University of Phoenix data breach The University of Phoenix has admitted that millions of individuals are affected by a data breach stemming from a recent attack on the company's Oracle E-Business Suite (EBS) instance. The Oracle EBS campaign, claimed by the Cl0p ransomware group but believed to have been carried out by a cluster of the FIN11 threat group, targeted more than 100 organizations, including major companies and universities. READ MORE...
Japanese car maker Nissan has disclosed the impact of a data breach involving a GitLab instance used by the Red Hat Consulting team. The incident leading to the Nissan data breach occurred in late September and involved unauthorized access to a GitLab instance containing example code snippets, internal communications, and project specifications. A hacking group named Crimson Collective attempted to extort Red Hat, claiming the theft of 570 Gb of data from 28,000 private repositories. READ MORE...
Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. Founded in 1858, Baker University is a private university in Baldwin City, Kansas, with nearly 2,000 enrolled students (1,457 undergraduates) and over 300 employees. The school detected suspicious activity on its network after a December 2024 outage. READ MORE...
A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts. According to Koi Security, the lotusbail npm package has been available for download for six months, and it's especially dangerous because the code works. "This one actually functions as a WhatsApp API," Koi Security researcher Tuval Admoni said in a Sunday blog. READ MORE...
Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. Both extensions are still present in Chrome's official marketplace at the time of writing and have been active since at least 2017, according to a report from researchers at the Socket supply-chain security platform. Phantom Shuttle's target audience is users in China, including foreign trade workers. READ MORE...
The Cybersecurity and Infrastructure Security Agency released new analysis of threat activity linked to Brickstorm malware, which has been used by a China-nexus threat group in a months-long campaign against multiple U.S. organizations. CISA's analysis included indicators of compromise and detection signatures for newly obtained Brickstorm samples, some of them based on the Rust programming language. READ MORE...
Agentic AI browsers like OpenAI's Atlas have debuted to major fanfare, and the enthusiasm is warranted. These tools automate web browsing to close the gap between what you want to accomplish and getting it done. Rather than manually opening multiple tabs, you can simply tell the browser what you need. Ask it to file a competitor brief, filling out a form, or schedule a meeting, and it will handle the task while you watch. READ MORE...
A zero-day vulnerability in WatchGuard Firebox firewalls is under active exploitation, marking the latest attacks against edge devices this month. WatchGuard disclosed the vulnerability, tracked as CVE-2025-14733, on Thursday, and the Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog the following day. CVE-2025-14733 is a critical out-of-bounds write vulnerability in WatchGuard's Fireware OS. READ MORE...