Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered users to become affiliates, and distributing access keys via private messages Ā to those […]
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL injection issue that occurs during LiteLLM’s proxy API key verification step. An attacker can exploit it without authentication by sending a specially crafted Authorization header to any LLM […]
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its customers, but most of the exposed information included technical data, video […]
A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped extort millions of dollars […]
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was theĀ Trivy supply-chain attackĀ attributed to the hacker group known asĀ TeamPCP. which provided access to credentials from downstream users. Using stolen credentials obtained from the Trivy […]
Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. The Transport Layer Security (TLS) cryptographic protocol protects users’ information from eavesdropping, tampering, and message forgery when accessing email over the Internet via client/server applications. However, the original TLS 1.0 specification and its […]
Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. This known issue impacts all supported Windows versions, including Windows 11 (KB5083768 & KB5083769), Windows 10 (KB5082200), and Windows Server (KB5082063). As Microsoft explains in updates to the original advisories, “the security warning that appears […]
After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. MicrosoftĀ confirmed the incidentĀ yesterday morning, saying that customers were experiencing intermittent sign-in issues that prevented them from accessing their mailboxes via […]
Online trading platform Robinhood’s account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. Starting last night, Robinhood customers began receiving “Your recent login to Robinhood” emails stating that an “Unrecognized Device Linked to Your Account” was detected, containing unusual IP addresses […]
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 “sleeper” extensions that turn malicious after an update. Six of the extensions have been activated and deliver malware, while researchers assess with high confidence that the rest of them are dormant or at least suspicious. When initially uploaded, the extensions are […]
