Cybersecurity

OpenAI testing ChatGPT for Science subscription tier

FortiBleed leak exposes 73,000 Fortinet VPN credentials

15 malicious JetBrains plugins stole AI API keys from 70k devs

Rokarolla Android malware targets 217 banking apps

India's Telegram ban spills into UAE via BGP routing leak

Microsoft Office apps fail to launch after June 9 updates

CISA gives feds 4 days to patch max severity Joomla JCE flaw

Microsoft confirms Defender patch coming for RoguePlanet zero-day

Kodak confirms data breach as ShinyHunters claims 2.2M records

UK bans under-16s from social media, requires ID for new accounts

DragonForce ransomware hides in Microsoft Teams traffic

SprySOCKS malware expands from Linux to Windows, hits 4 govts

FBI warns crypto scammers now send couriers to collect cash

DOJ seizes deepfake porn sites in first TAKE IT DOWN Act action

FTC: imposter scams hit $3.5B record in 2025

CISA gives feds 3 days to patch LiteSpeed cPanel flaw

Fortinet FortiSandbox flaws exploited in active attacks

iRhythm data breach exposes patient health records to hackers

SimpleHelp flaw lets attackers forge admin accounts

OptinMonster WordPress Plugin Hacked in CDN Supply-Chain Attack

Hackers compromised Awesome Motive's CDN to inject malicious code into OptinMonster, TrustPulse, and PushEngage plugins. The attack affected up to 1.2 million WordPress sites and created rogue admin accounts with full backdoor access before being detected.

Cisco Patches SD-WAN Zero-Day Already Exploited in Attacks

Cisco has fixed a vulnerability in Catalyst SD-WAN Manager that attackers were already using to gain root access on enterprise networks. The flaw affects all deployment types, including cloud and on-prem installations. Security teams should patch immediately and check logs for indicators of compromise.

Council of Europe Probes ShinyHunters Breach Claim

The ShinyHunters extortion group claims to have stolen over 429,000 documents containing HR and payroll data from the Council of Europe. The intergovernmental body is investigating the alleged breach, which threatens to expose sensitive information for more than 10,000 staff members.

Chinese Hackers Stole Medical Research Data Undetected for a Year

A China-linked espionage group infiltrated REDCap servers at a North American medical institution, deploying custom malware that harvested credentials and exfiltrated sensitive research data from September 2023 through November 2025. Google researchers discovered the campaign used novel techniques including hijacking enterprise compliance features to automatically email stolen data to attacker-controlled accounts.

Microsoft 365 Copilot Flaw Enabled One-Click Data Theft

A critical vulnerability chain called SearchLeak let attackers steal emails, documents, and calendar data from Microsoft 365 Copilot Enterprise users with a single malicious link. Varonis researchers discovered the flaw, which Microsoft patched earlier this month under CVE-2026-42824.