A sophisticated wave of supply chain attacks has infiltrated multiple developer package repositories, compromising thousands of open-source libraries across npm, PyPI, and RubyGems ecosystems. Attackers deployed typosquatted and dependency-confused packages containing malicious payloads designed to
The notorious cybercrime group ShinyHunters has leaked what appears to be Charter Communications customer data on a dark web forum, claiming to have exposed information on approximately 5 million customers. The dataset allegedly contains personal information including names, addresses, phone numbers
23andMe is facing a major lawsuit following allegations that the genetic testing company attempted to conceal a significant data breach exposing sensitive DNA and ancestry information of millions of users. The lawsuit claims 23andMe failed to promptly disclose the breach, implement adequate security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the LiteSpeed Cache plugin for WordPress to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2024-28000, this privilege escalation flaw affects millions of WordPress sites and is b
A massive underground ransomware economy is actively targeting exposed databases worldwide, with over 30,000 instances compromised and held for ransom. Attackers systematically scan for misconfigured databases, exfiltrate sensitive data, delete the original contents, and demand payment for restorati
The Oncology Institute of Hope and Innovation (TOI), a California-based cancer care provider, disclosed a significant data breach affecting patient information following a cyberattack on a third-party vendor. The incident compromised sensitive patient data including names, Social Security numbers, m
Microsoft Access databases with embedded VBA macros represent a significant yet underestimated security threat to enterprise environments. Unlike Word or Excel macros that face heavy scrutiny and protection mechanisms, Access databases can execute malicious VBA code with minimal security warnings, b
A critical vulnerability in Ghost CMS (CVE-2026-26980) has been actively exploited to compromise over 700 websites, enabling attackers to deploy ClickFix social engineering campaigns. The flaw allows unauthenticated attackers to inject malicious JavaScript into Ghost-powered sites, turning legitimat
Popular Laravel localization packages maintained by the Laravel-Lang organization were compromised in a supply chain attack, with malicious actors injecting credential-stealing malware into legitimate translation packages. The attack affected multiple packages downloaded thousands of times, potentia
The RondoDox botnet is actively exploiting CVE-2018-5999, a six-year-old critical vulnerability in ASUS routers, to compromise devices and expand its network. This authentication bypass flaw allows attackers to execute arbitrary commands remotely, converting vulnerable routers into botnet nodes for