Personal information of 185,000 people exposed after cyberattack on 7-Eleven
Data belonging to about 185,000 people was exposed following a cyberattack on convenience store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang, according to Have I Been Pwned. The exposed information includes email addresses, names, physical addresses, dates of birth, and phone numbers, while a small number of records also contained additional data fields. On April 8, 2026, the company discovered that an unauthorized third party had gained access to certain systems. READ MORE...
266,000 Affected by Data Breach at Radiology Associates of Richmond
Radiology Associates of Richmond (RAR) has disclosed a data breach impacting the protected health information of 266,000 individuals. According to the healthcare organization's incident notice, the data breach occurred on or about July 25, 2025, when hackers accessed its internal systems. RAR did not say when the intrusion was discovered, but said that it worked with external cybersecurity experts to contain the attack and investigate its scope. READ MORE...
Oncology Institute Discloses Data Breach
The Oncology Institute says a previously disclosed cybersecurity incident has been confirmed to impact patient information. The Oncology Institute (TOI) is an oncology provider founded in 2007 that delivers specialized cancer care through a network of over 100 clinics across five states. The healthcare organization told the SEC in November 2025 that it had learned of a cybersecurity incident affecting a third-party software services provider. READ MORE...
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA, Kali365 first emerged in April 2026 and is distributed via Telegram channels for cybercriminals seeking an easier way to compromise Microsoft 365 accounts without stealing passwords or intercepting MFA codes. READ MORE...
Scammers pretending to be Microsoft had help from US executives
A pop-up appears on your computer, warning of a virus. You call the "Microsoft technician" in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It's a scam, operated by people intent on siphoning money from your account. A court case last week gave us more insight into how these operations work. Two former executives of C.A. Cloud Attribution Ltd pleaded guilty to selling phone numbers and call infrastructure to scammers. READ MORE...
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. Security firms StepSecurity, Aikido Security, and Socket warned about the compromise on Friday, warning that attackers had rewritten GitHub tags across four repositories maintained by the Laravel Lang organization. READ MORE...
700+ education and tech websites hijacked in huge ClickFix malware campaign
Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. These social engineering campaigns-where website visitors are tricked into running malicious commands on their systems-are commonly known as "ClickFix" attacks. READ MORE...
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU. READ MORE...
Google API Keys Remain Active After Deletion
Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window - the time between a key's deletion and its last successful authentication - for the cloud giant's API keys. In a blog post published today, Leon said customers expect API access to end immediately after the key is deleted, but this is not the case. READ MORE...
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin. The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched. Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing. READ MORE...
- ...in 1864, President Lincoln signs an act establishing the Montana Territory.
- ...in 1868, the U.S. Senate narrowly fails to convict President Andrew Johnson of the impeachment charges levied against him by the House.
- ...in 1953, "It Came from Outer Space", the first science fiction film to be screened in 3-D, debuts in Los Angeles.
- ...in 1959, Harvey Haddix of the Pittsburgh Pirates pitches 12 perfect innings against the Milwaukee Braves, only to lose the game.
