17 Jul, 2026

Hackers exploit newly patched Fortinet auth bypass flaws

Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. The two vulnerabilities are tracked as CVE-2025-59718 and CVE-2025-59719, and Fortinet warned in an advisory on December 9 about the potential for exploitation. CVE-2025-59718 is a FortiCloud SSO authentication bypass affecting FortiOS, FortiProxy, and FortiSwitchManager. It is […]

2 mins read

Cyberattack disrupts Venezuelan oil giant PDVSA’s operations

Petróleos de Venezuela (PDVSA), Venezuela’s state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. In a Monday statement, PDVSA denied that the Saturday morning incident affected its operations in any way, adding that the breach was limited to some administrative systems. “Thanks to PDVSA’s human talent expertise, the operational areas […]

2 mins read

European authorities dismantle call center fraud ring in Ukraine

European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. Authorities from the Czech Republic, Latvia, Lithuania, and Ukraine (supported by Eurojust) arrested 12 suspects out of 45 identified during the investigation. They also seized 21 vehicles, weapons, a polygraph […]

3 mins read

SoundCloud confirms breach after member data stolen, VPN access disrupted

Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users’ email addresses and profile information. The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting […]

2 mins read

Askul confirms theft of 740k customer records in ransomware attack

Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. Askul is a large business-to-business and business-to-consumer office supplies and logistics e-commerce company owned by Yahoo! Japan Corporation. The ransomware incident in October caused an IT system failure, forcing the company to […]

3 mins read

New SantaStealer malware steals data from browsers, crypto wallets

A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. According to security researchers at Rapid7, the operation is a rebranding of a project called BluelineStealer, and the developer is ramping up the operation ahead of a planned launch before the end […]

3 mins read

PornHub extorted after hackers steal Premium member activity data

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. Last week, PornHub disclosed that it was impacted by a recent breach at analytics vendor Mixpanel. Mixpanel suffered a breach on November 8th, 2025, after […]

4 mins read

Ongoing SoundCloud issue blocks VPN users with 403 server error

Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 ‘forbidden’ error. SoundCloud is a large audio distribution platform focused on user-uploaded content, built around independent creators rather than licensed music from major labels. It has at least 140 million registered users and 40 […]

1 min read

Google links more Chinese hacking groups to React2Shell attacks

​Over the weekend, ​Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. Tracked as CVE-2025-55182, this actively exploited flaw affects the React open-source JavaScript library and allows unauthenticated attackers to execute arbitrary code in React and Next.js applications with a single HTTP request. While multiple […]

2 mins read

French Interior Ministry confirms cyberattack on email servers

The French Interior Minister confirmed on Friday that the country’s Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. While the attack (detected overnight between Thursday, December 11, and Friday, December 12) allowed the threat actors to gain access to some document files, officials have yet to confirm whether data was […]

2 mins read