World Food Programme breach exposes data of 600k vulnerable Gazan families
Humanitarian organization World Food Programme (WFP) says one of its systems was breached, and around 600,000 Gazan households receiving aid had their details improperly accessed. Its announcement, made via Telegram on May 31, confirmed there was "a security incident" in the self-registration application used by Gazans to register for aid and applicants' names, ID numbers, phone numbers, and location information were among the data types accessed. READ MORE...
Hackers Leak DentaQuest Information Impacting 2.6 Million
The ShinyHunters extortion group has published over 230 gigabytes of data allegedly stolen from dental benefits administrator DentaQuest. The threat actor listed DentaQuest on its Tor-based leak site last month, claiming negotiations with the company failed, and leaking a 234 GB archive containing allegedly stolen data. According to data breach notification website HaveIBeenPwned, which added the information to its database, the leak impacts roughly 2.6 million accounts. READ MORE...
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
Adult nightclub giant RCI Hospitality Holdings has informed authorities that a data breach disclosed in April affects roughly 40,000 individuals. RCI Hospitality is one of the largest adult nightclub operators in the United States, and its portfolio also includes sports bars and dance clubs. The company told the SEC in mid-April that its RCI Internet Services subsidiary discovered a vulnerability on March 23 in an IIS web server, allowing unauthorized access to personal information. READ MORE...
Dashlane explains how attackers managed to download encrypted password vaults
Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to recover as many encrypted password vaults as possible. The password manager provider said fewer than 20 personal user vaults were downloaded before it shut down the operation. In a campaign that started Sunday, the unknown threat actor abused the mechanism that allows Dashlane users to add new devices, such as computers or phones, to their accounts. READ MORE...
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag Manager and Stripe domains - googletagmanager.com and api.stripe.com - that are trusted implicitly by online stores. The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code executes on every page that loads it. READ MORE...
June 2026 Patch Tuesday forecast: Where are the CVEs?
My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft's updates were standard fare, 65 CVEs reported in Windows 11 and 58 in Windows 10. The Microsoft Office releases were a bit higher with 19 CVEs or so reported for the online versions. Apple did indeed release their OS security updates the day before Patch Tuesday. READ MORE...
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files. According to researchers at supply-chain and devops company JFrog, IronWorm communicates with the operator over the Tor network. READ MORE...
My SSN was exposed in a breach at Columbia-a school I have no connection with
A weird text from my dad in February sent me on a months-long quest to solve a mystery that has been troubling an odd group of victims from a Columbia University data breach last year. That group? People with absolutely no connection to the school. The text included a photo of a letter from Columbia, informing me that I was a victim of a data breach last June, one that exposed a wide range of sensitive information, including 1.8 million Social Security numbers. READ MORE...
AI: Threat, tool, or both?
Public attitudes toward Artificial Intelligence (AI) are changing, and we wanted to understand why. A recent Pew Research survey found that about half of adults say the increased use of AI in daily life makes them more concerned than excited, and that concern has grown over the last few years. People tend to worry most about long-term social effects, even while many do use AI tools and see some practical benefits, particularly for data analysis and routine tasks. READ MORE...
Thieves can pull off keyless car theft in under a minute and here's how to stop them
A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Germany's largest auto club, ADAC, runs ongoing tests of keyless models against relay attacks. The rolling series has now covered more than 800 vehicles, with around 15% adequately protected against the method. The remaining 85% can be opened and driven away with cheap signal-extension equipment. READ MORE...
OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds
The next threat your server faces may have been helped along by a bot. OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched from a single machine to render vulnerable web servers inaccessible in seconds, according to Calif security researchers. The attack works on default HTTP/2 configurations of major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. READ MORE...
- ...in 1933, President Franklin D. Roosevelt takes the United States off of the gold standard.
- ...in 1968, Senator and presidential candidate Robert Kennedy is assassinated at the Ambassador Hotel in Los Angeles, after winning the California Democratic primary.
- ...in 2010, multi-championship winning basketball coach John Wooden passes away at the age of 99.
- ...in 2014, Chester Nez, WWII veteran and last of the original Navajo "code talkers", dies at 93 years old.
