The Specops 2025 Breached Password Report reveals that over 1 billion passwords were stolen by malware in the past year, exposing persistent weaknesses in password security practices.
Read MoreA security researcher, Jeremiah Fowler, discovered an unprotected database containing over 240,000 records belonging to Willow Pays, a US-based FinTech company specializing in bill payment services.
Read MoreHacker IntelBroker claims to have breached Hewlett Packard Enterprise (HPE), exposing sensitive data such as source code, certificates, and personal information (PII), now for sale on Breach Forums.
Read MoreCybercriminals are exploiting the California wildfires by registering fake domains and using them to target victims with phishing scams.
Read MoreCVE-2024-44243 is a critical macOS vulnerability discovered by Microsoft Threat Intelligence that allows attackers to bypass Apple’s System Integrity Protection (SIP).
Read MoreCybercriminals are impersonating CrowdStrike recruiters to lure job seekers into downloading malware under the guise of job offers. Victims receive phishing emails directing them to a fake CrowdStrike website, where they are tricked into installing a malicious app that deploys XMRig, a cryptominer used to mine Monero cryptocurrency.
Read MoreThe rapid growth of mobile applications has created opportunities for threat actors to exploit users, as seen in the emergence of FireScam malware targeting Android devices, cybersecurity researchers at Cyfirma report.
Read MoreSquareX, a pioneer in Browser Detection and Response (BDR) solutions, has issued a warning about OAuth-based phishing attacks targeting Chrome extension developers, exposing users to session hijacking and data theft.
Read MoreFortiGuard Labs has observed an increase in activity from two botnets, FICORA and CAPSAICIN, during late 2024.
Read MoreOn December 23, 2024, CloudSEK's TRIAD team revealed critical security vulnerabilities in Postman Workspaces, with over 30,000 publicly accessible workspaces leaking sensitive data, such as API keys, access tokens, and administrator credentials.
Read MoreCybersecurity researcher Jeremiah Fowler uncovered a 1.2TB misconfigured database from Builder.ai, exposing over 3 million records without authentication or passwords.
Read MoreThe Play ransomware group has claimed responsibility for a data breach at Krispy Kreme, threatening to release sensitive internal company data within two days. Known for its double-extortion model, the group exfiltrates and encrypts data, pressuring victims to meet ransom demands or face public exposure of stolen information.
Read More
