Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 16th March and 22nd March 2026.21st March
CISA Flags Apple, Craft CMS, Laravel Bugs in Known Exploited Vulnerabilities (KEV), Orders Patching by April 3rd 2026
Cyber scammers refine phishing tactics with AI
FBI issues warning: Russian hackers target messaging apps in massive phishing campaign
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Microsoft Azure Monitor alerts abused for callback phishing attacks
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Russian hackers targeting WhatsApp, Signal users in phishing campaign - FBI & global agencies warn
This Massive Data Breach Leaked 2.7 Million Social Security Numbers
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
20th March
2.7 Million Affected in Navia Cyberattack Linked to API Flaw
2.7 million hit in workplace benefits data breach exposing SSNs, dates of birth and health account data
2.7 million hit in workplace benefits data breach with full names, dates of birth, SSNs and more exposed - what to do now
2.7 million impacted in US benefits provider Navia cyber attack
4 Major Botnets Dismantled: Aisuru, KimWolf, JackSkid, Mossad
A French Navy officer accidentally leaked the location of an aircraft carrier by logging his run on Strava
AI agent error leads to data breach at Meta
AI Has Become the Default Tool for Phishing Campaigns
Akira Ransomware Group: Threat Profile and TTPs
Android Malware Campaign Targets Indian Users via Fake eChallan Alerts
Apple Mail’s ‘Trusted Sender’ Label Misused in New Phishing Scheme
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Are ‘CLAW’ Tokens Legit? Phishing Attack Hits OpenClaw as Hackers Target Crypto Wallets
Authorities Dismantle IoT Botnet Behind Massive 30 Tbps DDoS Attacks
Authorities disrupt four IoT botnets behind record DDoS attacks
Bermuda: Call for banks to reimburse phishing scam victims
BuddyBoss platform compromised, hundreds of websites already hacked
California city reports ransomware attack as Los Angeles transit agency finds ‘unauthorized activity’
Charleston Area Medical Center $1 Million Data Breach Settlement
CISA issues urgent Microsoft Intune security warning
CISA orders feds to patch max-severity Cisco flaw by Sunday
CISA Warns of Cisco Firewall 0-Day Exploited in Ransomware Attacks
CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks
CISA Warns Cisco Secure Firewall Management Center 0-Day Is Being Exploited in Ransomware Attacks
Cisco Firewall Management Center (FMC) flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
City of Tucson Warns of Phishing Emails Requesting Payment
Cobra DocGuard Hijacked By Speagle Malware For Sensitive Data Theft
Congress has a chance to make spying on Americans harder
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
Critical UNISOC T612 Modem Flaw Enables RCE via Cellular Calls
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Cyberattack in Foster City shuts down many city services
Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US
Department of Justice (DoJ) Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
Essen Medical Associates Agree to $4 Million Settlement to Resolve Class Action Data Breach Lawsuit
Europol targets Tycoon2FA phishing platform as CrowdStrike tracks immediate decline
Ex-Data Analyst Convicted in $2.5M Brightly Software Extortion Scheme
Ex-data analyst stole company data in $2.5 Million extortion scheme
Fake Tools Fuel Vibe-Coded Malware Campaign Targeting Unsuspecting Users
FBI alerts users to fake Tron phishing scam targeting crypto wallets
FBI links Signal phishing attacks to Russian intelligence services
FBI Seizes Website of Iran-Linked Hacker Group Amid Ongoing Conflict
FBI takes down leak sites tied to Iran’s Ministry of Intelligence and Security
FBI warns of fake Tron tokens in new crypto phishing scheme
FBI Warns Tron Blockchain Users of Phishing Attack Using Fake Tokens Impersonating the Agency
Foster City hit by ransomware attack, plans to declare state of emergency
Foster City Ransomware Attack Disrupts Non-Emergency Municipal Operations
Foster City targeted by ransomware attack
German ‘ethical hacker’ claims responsibility for Malta Gaming Authority (MGA) data breach
German hacker claims responsibility for Malta Gaming Authority (MGA) breach and vows further disclosures
“Give me six hours:" negotiator pleads for more time as LockBit pressures CEO at the heart of a supply chain attack
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google Chrome Update Fixes 26 Security Flaws, Including RCE Vulnerabilities
Google slows Android sideloading to trip up scammers
Hacker claims responsibility for Gaming Authority data breach
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
Hacker says they compromised millions of confidential police tips
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Handala Websites Seized by FBI After Stryker Cyberattack
Horabot Banking Malware Reemerges In Mexico With Sophisticated Phishing Chain
How CISOs Can Survive the Era of Geopolitical Cyberattacks
How cybercrime outpaces digital revolution
How to build an effective employee phishing training program
INC Ransomware Group target Airports Company; 500GB of data at risk
Interlock Ransomware Targets Cisco Enterprise Firewalls
International joint action disrupts world’s largest DDoS botnets
Intoxalock breathalyzer hack leaves drivers unable to start their cars across 46 states
Iran-linked Handala hacker group responds with defiance after US seizure of websites
Law in the crosshairs and why ransomware gangs are now targeting 'low-hanging fruit' firms
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Meta AI agent causes internal data breach after responding to wrong user
Meta AI Agent Goes Rogue, Exposes Data in Severe Data Breach
Moorhead Parks and Recreation software vendor suffers cyber attack
Namibia: Communication Regulatory Authority of Namibia (CRAN) confirms cyberattack on Namibia Airports Company (NAC) was carried out by INC Ranson Group
National Crime Agency (NCA) Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online
Navia Benefit Solutions Discloses Data Breach Affecting 2.7 Million Individuals
Navia Confirms Data Breach - 2.7 Million Users Sensitive Data Exposed
Navia Confirms Data Breach Exposing Sensitive Data of 2.7 Million Users
Navia Confirms Data Breach Exposing Sensitive Information of 2.7 Million Users
Navia Data Breach Impacts 2.7 Million
Navia data breach impacts nearly 2.7 Million people
New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs
Open Directory Leak Reveals Iran-Linked 15-Node Relay Network
Oracle pushes emergency fix for critical Identity Manager RCE flaw
Outsourcing Giant TELUS Digital Confirms Data Breach that Leaked Nearly a Petabyte
Peninsula City Goes Offline Following Ransomware Attack
Perseus Android Malware Targets Mobile Banking Users via Fake IPTV Apps
Perseus Malware Based on Phoenix and Cerberus Predecessors Initiates Android Device Takeovers, Targets Users’ Personal Notes
Ransomware Actors Expand EDR Killer Tactics Beyond Vulnerable Drivers
Ransomware Attack Freezes Foster City, Nonemergency Services Hit Pause
Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government
Russian APT weaponizes critical Zimbra bug in Ukraine-targeted intrusions
Russian-linked hackers phishing Signal users, other apps to hijack accounts, FBI warns
ScreenConnect Deployed via SILENTCONNECT Using VBScript and PEB Masquerading
Starbucks Confirms Data Breach from a Social Engineering Attack on a Business Partner
Strava exposes French troops...again
Stryker hacker Handala’s clear-net sites seized by US authorities
Taming the Threat Beast: Building a Threat-Led Cybersecurity Program
Terminated contract led to $2.5 million cyber extortion scheme
The FBI Buys Data to Track Movement, Location History
The Gentlemen ransomware gang’s inner workings leaked
Threat Actors Weaponized Open VSX Extension To Drop RAT and Stealer via GitHub
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
U.S. Shuts Down Websites Behind Iran-Linked Cyber Attacks and Death Threats
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)
Update your iPhone now - Apple issues a rare warning to iOS users as a new hacker threat is discovered
US accuses Iran’s government of operating hacktivist group that hacked Stryker
US seizes domains and infrastructure used in sprawling botnet campaigns
US, Germany, Canada, take down major botnet infrastructure in joint operation
Why fake customer support chats are scamming so many people
Wrong kind of spark: Innova Energie ex-employee steals customer IBANs in insider breach
You're being tracked online - 9 easy ways to stop the surveillance
19th March
8 Million Confidential Crime Tips Hacked, Compromised
54 EDR Killers Use Bring Your Own Vulnerable Driver (BYOVD) to Exploit 34 Signed Vulnerable Drivers and Disable Security
900,000 contact records exposed in Aura data breach
A deep dive into EDR killers - a cornerstone of modern ransomware operations
A new hacker tool could infect millions of iPhones worldwide. Here’s what you should do
'AI-generated phishing became the baseline' for hackers last year - Kaseya warns it's going to get worse
Alleged Tip-Line Mega-Hack Puts Police Hotlines on Blast
Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS
Apple responds to DarkSword spyware, the hacker tool targeting iPhones
Aura breach confirmed as over 900,000 customer records accessed in phishing attack
Aura Confirms Data Breach Exposing 900,000 Customer Records
Aura confirms data breach exposing nearly 900,000 records after voice phishing attack
Aura Confirms Data Breach Impacting 900,000 Customer Records
Aura customer data exposed in voice phishing attack
Authorities warn Israelis of phishing attempt in fake Home Front Command messages
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Beast Ransomware’s toolkit revealed by exposed directory
Bitrefill blames North Korean Lazarus group for cyberattack
Brandt Equities LP Data Breach Discloses Data Breach
Charlotte 'Loot' Hacker Nailed For $2.5 Million Crypto Shakedown
Charlottesville Settlement: Data Breach Affects 22,041
China Sits at the Top of America’s Cyber Threat List
CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker
CISA urges US organizations to secure Microsoft Intune systems after Stryker breach
CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)
CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain
Companies now required to reveal AI use to get cyber insurance
Critical Microsoft SharePoint flaw now exploited in attacks
Crypto Money Laundering Nightmare: South Korean Police Bust Family-Run Voice Phishing Ring
Cyber Attack Targets Lebanese Government Websites
DarkSword: Researchers uncover another iOS exploit kit
Darksword Exploit Kit Deploying iOS Spyware on iPhones, Adopted by Multiple Threat Actors
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
Data breach hits Crime Stoppers tip platform, Portland police say
Data breach rocks surgical robotics leader Intuitive
Deaconess Health System Data Breach Exposes SSNs and Sensitive Medical Records of Patients
Deaconess patients' sensitive data stolen in vendor breach
Deepfakes and an elite hacker school: How cybercrime is growing as a source of income for North Korea
Department of Justice (DoJ) says seized Handala websites fueled Iranian psychological operations
Diesel Vortex: phishing-as-a-service that hit DAT Truckstop, EFS, Penske Logistics and Timocom
Dormant Accounts Leave Manufacturing Organizations Open to Attack
EDR killers - the key to ransomware operations
EDR killers are now standard equipment in ransomware attacks
Elite members of North Korean society fake their way into Western paychecks
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
FBI Data Purchases Ignite New Clash Over Privacy and Surveillance
FBI seized Handala domains and disrupted pro Iranian hacker operations
FBI seizes Handala data leak site after Stryker cyberattack
FBI seizes Handala leak sites after Stryker cyberattack
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
FBI Seizes Two Websites Linked to Pro-Iranian Group Handala
FBI seizes website tied to Iranian cyberattack on U.S. company, hacker group says
FBI shuts down Iran-linked hacker group's websites
FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker
Financial Brands Targeted in Global Mobile Banking Malware Surge
Financial Conduct Authority (FCA) Updates Cyber Incident and Third-Party Reporting Rules
Freight fraud evolving as criminals leverage AI, phishing tools
French Rugby Hit by Major Data Leak as Hacker Puts 948 ID Cards Up for Sale
Google limits Android accessibility API to curb malware abuse
Hacker claims breach of millions of confidential police tips in US platform
Hacker claims breaking into US company's systems and stealing millions of anonymous tips shared with the Police, warns citizens
Hacker Says They Compromised Millions of Confidential Police Tips Held by US Company
Hackers exploit OpenClaw popularity in phishing attacks
Health plan information for over 2.6 million stolen from third-party admin Navia
Horabot Banking Trojan Resurfaces in Mexico With Multi-Stage Phishing and Email Worm Tactics
Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks
Identity protection company Aura suffers massive 900,000 person data breach: customer information exposed
Interlock Ransomware Campaign Exploited Cisco Firewall Vulnerability CVE-2026-20131 Weeks Before Disclosure
Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure
Interlock Ransomware Leveraged Cisco FMC Zero-Day 36 Days Before Patch
Interlock ransomware targeting of max severity Cisco FMC zero-day precedes disclosure
Justice Department seizes domains linked to Iran hacker group
Lloyds customers advised to call number in certain circumstances after 'data breach'
Marquis confirms sensitive personal data of 672,000 people stolen in ransomware attack
Marquis Data Breach Affects 672,000 Individuals
Massive Data Breach: 8 Million Confidential Tips Exposed
Max severity Ubiquiti UniFi flaw may allow account takeover
MediCopy Data Breach Affects Health Systems Including Deaconess Patients
MetLife Japan probes suspected unauthorized data transfer affecting thousands of records
Multiple Threat Actors Exploiting a Six-Vulnerability iOS Exploit Kit Dubbed “DarkSword”
Navia discloses data breach impacting 2.7 million people
New Android malware hiding in streaming apps to spy on users’ personal notes
New Apple Hack: Up to 270 Million iPhones Vulnerable to ‘DarkSword’ Exploit
New iOS Exploit Uses Advanced iPhone Hacking Tools to Steal User Data
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
New ‘Perseus’ Android malware checks user notes for secrets
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
No Good Deed Goes Unpunished: Victim Stryker Sued for Iranian-Backed Cyber Attack
No, the Aura Data Breach Did Not Expose Your SSN or Password. Here's What Happened
OpenClaw Developers Targeted in GitHub Phishing Campaign Draining Crypto Wallets
OpenClaw Hype Triggers Phishing Attacks on Crypto Wallets
OpenClaw's rise draws phishing campaign targeting developers' crypto wallets
Orthodox Jewish news site Yeshiva World News hacked after threats of Iran cyber attack
Patient Operations Delayed After Stryker Cyber-Attack
Phishing scam exploits Apple Mail 'trusted sender' label
Police Scotland hit with £66k fine over serious data breach
Ransomware 3.0: How AI-Driven Extortion is Changing the Insurance Landscape
Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
Ransomware pressure rises for food and agriculture businesses
Researchers uncover iPhone spyware capable of penetrating millions of devices
Russian hackers exploit Zimbra flaw in Ukrainian government attacks
Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency
Scam protection company Aura just got scammed: 900,000 records stolen
ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions
Secure endpoint management systems immediately, CISA urges
Security Firm Aura Discloses Data Breach Impacting 900,000 Records
Server Misconfiguration Lifts Lid On FancyBear Credential Theft Operations
Software firm Marquis says data of 672k bank customers stolen in ransomware attack
South Korea: Voice Phishing Suspect Indicted, Funds Recovered
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
Stryker Cyber Attack, How One Breach Disrupted Surgeries Worldwide
Stryker cyberattack delays surgeries as CISA warns to harden Microsoft systems
Stryker Update: FBI Seizes Website of Iran-Linked Hackers
Surgeries delayed as a result of Stryker cyber attack
Telegram executes record number of takedowns, but cyber crooks still stand tall
The Aura Data Breach Exposed 900,000 Users – Here Is What Every Business Needs To Know
The Growing Threat of Phishing and Brand Impersonation
The Hidden Security Risks in Open-Source Dependencies Nobody Talks About
Trump’s Former Counter-Terrorism Official Investigated Over Alleged Leaks
‘Trusted Brands Trap’: Phishing Operation Using Cisco and JP Morgan Targets Cybersecurity Firm
Ubiquiti rushes out emergency fix for critical bug in UniFi Network Application
UK: Regulation Drives Cyber Spending for Critical Infrastructure Organizations
UK bank customers issued warning after 'data breach'
UK bank customers warned 'never do this' after major 'data breach'
Unknown attackers exploit yet another critical SharePoint bug
US: Nationwide Cyber Attack Makes Hundreds of Maine Vehicles Inoperable
What To Do After a Data Breach: 4 Free Steps To Protect Your Money and Identity
Your APIs are under siege, and attackers are just getting warmed up
18th March
9 Critical Keyboard, Video, Mouse over Internet Protocol (IP KVM) Flaws Enable Unauthenticated Root Access Across Four Vendors
“Agents of chaos:” OpenClaw assistant discloses Social Security numbers
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
AI vs ransomware: High-stakes cybersecurity showdown
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
AI-Generated Slopoly Malware Signals a New Phase in Ransomware Attacks
AI-powered phishing campaign leverages browser permissions for data theft
Amazon dodges €746 million fine as privacy regulator's maths doesn't add up
Amazon security boss says criminals abused max-security Cisco firewall flaw weeks before disclosure
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple Mail “trusted sender” phishing scam warning
Apple Rolls Out Real-Time Security Fixes Across iPhone, iPad, and Mac
Apple starts issuing lightweight security updates between software releases
Asahi cyberattack exposes food industry’s growing ransomware crisis
Aura confirms data breach exposing 900,000 marketing contacts
Aura Data Breach Exposes Over 2 Million Records
AWS Bedrock AgentCore Flaw Enables Stealthy C2 Channels and Data Theft
Bank software vendor Marquis says more than 670,000 impacted by August breach
Big tech companies step in to support the open source security ecosystem
Bitrefill accuses North Korea-linked Lazarus hacker group for compromising 18,500 purchase records
Bitrefill cyberattack linked to suspected North Korean hackers exposes limited customer data
CISA flags actively exploited vulnerability of file transfer software used by US Air Force and Sony
CISA official says agency has not seen uptick in cyber threats amid Iran war
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware
Claude.ai: The Claudy Day Vulnerability Chains Prompt Injection, Open Redirects, and Data Exfiltration
“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads
ClickFix, Deno-based loader tapped by nascent LeakNet ransomware gang
Compromised Healthcare Admin sends warning after email pushes fake PDF and M365 phishing page
ConnectWise patches new flaw allowing ScreenConnect hijacking
COVERT RAT Delivered Through Court-Themed Lures and GitHub Payloads
Critical CVE-2026-3888 Vulnerability Exposes Ubuntu to Root Escalation
Critical FortiClient SQL Injection Flaw Allows Unauthorized Database Access
Critical ‘RegPwn’ Vulnerability Lets Attackers Gain SYSTEM Access on Windows
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Crypto Phishing Attack Surge Drives $49 Million February Losses
Crypto Phishing Scam Crackdown: US, UK, Canada Launch Operation Atlantic
Crypto phishing scam crackdown sought by new global international law enforcement operation
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran
Cybercriminals scale up, government sector hit hardest
Data Breach Scams Are Skyrocketing As Cybercriminals Exploit Fear: How To Spot Them
Dutch telecom's bid to keep Chinese kit fails as court backs spy agency fears
Fake security tool targets 1.8 billion Gmail users in new phishing scam
Fake SMS and WhatsApp messages fuel LPG booking scams in Punjab
FBI Intensifies Crackdown on Thai Scam Centers Targeting Americans
FBI is buying location data to track US citizens, director confirms
Freedom Mobile Confirms Data Breach: Customer Info Leaked in January
Georgia Inmate Allegedly Posed As Adult Film Star To Dupe NBA, NFL Players In Phishing Scam
Global fraud losses climb to $442 billion
Google Warns Ransomware Groups Are Pivoting To Data Theft As Profits Decline
Greek shipping giants in hackers' crosshairs as Iran conflict goes digital
Greenhouse Apartments Breach Affects 3,473 People
GuardDog Telehealth Accesses Sensitive Medical Records Under False Pretenses
Hacker groups target the US and Israel - How are cyberattacks being used as weapons in Iran's war?
Hacker says they compromised millions of confidential police tips held by US company
Hackers are doing their homework - and your VPN is first on the list, report warns
Hackers Claim Breach of China’s Supercomputing Hub, Stealing 10PB of Sensitive Military Data
Hackers turn GitHub’s favourite OpenWebUI AI servers into crypto mining zombie army
How a Ukrainian Vishing Ring Stole €2 Million From EU Citizens - and Nearly Got Away
How attackers behave in active cyber espionage campaigns
How Cortex XDR BIOC Rules Could Become an Attack Surface
Hundreds of code repos falling like dominoes, infected by new wave of self-replicating malware
Identity protection firm Aura suffers data breach exposing 900,000 records
Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Interpol: GenAI fraud 4.5x more profitable for criminals
Ireland: Limerick staff unable to login to work devices after cyberattack from hacker group
IRS Flags Phishing, Impersonation in 2026 Dirty Dozen; Experts Explain Why Payroll Is a Prime Target
Japan to launch “hack back” powers this October
Kaplan North America Data Breach Likely Affects Millions of Americans
Konni Uses KakaoTalk to Spread EndRAT in Targeted Phishing Campaign
Kubernetes CSI Driver for NFS Flaw Allows Attackers to Modify or Delete Server Data
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
LeakNet Ransomware Tactics: New ClickFix Lures Delivered via Compromised Legitimate Websites & Deno Loader
LeakNet Ransomware Tricks Victims Into Infecting Themselves Through Hacked Websites
LeakNet Scales Ransomware Operations With ClickFix Lures and Stealthy Deno Loader
London borough unable to collect council tax for four months after devastating cyber attack
London borough unable to collect council tax for over three months following cyber attack
Marquis: Ransomware gang stole data of 672K people in cyberattack
Marquis Ransomware Attack Exposes 672K Social Security Numbers
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
MedPeds Associates of Sarasota Notice of Data Breach
Medusa ransomware purportedly hits University of Mississippi Medical Center, New Jersey county
Meta is having trouble with rogue AI agents
MetLife Japan probes suspected data breach affecting thousands
Microsoft Teams Vishing Attack Leads to Quick Assist Compromise
Mosley Glick O’Brien (MGO) Ransomware Breach Exposes 1.2TB of Data
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives
New “Darksword” iOS exploit used in infostealer attack on iPhones
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
Nordstrom customers conned out of thousands in St. Patrick’s Day phishing scam
Nordstrom's email system abused to send crypto scams to customers
Office of Foreign Assets Control (OFAC) Sanctions Democratic People's Republic of Korea (DPRK) IT Worker Network Funding Weapons of Mass Destruction (WMD) Programs Through Fake Remote Jobs
One in five UK small businesses could close after data breach
OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack
OpenLoop Health Data Breach Affects 68,160 Texans
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Ransomware gangs threatening to wipe data instead of double extortion
Ransomware Spotlight: Agenda
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
Russia-linked hackers use advanced iPhone exploit to target Ukrainians
Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
Safepay Hacks Navigator, Matt & Steve’s, Briway, Tiefenbacher, Brooker
Scam warning issued to all Brits who own a Gmail account
Sierra Management Group Data Breach: 100 GB Stolen
Sinobi Hits Interpack Northwest, Summa, Teco, McAfee, Eco Sound
Starbucks Sends Data Breach Alert to Customers After ‘Unauthorized Third Party’ Accesses Names, Social Security Numbers, Financial Account Numbers and More
Stryker contains cyber attack on its Microsoft environment
Telus Confirms Data Breach
The Path of Least Resistance: Why Active Inertia is the Real AI Threat
The Washington Post will mine your data to decide how much you’ll pay
Threat Actors Target the Entire Retail Supply Chain
U.S. Network Footholds and Camera Targeting Linked To Iranian Cyber Operations
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
University of Mississippi Medical Center restores operations after ransomware attack
US: Social Security Data Breach Concerns - Investigation Into Alleged Unauthorized Access
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
What to do after the Sears Home Services data leak: Millions of call recordings exposed
Whistleblower leaks massive amount of Crime Stoppers tips, claims anonymity is a lie
Woundtech Data Breach Affects Thousands: SSNs and More Exposed
17th March
100,000 personal emails of ex-Mossad research head leaked, pro-Iran hackers claim, Stryker attack contained
Advanced phishing intrusion against security firm executive detailed
AI Cyberattacks Rising: How Hackers Use Machine Learning to Launch Smarter Attacks
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
AI-Driven Phishing Campaign Uses Browser Permissions to Harvest Sensitive Data
Amazon Web Services (AWS) Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
America’s largest medical device maker Stryker ‘back’ six days after Iran-linked cyber attack
Android OS-Level Attack Bypasses Mobile Payment Security
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bug
'Astonishing' Companies House data breach exposed millions of director's private information for months
Atlanta man indicted in athlete phishing and trafficking case
Attack on Stryker’s Microsoft environment wiped employee devices without malware
Attackers Hijack Legitimate Websites to Target Microsoft Teams Users
Average Number of Daily API Attacks Up 113% Annually
Baltimore Inspector General refers fraud, data sharing in crime prevention office for criminal investigation
Baltimore watchdog uncovers thousands in fraudulent billing, confidential data breach related to youth crimefighting program
Bitrefill Reports North Korean Cyberattack, Data Breach
Can Satellites be used to launch cyber attacks on corporate environments?
China hacker group leaks $7 Million crypto theft operation targeting wallet supply chains
CISA Alerts on Actively Exploited Chrome 0-Day Vulnerabilities
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
ClickFix Attack Targets Developers with MacSync Malware via Fake Claude Tools
CommonSpirit Health Patients Affected by Vendor Data Breach
CommuniCare Data Breach May Affect 19,885 San Antonio Patients
Coopsana Healthcare Data Breach Exposes Patient Records
'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
Data allegedly from University of Mississippi Medical Center (UMMC) priced at $800K, posted on dark web
Data breach: UK lawmakers question Lloyds banking group over account glitch exposing customer details
Data extortion attacks on the rise
Document Protection: Why Hybrid Storage Is the Future of Security
Energy Department set to release its first-ever cyber strategy
EU sanctions Chinese and Iranian companies for carrying out cyberattacks against Member States
EU sanctions Chinese company behind 65,000-device hack
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
Europe sanctions Chinese and Iranian firms for cyberattacks
Fake invoice with Iowa City logo used in phishing attempt asking for fraudulent payments
Fake Pudgy World site steals your crypto passwords
Fraudulent shipment tracking scams escalate worldwide
French Rugby Federation files lawsuit over phishing-linked cyberattack
From Indian schools to China's chips, how cyber attack targets are shifting
Georgia cybercriminal allegedly duped NBA, NFL players in twisted phishing scam turned sex trafficking plot
Georgia man charged for robbing NBA, NFL players through stolen Apple account details
Georgian Charged for Running Phishing Scam Targeting NBA, NFL Players, While in Federal Custody
Giveth Blockchain Donation Platform Suffers Alleged Data Breach
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Government Entities Targeted By CamelClone Espionage Campaign Using Rclone and Public Hosting Sites
Hacker takes over crosswalk system, plays anti-Trump profanities on speaker
Hackers Abuse Trusted Websites in New Attacks on Microsoft Teams Users
Hackers Hijack Corporate M365 Accounts with OAuth Device Codes
Hidden instructions in README files can make AI agents leak data
HumanizerPro.AI Data Breach Exposes Over 65K Users
Identity Drift: The Hidden Risk in Hybrid Active Directory Environments
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Intuitive Data Breach Exposes Customer Info
Intuitive suffers data breach after phishing attack
Intuitive Surgical cyberattack exposes customer and employee data through phishing breach
Intuitive’s Certain Business, Employee, Corporate Data Accessed in Recent Breach
Israel National Security Institute Suffers Data Breach by Handala
KakaoTalk weaponized in Konni spear-phishing campaign
Kerkering, Barberio & Co. Data Breach Exposes Sensitive Info for 4,179 Individuals
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
Koiride.com Airport Transfers Suffers Alleged Data Breach
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Less Lucrative Ransomware Market Makes Attackers Alter Methods
MedPeds Associates Breach Impacts 21,430 Patients Exposing PHI and PII
Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county
Millions of UK firms on alert after Companies House data exposure
New font-rendering trick hides malicious commands from AI tools
New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
NHS supplier hit by cyber attack by pro-Iran activist hackers
Onset Financial Data Breach Exposes SSNs, Financial Info, and More
OpenClaw, the Fastest-Adopted Software Ever, Is Also a Security Blind Spot
Operation Atlantic: The US Secret Service’s Global Shield Against "Approval Phishing"
“Operation Atlantic” targets crypto phishing scams across the US, UK, and Canada
Parexel Data Breach Exposes SSNs and Other Personal Info
Payload ransomware hits Windows and ESXi with Babuk-style encryption
Phishing emails target AI defenses with unique obfuscation
Phishing scams use LiveChat to impersonate brands, steal data
Popular Chrome extension turns malicious, starts hijacking affiliate commissions
Ransomware Trends Show Why Cyber Pros Need New Skills
Ransomware’s Opening Play: Target Identity First
Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot
RondoDox Botnet Grows To 174 Exploits With Large-Scale Residential IP Abuse
Russell Cellular Suffers Massive 61GB Customer Data Breach
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
Stryker Confirms Massive Wiper Attack That Erased Thousands of Devices
Stryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devices
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears
Sweden’s BankID breached by hacker group as government prepares e-ID launch
Telekom Serbia Investigates Leak of 160,000 Customer Records
Telekom Srbija hit by customer data breach
That Google Calendar renewal warning might be a scam
UK's Companies House apologises for access and data breach
Ukraine: Mass mailing of phishing emails allegedly on behalf of the State Tax Service is recorded
Usha International Limited Data Breach and Extortion Attack
Vahid Online Doxxed and Breached by Handala Hack Team
Vantage Plastic Surgery Discloses Data Breach Affecting Patient Data
Verizon opens investigation into stolen customer data being sold online
Verizon Retail Customer Database Allegedly for Sale by Hackers: 6.3 Million Customers at Risk
Warlock Ransomware Group Augments Post-Exploitation Activities
Your staff will click: why cyber security must be engineered, not trained
16th March
875 Million Android Phones Face Risk Due to Hidden Chip Flaw
45,000 malicious IP addresses taken down, 94 suspects arrested
ACRStealer Upgrades With Syscall Evasion and TLS-Based C2 In New Campaign
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits
Android 17 Restricts Accessibility API to Prevent Malware from Requesting Excessive Permissions
Approval phishing fraudsters targeted as UK, Canada and US launch global operation
Are you being served? 4 ways the hospitality sector can defend against rising phishing attacks
Attackers exploit Oscars Best Picture hype for One Battle After Another to spread malware via Google
Bank of the Sierra urges vigilance as phishing attempts target customer data
BreachForums down, cyber defenders claim it was their doing
California Dental Care Provider Announces Data Breach
Canadian Retail Giant Loblaw Reports Data Breach Affecting Customer Information
China Demands Proof After Costa Rica Blames UNC2814 for ICE Cyberattack
CISA flags Wing FTP Server flaw as actively exploited in attacks
Class actions claim CarGurus data breach exposed 1.2 million consumers’ PII
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Community bank reaches $2.4 Million agreement in 2023 data breach class action
Companies House chief apologises over data breach
Companies House online filing back to normal after glitch allowed users to change directors' details
Companies House Restores WebFiling After Flaw Exposed Director Details
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
Cyber Attack: Inside the USD4 Million Equity Bank Heist in Rwanda
Cyber Attack on Medtech Firm Stryker Linked to Iranian Government Hacking Group
Cyberattack disrupts parking payments in Russian city
Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway
Da Vinci robot maker Intuitive Surgical hit by hackers, data compromised
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Europol and Microsoft dismantle major phishing platform that affected 500 Belgian victims
Evaluate Ltd Suffers Massive 1.33TB Ransomware Data Breach
Executive Aviation Targeted in Play Ransomware Attack
Experts Warn Ignoring Data Breach Notices Can Deepen Fraud Risks
Fake scandal clips on Facebook bait victims into investment scams
Fake Shipment Tracking Scams Surge in Middle East and Africa (MEA), Stealing Banking Data Through Real-Time Phishing
Fargo Data Breach Exposes Logistics Customer Records
FBI Calls for Help to Track Steam Malware Campaign
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
French ad tech giant Criteo loses €40 Million privacy fine appeal
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
GlassWorm Campaign Expands Through Malicious Open VSX Extensions
Global cybercrime clampdown disrupts over 45K illicit IP addresses
Google Chrome under attack as over 3 Billion users at risk from active Hacker Exploits
Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services
Google paid a record $17.1 Million to developers for finding software bugs
Hackers tried to breach Poland’s nuclear research centre
Handala Hack Leaks Sima Shine, Laura Gilinski, Updates Stryker
Hualun New Materials Suffers Massive Data Breach by SnowSoul
Hudson River Housing Data Breach Exposes SSNs and Bank Information
Huge online phishing platform that claimed 500 victims in Belgium has been dismantled
Hypertherm Data Breach Exposes Names and Social Security Numbers
IBM Detects Hive Ransomware Using AI-Generated Malware “Slopoly”
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
IBM Links Suspected AI-Generated ‘Slopoly’ Malware To Hive0163 Ransomware Operation
IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack
Indirect Prompt Injection Attacks Cause OpenClaw AI Agents to Leak Sensitive Data
Infosys Ltd. Data Breach Exposes Financial Account Information
Intuitive Surgical confirms phishing-related data breach
Konni APT Hijacks KakaoTalk Accounts to Spread Malware in Multi-Stage Spear-Phishing Campaign
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Loblaw responds to claims that it's downplaying recent data breach affecting Canadians
Luxembourg court overturns $858 million privacy fine against Amazon
Major data breach prompts about $6.5 Million penalty for Lotte Card
Major Iran-linked breach rocks medical tech firm
Man accused of posing as adult film star in phishing, trafficking scheme
Middle East and Africa (MEA) Shipment Phishing Scams Surge, Stealing Banking Data in Real Time
Mideast Data Breach: Saudi Arabian Company Suffers Data Leak
Namibia Airports Company (NAC) says no sensitive information stolen in recent data breach
Navia Benefit Solutions Data Breach Exposes Sensitive Health Data
New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
Newly Discovered Phishing Campaign by Russian Hackers Targets Messaging Accounts of Government Employees, Journalists
NoName057(16) Targets Shas Party and Israeli Councils in DDoS Wave
North Korea hackers used KakaoTalk in spear-phishing campaign, report says
North Korea–linked hackers spread KakaoTalk malware via spear phishing in Korea
North Korea-sponsored cyberattacks utilize KakaoTalk to distribute malware
Operations of America’s largest medical device maker Stryker remain 'disrupted' after five days of Iran-linked cyber attack
Payload Ransomware claims breach of Royal Bahrain Hospital, threatens data leak
Peak Neuro Investigating Alleged Admin Panel Access Sale
Phishing attack on Starbucks employee portal exposes nearly 900 workers
Pilana Group Targeted in Akira Ransomware Data Breach
Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center
Pyongyang-sponsored hacking group uses KakaoTalk in malware distribution campaign
Qilin Ransomware Attack Hits Ruhnau Clarke and Biogel
Ransomware attacks hitting Japan’s small, midsize firms
Ransomware Group Claims Breach of Bahrain Hospital, Threatens Data Leak
Ransomware is shifting targets, many organisations are not prepared
Rasi Seeds Suffers Data Breach by SnowSoul Ransomware
Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In Middle East and Africa (MEA)
Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter
Researchers Warn of Global Surge in Fake Shipment Tracking Scams
Retail Merchandising Services (RMS) Data Breach: Sensitive PII Exposed Including SSNs
Robotics firm Intuitive Surgical says cyberattack compromised business, customer data
Robotics surgical business Intuitive discloses phishing attack
Russia-linked espionage campaign targeting Ukraine using Starlink and charity lures
Scammers Are Now Sending Fake 'Your Data Was Breached' Emails
Scammers are now skipping inboxes and going straight for your calendar
Security Firm Executive Targeted in Sophisticated Phishing Attack
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
Starbucks data breach: employee records exposed
Stryker attack raises concerns about role of device management tool
Stryker attack wiped tens of thousands of devices, no malware needed
Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack
Sweden’s digital ID provider CGI Sweden confirms data breach
Targeted Phishing Attack Breaches Biotech Company Data
Texas Firm Handing Out up to $5,000 per Person After Data Breach Exposed Names, Social Security Numbers and More
The Gentlemen Ransomware Hits Chase Asia, Payap University, and More
The Ransomware Economy is Shifting Toward Direct Data Extortion
The ransomware economy is shifting toward straight-up data extortion
The UK's plans to tackle ransomware
Threat actors linked to Russia target Ukrainian entities with new backdoor
U.S., UK and Canada launch operation targeting crypto phishing schemes
U.S., UK, Canada start Operation Atlantic to disrupt crypto approval-phishing scams
UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters
UK’s Companies House confirms security flaw exposed business data
US Secret Service, UK and Canada launch Operation Atlantic targeting crypto approval phishing scams
Westminster Village Greenwood Data Breach Exposes Sensitive PII and PHI
What smart factories keep getting wrong about cybersecurity
Woman linked to An Post cyber attack committed string of offences
Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison