U.S. broadband provider Brightspeed is investigating serious claims made by a cybercriminal group that says it has breached the company’s systems and accessed sensitive customer data. The hackers also claim they were able to disrupt internet services for some users. Brightspeed has confirmed that it is aware of the allegations and is currently reviewing the … Continued
Microsoft has issued a new security warning after identifying phishing attacks that exploit misconfigured email routing systems. The company says attackers are taking advantage of complex mail setups to send emails that appear to come from inside an organization. These emails look legitimate and can easily trick employees. Because no obvious warning signs are visible, … Continued
A new and highly critical security vulnerability has been found in n8n, a popular open-source workflow automation platform. The flaw has been assigned a CVSS score of 9.9, indicating extremely high risk. Security researchers confirm the issue is real and serious. It affects how n8n handles certain workflow execution features. n8n is widely used to … Continued
A serious security vulnerability called MongoBleed has been identified in MongoDB, and it is currently being exploited by attackers. This is not a warning for the future but an active threat happening right now. Security researchers have confirmed real attacks in the wild. Any exposed MongoDB system is at immediate risk and needs attention. MongoBleed … Continued
The European Space Agency (ESA) has officially confirmed that it recently suffered a cybersecurity breach involving some of its servers. The confirmation came after claims surfaced online from a hacker who said they had gained unauthorized access to ESA systems. Following these claims, the agency investigated the matter and acknowledged that a security incident had … Continued
Cybersecurity researchers have identified a new malware strain called VVS Stealer. This malware is written in Python and is designed to steal sensitive data from infected Windows systems. Its main focus is on Discord users, but it can also collect browser information. Experts say the threat is active and already being used by attackers. VVS … Continued
Cybersecurity researchers have identified a modified and highly obfuscated version of the Shai-Hulud malware. The discovery suggests that threat actors are actively experimenting with changes to the malware rather than launching a large-scale attack. The activity appears controlled and deliberate, indicating a testing phase. Experts believe this could be preparation for more advanced campaigns. The … Continued
Cybersecurity researchers have uncovered a new phishing campaign where attackers abused a legitimate Google Cloud email feature to trick users. Instead of hacking Google directly, the criminals misused an official automation service to send emails that appeared genuine. Because the messages came from a trusted Google-related address, many recipients did not suspect anything unusual. This … Continued
The RondoDox botnet has been found actively exploiting a critical software vulnerability called React2Shell. This flaw affects applications built using React Server Components and Next.js, which are widely used across the internet. By abusing this weakness, attackers are able to remotely access servers without authentication. Security experts warn that the activity is ongoing and widespread. … Continued
The U.S. government has lifted sanctions on three individuals previously linked to the Intellexa spyware consortium. The decision was announced in late December 2025. It reflects a change following a formal review by U.S. authorities. The update was recorded in official sanctions listings. The individuals whose sanctions were removed are Sara Hamou, Andrea Gambazzi, and … Continued
