Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Jaguar Land Rover wholesale volumes down 43% after cyberattack
Jaguar Land Rover (JLR) revealed this week that a September 2025 cyberattack led to a 43% decline in third-quarter wholesale volumes. This significant decline in sales is due to production issues following the attack and subsequent delays in distributing vehicles globally after manufacturing resumed. Production returned to normal levels only by mid-November after a phased approach, […]
Sedgwick confirms breach at government contractor subsidiary
Claims administration and risk management company Sedgwick has confirmed that its federal contractor subsidiary, Sedgwick Government Solutions, was the victim of a security breach. Sedgwick also employs over 33,000 people and serves 10,000 clients across 80 countries, including 59% of the Fortune 500, and its subsidiary serves over 20+ government agency clients. The list of […]
Are Copilot prompt injection flaws vulnerabilities or AI limits?
Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. AI vulnerabilities or known limitations? “Last month, I discovered 4 vulnerabilities in Microsoft […]
Cloud file-sharing sites targeted for corporate data theft attacks
A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices. The three […]
ClickFix attack uses fake Windows BSOD screens to push malware
A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to […]
US broadband provider Brightspeed investigates breach claims
Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. Founded in 2022, the U.S. telecommunications and Internet service provider (ISP) serves rural and suburban communities across 20 states. “We take the security of our networks and protection […]
VSCode IDE forks expose users to “recommended extension” attacks
Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. These AI-assisted IDEs are forked from Microsoft VSCode, but cannot use the extensions in the official store due to licensing restrictions. […]
Ledger customers impacted by third-party Global-e data breach
Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. In a statement for GeekFeed, the blockchain company underlines that its network has not been impacted and that the platform’s hardware and software systems remain secure. “Some of the data accessed as part of this incident pertained […]
NordVPN denies breach claims, says attackers have “dummy data”
NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained “dummy data” from a trial account on a third-party automated testing platform. The company’s statement comes after a threat actor (using the 1011 handle) claimed on a hacking forum over the weekend that they stole more than 10 databases containing […]
Hackers claim to hack Resecurity, firm says it was a honeypot
Threat actors associated with the “Scattered Lapsus$ Hunters” (SLH) claim to have breached the systems of cybersecurity firm Resecurity and stolen internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. Today, threat actors published screenshots on Telegram of the alleged breach, claiming they stole […]