Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across...

Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.

Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts.

Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware.

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations.

Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration.

China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveilla...

CrowdStrike says the acquisition will bring valuable technology to enhance its Falcon Next-Gen SIEM.

With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft.

AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.

Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys.

Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection.

State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected.

Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies.

Proof-of-concept ransomware uses AI models to generate attack scripts in real time.

The personal information of many individuals was stolen from Healthcare Services Group’s computer systems in 2024.

A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators.

CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution.

Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach.