disruptive botnet that has infected more than 2 million devices - recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that. READ MORE...
A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of trade secrets tied to AI technology. Ding faces a maximum sentence of 10 years in prison for each count of theft of trade secrets and up to 15 years for each count of economic espionage. According to court records, Ding accessed and removed more than 2,000 pages of confidential information from Google systems. READ MORE...
Researchers have coined a new way to trick artificial intelligence (AI) chatbots into generating malicious outputs. AI security startup NeuralTrust calls it "semantic chaining," and it requires just a few, simple steps that any non-technical user can carry out. In fact, it's one of the simplest AI jailbreaks to date. Researchers have already proven its effectiveness against state-of-the-art models from Google and xAI, and there may not be any easy way for those developers to address it, either. READ MORE...