432 articles
OAuth tokens with no expiration persist in Google and Microsoft tenants — attackers bypass MFA and perimeter controls.
ShinyHunters leaked a 106GB archive of Vimeo data after breaching Anodot, exposing emails and names of 119,200 users. No credentials or payment info compromised.
A 23-year-old student used SDR gear to clone TETRA radio parameters, sending a 'General Alarm' signal that halted 4 THSR trains for 48 minutes.
Attackers stole source code from Trellix, exposing detection logic and control locations in its security products. The breach amplifies supply chain risks for enterprise customers.
Cisco announced plans to acquire Astrix Security to address non-human identity risks in AI and machine workloads. The deal expands Cisco's identity security portfolio.
Malwarebytes Lock and Code podcast: Eva Velasquez details how small business cyberattacks create a 'cyber tax' that raises prices for all consumers — no sector immune.
SecurityWeek reports 33 cybersecurity M&A deals in April 2026, including acquisitions by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket.
Infrastructure confirmed hackers accessed Canvas user data — names, emails, student IDs, messages — from educational institutions.
Instructure disclosed a breach where hackers stole names, emails, student IDs, and messages, and disrupted Canvas platform services. Data leak threats follow.
Flare details how fraudsters bypass credit union loan verification using stolen identities and synthetic SSNs, costing institutions millions in chargebacks.
Medtronic reported unauthorized access to its corporate IT systems in a cyberattack, with no impact on medical devices or patient care operations. Data was compromised.
OpenAI rolls out Advanced Account Security for ChatGPT: mandatory passkeys, shorter sessions, and account recovery changes. Affects all users globally.
