A data breach involving jktiny.me was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving FAU Erlangen-Nürnberg was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Dunzo was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Okta was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Ministry of Education was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Livrenpoche.com was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Jabarprovgoid was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Menulux was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Pharmacie.ma was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Ministry of Electricity and Water was reported in January 2026. See incident details, impact on customers, and recommended security measures.
Threat actors abused native AWS email services to build phishing and spam infrastructure inside a compromised cloud environment. After obtaining exposed long-term AWS credentials, the attackers...
Cybercrime groups, including one that identifies as ShinyHunters, are targeting single sign-on services to gain access to victim networks and steal data. The post A new wave of ‘vishing’ attacks...
A data breach involving Canadian Investment Regulatory Organization was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A federal judge ordered a new briefing due Wednesday on whether DHS is using armed raids to pressure Minnesota into abandoning its sanctuary policies, leaving ICE operations in place for now.
Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to...
A data breach involving SAFE Credit Union was reported in January 2026. See incident details, impact on customers, and recommended security measures.
A data breach involving Betterment was reported in January 2026. See incident details, impact on customers, and recommended security measures.
Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the...
A data breach involving Free was reported in January 2026. See incident details, impact on customers, and recommended security measures.
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also...
The challenge uses Chromium and abuses HTTP Disk Cache keys to trigger a client-side cache-poisoning issue. It contains two endpoint: /view and /. /view only succeeds if the header contains...
Facebook is used by almost everybody. Being able to see who is logged in can allow for targeted attacks, account takeovers, and employee profiling. This article dives into several techniques they...
Meta's web ecosystem relies on cross-window messaging between first-party websites. The only security control is around origin checks on facebook.com or its subdomains. Multiple Meta modules...
In October 2025, Citizen Lab researchers and director Ron Deibert signed an open letter to the Canadian Minister of Artificial Intelligence and Digital Innovation and the Minister of Industry...
FXAuth is Meta's shared authentication system used by a variety of services that they own. On the domain https://auth.meta.com/fxauth/, a signed token and blob are returned for using the website....
The report features insights from the Health-ISAC Ransomware Events Database, Indicator Sharing program, Physical Security, and Targeted Alerts initiative, showcasing the community-felt impacts of...
Moving beyond simple checklists to visualize, map, and block attacks on production SDLC infrastructure.
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are...
The author of this post wanted to see the capabilities of Opus 4.5 and GPT-5.2 when exploiting new vulnerabilities in the QuickJS JavaScript interpreter. They included many different challenges,...
Mata provides several website plugins such as the Like button and Customer Chat. These are hosted at www.facebook.com and designed for use in iFrames. Communication between the host website and...