Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms. Cloudflare's Global Network is a distributed infrastructure of servers and data centers located in over 330 cities across more than 120 countries, delivering content delivery, security, and performance optimization services. READ MORE...
DoorDash is known for delivering takeout food, but last month the company accidentally served up a tasty plate of personal data, too. It disclosed a breach on October 25, 2025, where an employee fell for a social engineering attack that allowed attackers to gain account access. Breaches like these are sadly common, but it's how DoorDash handled this breach, along with another security issue, that have given some cause for concern. READ MORE...
The Pennsylvania Office of the Attorney General (OAG) has confirmed suffering a data breach after it was targeted in a ransomware attack earlier this year. The attack on the Pennsylvania OAG came to light in August, when the organization announced that a cyberattack had disrupted its website, email accounts, and phone lines. Service outages lasted for roughly three weeks. The OAG confirmed in late August that it had been targeted in a ransomware attack, but said no ransom had been paid. READ MORE...
Princeton University over the weekend disclosed a data breach impacting alumni, donors, faculty, students, parents, and other members of its community. On November 10, the university says, a threat actor accessed an Advancement database containing names, addresses, email addresses, and phone numbers, along with information on fundraising activities and donations to the institution. According to the university, the data breach likely impacted all alumni, even students who did not graduate. READ MORE...
Azure was hit by the "largest-ever" cloud-based distributed denial of service (DDoS) attack, originating from the Aisuru botnet and measuring 15.72 terabits per second (Tbps), according to Microsoft. On October 24, the Windows giant's cloud DDoS protection service auto-detected and mitigated the traffic tsunami - nearly 3.64 billion packets per second - so no customer workloads experienced any service interruptions, Microsoft's Sean Whalen said in a Monday blog. READ MORE...
The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity. Politie, the police force in the Netherlands, did not name the service but said that it has been used for illicit activities since 2022, and has emerged in more than 80 cybercrime investigations, both domestic and abroad. READ MORE...
An inherent insecurity in the increasingly popular artificial intelligence (AI)-powered developer environment Cursor allows attackers to take over its browser to deliver credential-stealing attacks. The flaw allows for JavaScript injection to circumvent Cursor's own controls, and demonstrates a threat to the overall agentic AI-assisted developer ecosystem. Researchers discovered the attack vector, which exploits Cursor's failure to perform integrity checks. READ MORE...