Hackers arrested for hijacking and selling 610,000 Roblox accounts
The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. The arrests were made by the police in Lviv after conducting ten searches on targeted locations, seizing $35,000 in cash, 37 mobile phones, 11 desktop computers, seven laptops, five tablets, and four […]
cPanel, WHM emergency update fixes critical auth bypass bug
A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. The security issue, currently identified as CVE-2026-41940 and with a severity score of 9.8, has been addressed in an emergency update that requires running a command manually to retrieve […]
European police dismantles €50 million crypto investment fraud ring
Austrian and Albanian authorities dismantled a criminal ring accused of running a large-scale cryptocurrency investment fraud operation that caused estimated losses of over €50 million ($58.5 million) to victims worldwide. The joint action, which started in June 2023 and was supported by Europol and Eurojust, led to the arrest of 10 suspects and searches of […]
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. The flaw was reported on March 4, 2026, by researchers at cybersecurity firm Wiz through GitHub’s bug bounty program. GitHub Chief Information Security Officer Alexis Wales said the company’s security team reproduced and confirmed the vulnerability […]
CISA orders feds to patch Windows flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. Tracked as CVE-2026-32202, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code execution flaw […]
Microsoft says backend change broke Teams Free chat and calls
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. Teams Free (also known as Teams for personal use) is a subscription-free version designed for individuals, families, and small community groups, which provides video conferencing, instant messaging, and collaborative file-sharing tools on mobile and desktop […]
Broken VECT 2.0 ransomware acts as a data wiper for large files
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered users to become affiliates, and distributing access keys via private messages to those […]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL injection issue that occurs during LiteLLM’s proxy API key verification step. An attacker can exploit it without authentication by sending a specially crafted Authorization header to any LLM […]
Video service Vimeo confirms Anodot breach exposed user data
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its customers, but most of the exposed information included technical data, video […]
US reportedly charges Scattered Spider hacker arrested in Finland
A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped extort millions of dollars […]