Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in […]
The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. […]
European Commission investigating breach after Amazon cloud hack Read More »
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. […]
Ajax football club hack exposed fan data, enabled ticket hijack Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. […]
CISA: New Langflow flaw actively exploited to hijack AI workflows Read More »
The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. […]
UK sanctions Xinbi marketplace linked to Asian scam centers Read More »
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. “When Coruna was first reported, the public evidence wasn’t sufficient to
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks Read More »
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. “Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,” Sansec said in a report
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Read More »
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace Read More »
Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. […]
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers Read More »
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. […]
TikTok for Business accounts targeted in new phishing campaign Read More »