AssuranceAmerica data breach exposes records of 6.9 million drivers
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. AssuranceAmerica operates through a network of over 9,500 independent agents and provides auto, renters, and commercial auto insurance coverage across 14 U.S. states. While the company has yet to publish a press […]
Microsoft patches RoguePlanet Defender zero-day vulnerability
Microsoft has released a security patch to address a Defender zero-day vulnerability known as “RoguePlanet,” disclosed after the June 2026 Patch Tuesday. The flaw (tracked as CVE-2026-50656) was disclosed by a security researcher using the “Nightmare Eclipse” handle as part of an ongoing dispute with Microsoft over the company’s bug bounty and vulnerability disclosure practices. They […]
Mount Royal University confirms breach as hackers claim attack
Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university’s network. In an update published on its website, MRU states that it has engaged technical teams and external cybersecurity experts to investigate the incident and to support recovery efforts following a cyberattack on June […]
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. The threat actor published at least 17 malicious packages simultaneously, each tasked to exfiltrate credentials and access tokens to a command-and-control server hosted on Amazon Web Services (AWS). […]
Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. The campaign has been observed since May and focuses on physics and engineering departments, administrators and professors, as well as organizations involved in astrophysics, particle physics, or national security-related research. Researchers at cybersecurity company […]
Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. The attacker is taking advantage of a new capability Microsoft opened to administrators in May, allowing them to run âpasskey registration campaignsâ to entice users to enrol passkeys for […]
DuckDuckGo browser now blocks YouTube video ads
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback. The feature is enabled by default in the latest versions of DuckDuckGo for iOS, Mac, and Windows, while Android users can enable it manually by going to Settings > Ad Blocking. YouTube […]
Telco giant KDDI says data breach affects over 12 million people
Japanese telecommunications giant KDDI revealed that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. KDDI is the second-largest mobile telecommunications provider in Japan, with 45,000 employees and annual revenue of $32.4 billion. The company disclosed last month that it blocked […]
CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. Langflow is an attractive target for hackers since it’s a popular tool in the AI development ecosystem, offering a drag-and-drop interface to connect nodes into executable pipelines […]
Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw tracked as CVE-2026-50746 that can be exploited in command injection attacks. The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart […]