Tag: emerging threats
3158 articles
Conduent Data Breach: Stunning, Severe Impact on 10.5M
A single contractor’s lapse exposed the financial and personal records of 10.5 million people — the Conduent data breach shows how concentrated services can turn vendors into high-stakes targets. Read on to learn what went wrong, who’s at risk, and what comes next.
China-Linked Hackers Exploit Windows Flaw: Exclusive Threat
What looks like a harmless Windows shortcut can be a Trojan at the gate—China-linked UNC6384 used malicious .lnk files in ZIPs to invoke PowerShell and DLL sideloading, quietly breaching diplomatic and government targets across Europe in Sept–Oct 2025.
China-Linked Tick Group Exclusive: Critical Lanscope 0-day
Think of it as the patch arriving after someone already walked through the door — a critical CVE‑2025‑61932 (CVSS 9.3) zero‑day in Motex Lanscope has been weaponized in the wild by the China‑linked Tick group. The flaw allows unauthenticated SYSTEM‑level command execution on on‑prem Lanscope servers, so if you run Lanscope, find exposed instances, isolate them from untrusted networks, and apply mitigations or updates immediately.
Chinese-Linked Hackers Stunning Windows Spy Damages Envoys
Chinese-linked UNC6384 is exploiting a Windows vulnerability to plant stealthy spyware in diplomatic and commercial networks—an unsettling upgrade in tradecraft that challenges whether governments, companies, and users can patch porous defenses before quiet probes turn into loud alarms.
Clearview AI Faces Stunning, Damaging Complaint in Austria
Austria’s criminal complaint against Clearview AI escalates a cross-border privacy showdown, turning years of regulatory scrutiny into potential criminal liability. If regulators can pursue firms across borders, what protection remains for people whose faces sit in scraped databases?
NHS Exclusive: Critical PCs Blocked from Windows 11 Rollout
A handful of suppliers refusing to sign off on Windows 11 compatibility are forcing NHS trusts to pause upgrades—pitting vital clinical continuity against security and compliance and leaving staff to decide which devices come first.
CISA Exclusive: Critical VMware Zero-Day in Active Attacks
When a tool meant to simplify management becomes an intruder’s doorway, you need to act fast. CISA has added CVE-2025-41244 to its Known Exploited Vulnerabilities list after active attacks on VMware Tools and Aria Operations — patch or mitigate immediately.
Elementor King Addons Exclusive Flaw Hits 10k Sites
A widespread flaw in Elementor King Addons has now affected over 10,000 sites. Find out what went wrong and the quick steps you can take right now to protect your site.
Threat Actors Utilize AdaptixC2: Exclusive Critical Attacks
It’s alarming: attackers are hijacking AdaptixC2—an emulation framework built for defenders—to run stealthy, hard-to-disrupt ransomware campaigns, forcing security teams to rethink the tools they once trusted.
Invisible npm malware: Exclusive, Dangerous Token Theft
PhantomRaven quietly slipped into the npm registry, turning routine installs into token theft by harvesting credentials during install and letting attackers publish malicious updates without touching your code. One stolen token can cascade through thousands of projects—here’s why supply‑chain hygiene and MFA matter now.
Shadow AI: Stunning Risk as 1 in 4 Use Unapproved Tools
What if a quarter of your team were quietly sharing company secrets with unapproved AI? Shadow AI—employees turning to consumer models to speed tasks—is convenient but can expose PII, IP and trigger costly compliance headaches.
Proton Exclusive: Alarming 300M Records Compromised
More than 300 million records have surfaced on the dark web — a startling tally that often mixes new leaks, resurfaced data and partial overlaps. Here’s what that number really means for your emails, passwords and IDs, and the simple steps you can take right now to protect yourself.
Postcode Lottery Exclusive: Damaging Data Slip
People’s Postcode Lottery says a “technical error” briefly exposed some customer data and has since fixed the fault. But with no clear details on what leaked, how many were affected, or what protections are being offered, customers are understandably left wondering who will cover the fallout.
Defense Contractor Guilty in Stunning Costly Zero-Day Sale
What happens when the person entrusted to build the locks quietly sells the keys? An indictment alleges a former Trenchant manager sold zero‑day exploits and offensive cyber tools to a Russian broker for about $1.3 million, potentially turning U.S. capabilities into weapons against American systems and allies.
Chromium Critical Flaw: Exclusive Unpatched Alert
An unpatched Chromium flaw in the Blink rendering engine can crash browsers — and even freeze whole machines — in seconds, creating a real operational and security risk. If you manage desktops, kiosks or enterprise systems, this is one bug you need to take seriously now.
Chrome Mandates HTTPS in 2026: Exclusive Best Practices
Big news: in October 2026 Chrome 154 will default to HTTPS-only connections and refuse to load plain HTTP, risking instant traffic loss for sites that dont upgrade. Our exclusive best practices show how to implement TLS quickly, prevent downtime, and keep your users safe.
EY Exposes 4TB SQL DB: Exclusive Critical Breach
When the vault is unlocked: a researcher reportedly found a 4TB SQL DB backup tied to EY sitting exposed on the open web, potentially leaking vast amounts of sensitive data. Its a blunt wake‑up call — backups must be encrypted, access‑restricted, and treated as compromised the moment theyre reachable.
Automated Botnet Attacks Exclusive: Critical PHP, IoT Surge
Think of the internet as a house with unlocked doors—automated botnets are testing every handle, exploiting PHP flaws, IoT devices, and cloud misconfigurations to swell their ranks. If you run servers or smart devices, patch, change defaults, and lock things down now.
Npm Malware: Shocking Invisible Dependencies Are Dangerous
Think your npm packages are safe? Recent attacks that slipped malicious code into 126 npm packages — roughly 86,000 downloads — show how invisible dependency changes can cascade into thousands of projects, so token hygiene, 2FA and publish provenance matter more than ever.
PHP Servers: Exclusive Critical IoT Attack Alert
Who else has the keys to your server? A sharp rise in attacks using simple PHP web shells is turning unpatched apps, unsecured IoT devices, and misconfigured cloud gateways into cheap, scalable footholds for persistent intruders.
Dentsu Exclusive: Critical Staff Warning After Merkle Raid
A terse Dentsu alert revealed payroll and bank details may have been exposed in a cyberattack on Merkle, turning a corporate incident into a personal scramble to protect paychecks, identities and livelihoods.
New Atroposia RAT Exclusive: Dangerous Dark Web Threat
Meet Atroposia RAT: a modular, encrypted remote-access trojan on the dark web that grants attackers a stealthy, persistent foothold to harvest credentials and siphon crypto wallets. Defenders need to move beyond static hashes and rely on behavioral analytics, EDR, and tuned network telemetry to spot its evasive moves.
Open Source b3 Benchmark Must-Have for Best Agent Security
When the assistants we build become attack surfaces, the open-source b3 benchmark is the stress test you want in your toolkit. It simulates realistic adversarial scenarios so developers and security teams can spot and fix toolchain, privilege, and supply‑chain weaknesses before attackers do.
BSI Warns Exclusive: Dire AI Governance Crisis Looms
The BSI warns business leaders are sleepwalking into an AI governance crisis that could hobble economies and hand malicious actors the upper hand. Treat AI risk with urgency—close the policy, oversight and training gaps now so benefits aren’t concentrated while harms spiral out of control.