LATEST POST
Vibra Hospital of Sacramento reports March data breach
Vibra Hospital of Sacramento, LLC recently reported a data breach to the California Attorney General’s Office. According to their notification, they became aware of suspicious activity in several employee email accounts on March 13. Their investigation subsequently revealed that six employees’ email accounts had been subject to unauthorized access between March 11 and March 22. […]
Google disputes false claims of massive Gmail data breach
Bleeping Computer reports: Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. This claim began over the weekend and into today, with news stories claiming that millions of Gmail accounts were breached, with some […]
Hackers took over 8.7 million WordPress sites in two days, targeting critical vulnerabilities in popular plugins.
As seen on a Russian-language hacking forum, this news report: A major vulnerability exploitation campaign has hit WordPress sites: attackers are targeting resources running the GutenKit and Hunk Companion plugins, which are vulnerable to critical vulnerabilities that allow arbitrary code execution on the server. Wordfence , a WordPress security company, recorded 8.7 million attack attempts in just two days—October […]
Hackers Target Swedish Power Grid Operator
Security Week reports: Swedish state-owned power grid operator Svenska kraftnät on Monday confirmed that it fell victim to a cyberattack that resulted in a data breach. The incident, the company said, was discovered on Saturday and affected an isolated, external file transfer solution, but not the power grid. The country’s electricity supply has not been affected […]
Marks & Spencer Cuts Ties With Tata Consultancy Services, But It Wasn’t Because of the Data Breach
The Cyber Security Hub Newsletter reports: British retail giant Marks & Spencer (M&S) has officially ended its long-standing partnership with Indian IT services leader Tata Consultancy Services (TCS) after suffering one of the most damaging cyberattacks in its history. The high-profile breach, which occurred earlier this year, is estimated to have cost the company around […]
Qilin Ransomware Exploits MSPaint and Notepad to Find Sensitive Information
Cyber Press reports: Cisco Talos has identified a sophisticated technique employed by the Qilin ransomware group, in which threat actors leverage legitimate Windows utilities, specifically MSPaint and Notepad, to inspect and locate high-sensitivity information across compromised networks manually. […] During the credential access and exfiltration phase, attackers execute a comprehensive credential-harvesting workflow using tools such […]
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
The Hacker News reports: Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the […]
Everest Ransomware Says It Stole 1.5M Dublin Airport Passenger Records
HackRead reports: Today, the Everest ransomware group published listings for two new victims, Dublin Airport and Air Arabia, on its dark web leak site. This announcement comes just days after the group claimed responsibility for breaching AT&T Careers, alleging the theft of 576,000 records containing personal details of applicants and employees. Like the AT&T listing, both […]