Luxury cosmetics giant Rituals has disclosed a data breach impacting the personal information of its My Rituals members. The incident, the company says, occurred earlier this month and involved the unauthorized access to and download of some My Rituals members' data. "Immediately upon discovery, we took measures and stopped the unauthorized access. The situation has been contained, and affected members are being informed directly," the company told SecurityWeek. READ MORE...
Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook drafts, and the file.io sharing service. ESET researchers have named the group GopherWhisper and tied it to an intrusion at a Mongolian governmental entity. READ MORE...
Organizations secure work phones and company laptops, but attackers could be lurking, targeting the electric current running those devices. Direct current (DC) power regulation helps to stabilize the energy powering electronics people use daily, from solar panels and connected cars to smartphones and essential computer parts. It's also vital across critical infrastructures like telecommunications, industrial automation, and data centers. READ MORE...
Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development framework to run Linux or macOS apps. The software maker said Tuesday evening that the vulnerability, tracked as CVE-2026-40372, affects versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet, a package that's part of the framework. READ MORE...
Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 (check availability for your device at those links). The update deals with a singular security vulnerability, tracked as CVE-2026-28950. READ MORE...
A ransomware gang known as "The Gentlemen" has made a name for itself, claiming hundreds of victims in a matter of months. The Gentlemen is a ransomware-as-a-service (RaaS) outfit that first popped up in mid-2025. While it operates fairly typical double extortion attacks (using both encryption and data leaking as extortion levers), The Gentlemen is known for sophisticated tactics, techniques, and procedures (TTPs), such as antivirus killers and complex infection chains. READ MORE...
Researchers at Palo Alto Networks have developed a proof-of-concept designed to test whether an AI system can autonomously hack a cloud environment. In November 2025, Anthropic said it had analyzed a Chinese espionage campaign that abused Claude Code, with AI being used to perform up to 90% of the campaign, and human intervention required only sporadically. Palo Alto Networks Unit 42 researchers wanted to empirically test just how capable AI systems really are against live cloud environments. READ MORE...
A medium-severity vulnerability in Microsoft SharePoint is vulnerable across about 1,370 IPs worldwide, according to researchers at ShadowServer. Tracked as CVE-2026-32201, the vulnerability is linked to improper input validation in the widely used software. If successfully exploited, an attack would be able to conduct spoofing activity across a network. The vulnerability has a severity score of only 6.5, but researchers warn the threat is more serious than the score suggests. READ MORE...
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. CVE-2025-29635 allows an attacker to execute arbitrary commands on remote devices by sending a POST request to a vulnerable endpoint, triggering remote command execution (RCE). Akamai's SIRT reports that this is the first time in-the-wild active exploitation has been observed. READ MORE...