Tag: emerging threats
3103 articles
Pharmacist Indicted for Spying on Co-Workers with Cyber Tools
A pharmacist in Maryland has been indicted for allegedly spying on nearly 200 coworkers and individuals over eight years using cyber tools, breaching trust and violating digital boundaries. Matthew Bathula faces federal charges for unauthorized computer access and aggravated identity theft.
Ransomware Gang Exposes Alleged Liberty Mutual Data Trove
A massive 108-gigabyte data trove allegedly stolen from Liberty Mutual has been exposed by ransomware gang Everest Group, containing sensitive policyholder information including names, addresses, and financial details. The group claims to have published the data after the insurance company failed to respond to its demands.
Five Eyes Warns of Autonomous AI Security Risks
As autonomous AI systems increasingly take control, experts warn that a new wave of security risks is emerging - and being prepared is crucial. Having operational visibility into these systems is key to understanding and mitigating potential threats.
Hackers Exploit Weaver E-cology Bug in Targeted Attacks
Hackers are taking advantage of a critical bug in Weaver E-cology, using an exposed debug API endpoint to execute system commands on vulnerable servers without needing login credentials. This security flaw, tracked as CVE-2026-22679, affects Weaver E-cology 10.0 builds prior to March 12.
AI-Driven Attacks Infiltrate Cloud Environments
Stay ahead of the threats: as AI-driven attacks infiltrate cloud environments, it's crucial to adopt a proactive, holistic approach to risk reduction and protect your critical assets and data. Google Cloud and XM Cyber warn that understanding how attackers move laterally throughout your network is key to safeguarding against emerging AI-driven threats.
UK Kids Easily Circumvent Online Age Checks
The current online age checks are failing to protect UK kids, with 46% of children admitting they are easy to bypass, leaving them vulnerable to harmful content. Stronger action is needed from government and industry to safeguard young minds online.
Phishing Attacks Exploit Amazon SES to Evade Detection
Kaspersky researchers have uncovered a surge in phishing attacks that cleverly exploit Amazon's trusted email service to evade detection. By using valid Amazon SES credentials, attackers can send convincing phishing messages that slip past standard security checks.
New York Fines Delta Dental $2.25M for MOVEit Hack Violations
Delta Dental of New York has been fined $2.25 million by the New York Department of Financial Services for its handling of a massive data breach involving hackers stealing around 60,000 files from its MOVEit servers in 2023. The hefty penalty highlights the importance of robust cybersecurity measures to protect sensitive information.
Ransomware Breach Exposes Sensitive Data at Sandhills Medical Foundation
Sandhills Medical Foundation suffered a devastating ransomware attack on May 8, 2025, putting sensitive data at risk. It took nearly 11 months for affected individuals to be notified in April 2026, sparking an investigation into the breach.
Trellix Source Code Repository Breached
Trellix revealed a breach of its source-code repository over the weekend, but fortunately found no signs of exploitation or compromise to its code release process. The company is still investigating and has promised to share more details once it's completed.
Progress Patches MOVEit Automation Flaw Enabling Authentication Bypass
Progress Software has patched critical vulnerabilities in MOVEit Automation, including an authentication bypass flaw rated CVSS 9.8, that could allow hackers to gain unauthorized access and control. The update fixes CVE-2026-4670 and CVE-2026-5174, protecting users from potential data exposure and administrative takeover.
Phishing Campaign Exploits Legitimate RMM Tools to Hit 80+ Orgs
A sneaky phishing campaign has infiltrated over 80 organizations, mostly in the US, by exploiting legitimate remote monitoring and management (RMM) tools like SimpleHelp and ScreenConnect. The attackers cleverly used customized versions of these tools, already installed by the victims, to bypass defenses and gain unauthorized access.
EU Curbs Chinese Solar Inverter Funding Over Cybersecurity Fears
The European Commission has pulled the plug on EU funding for solar projects using Chinese-made inverters, citing serious cybersecurity threats that could lead to countrywide blackouts and unauthorized access to sensitive operational data. This move comes after risk assessments confirmed the potential for manipulation of electricity production and disruption of generation.
Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials
A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when imported, putting users at risk.
US Approves $8.6 Billion Arms Sales to Middle East Allies, Bypassing Congressional Review
The US has greenlit an $8.6 billion arms deal with its Middle East allies, sidestepping Congressional review by declaring an emergency that requires immediate action to protect national security interests. This massive sale involves four key partners: Qatar, Kuwait, Israel, and the United Arab Emirates.
Data Centers Emerge as Prime Targets in Cyber Warfare
In today's digital age, data centers have become a high-stakes battleground in cyber warfare, with modern economies, militaries, and corporations relying heavily on digital infrastructure to stay competitive and operational. A recent attack in the Middle East that took out cloud data centers served as a wake-up call, highlighting a critical vulnerability that could have far-reaching consequences.
DARPA Hands Over Space-BACN Laser Link Project to DIU
Imagine a universal key that lets satellites from different constellations communicate seamlessly - that's the game-changing potential of Space-BACN, a reconfigurable satellite laser link developed by DARPA and now handed over to DIU. This innovative technology could unlock a new era of collaboration and data sharing between previously incompatible optical communications systems.
Lawsuit Alleges Dating App Meete Exploits Users' Likenesses
A Tennessee lawsuit claims dating app Meete used a young woman's TikTok video in an ad without her consent, sparking concerns over user exploitation. The case highlights the alarming trend of apps profiting from users' likenesses without permission.
Indo-Pacific Emerges as Crucial Hub in Global Spyware Market
The Indo-Pacific region is now a critical hotspot in the global spyware market, playing a pivotal role in determining the fate of efforts to curb the proliferation of spyware. Its influence will have far-reaching consequences for governments, civil society, and even criminal networks.
US Launches Project Freedom to Secure Strait of Hormuz Shipping
The US has launched Project Freedom, a mission aimed at safeguarding the vital Strait of Hormuz shipping route, ensuring that merchant vessels can transit freely and safely. Two US-flagged vessels have already successfully navigated the strait under this new protection plan.
Attackers Exploit Amazon SES to Bypass Email Security in Phishing Campaigns
Phishing campaigns are now using Amazon's Simple Email Service to make malicious messages look legit, bypassing standard email security checks and putting victims at risk of revealing sensitive data. By exploiting Amazon SES's trusted reputation and authentication features, attackers are making it harder to spot phishing emails.
Trellix Breach Exposes Source Code Repository
Trellix has confirmed a security incident involving unauthorized access to part of its source code repository, and is working closely with forensic experts and law enforcement to investigate. The company is reviewing the breach and will share updates as more information becomes available.
Cybercrime Groups Exploit AI for Rapid, High-Impact Attacks
Cybercrime groups are leveraging AI to launch lightning-fast, high-impact attacks, outpacing security patches and leaving devastating consequences in their wake. This week, a critical vulnerability in cPanel and WHM was exploited, leading to website wipes, botnet deployments, and ransomware attacks.
Cybersecurity Experts Imprisoned for Ransomware Extortion Scheme
Two American cybersecurity experts, Ryan Goldberg and Kevin Martin, have been sentenced to prison for their roles in a brazen 2023 ransomware campaign that targeted companies across the United States. Their crimes have brought to light the severe consequences of cyberattacks and the importance of protecting businesses from such threats.