International sporting events in recent years have become increasingly popular for corporate brands, celebrities and political figures to reach new audiences. That high visibility also provides high-profile opportunities for political hacktivists, state-sponsored adversaries and cybercriminal actors to wreak havoc. These global sports events are taking place at a time of heightened geopolitical tensions. READ MORE...
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail passes for multi-country train travel across Europe, passes that are also available to young Europeans through the EU's DiscoverEU program. READ MORE...
Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. The company manages more than 25,000 Bitcoin ATMs and BDCheckout locations worldwide and reported revenue of $615 million in 2025. As revealed in a filing with the U.S. Securities and Exchange Commission, the company discovered the attack on March 23 after detecting suspicious activity on some of its IT systems. READ MORE...
Emojis have become more to threat actors than just embellishments in digital messages. On social media platforms like Telegram and Discord and across underground forums and communities, many are using them increasingly to signal, obfuscate, and coordinate with others around the world. "Emoji usage reflects a broader shift in how threat actors communicate toward faster, more visual, and more adaptive forms of interaction," Flashpoint said in an analysis this week. READ MORE...
Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for Internet Security (CIS) report, Prompt Injections: The Inherent Threat to Generative AI, identifies prompt injection as a persistent concern tied to that adoption. Use of AI tools has increased in government IT teams. A 2025 NASCIO survey of 51 state and territorial CIOs found that 82% reported employees using GenAI in daily work. READ MORE...
Every tech company tells you your data is safe. They've (hopefully) got encryption, access controls, and zero-trust architectures-the whole glossy security brochure. And then someone on the inside writes a script to steal your private photos anyway. That's what a former Meta employee based in London is under criminal investigation for. He allegedly downloaded around 30,000 private images belonging to Facebook users. The Metropolitan Police's cybercrime unit is handling the case. READ MORE...
Apple Intelligence, the personal AI system integrated into newer Macs, iPhones, and other iThings, can be hijacked using prompt injection, forcing the model into producing an attacker-controlled result and putting millions of users at risk, researchers have shown. Apple Intelligence includes an on-device LLM integrated into supported iPhone 15 Pro and later eligible models, iPads and Macs with M1 or later, iPad models with A17 Pro, and Apple Vision Pro. READ MORE...
A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the bugs in the exploit and made it work on patched Windows 10, 11, and Windows Server systems, and the question now is whether Microsoft is planning or working on a fix. READ MORE...
Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and compromise data, CloudSEK warns. For over a decade, Google has said that API keys for public services such as Maps are not secrets, but recent research from Truffle Security showed that these keys can be used to authenticate to the Gemini AI assistant, potentially exposing personal data. READ MORE...
A researcher has come across what appears to be an actively exploited Adobe Reader zero-day vulnerability. Haifei Li is asking the cybersecurity community for assistance in investigating what he describes as a sophisticated PDF exploit. Li is a reputable researcher who over the past two decades has worked at Fortinet, Microsoft, McAfee, and Check Point. He is the founder and developer of Expmon, a sandbox-based system designed to detect file-based zero-days and other exploits. READ MORE...