17 Jul, 2026

Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-business Suite software. The stolen data are invoices spanning several years that expose the full names and addresses of individuals who paid for treatment or other services […]

2 mins read

FBI warns of virtual kidnapping scams using altered social media photos

The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. This is part of a public service announcement published today about criminals contacting victims via text message, claiming to have kidnapped a family member and demanding ransom payments. However, as […]

2 mins read

EU fines X $140 million over deceptive blue checkmarks

The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). This is the first non-compliance ruling under the DSA, a set of rules adopted in 2022 that requires platforms to remove harmful content and protect users across the European Union. The fine was issued following a two-year […]

2 mins read

Cloudflare blames today’s outage on React2Shell mitigations

Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a “500 Internal Server Error” message. The internet infrastructure company has now blamed the incident on the rollout of emergency mitigations designed to address a critical remote code execution vulnerability in React Server Components, which is now actively exploited […]

2 mins read

Pharma firm Inotiv discloses data breach after ransomware attack

American pharmaceutical firm Inotiv is notifying thousands of people that they’re personal information was stolen in an August 2025 ransomware attack. Inotiv is an Indiana-based contract research organization specializing in drug development, discovery, and safety assessment, as well as live-animal research modeling. The company has about 2,000 employees and an annual revenue exceeding $500 million. When […]

2 mins read

Critical React2Shell flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an insecure deserialization vulnerability in the React Server Components (RSC) ‘Flight’ protocol. Exploiting it does not require authentication and allows remote execution of JavaScript code in the server’s context. For the Next.js framework, […]

3 mins read

Cloudflare down, websites offline with 500 Internal Server Error

Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare has confirmed that it’s investigating the reports. Cloudflare, a service that many websites use to stay fast and secure, is currently facing problems. Because of this, people visiting some websites are seeing a “500 Internal Server Error” message instead of the […]

1 min read

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security update, but has not assigned an identifier, complicating efforts to track the flaw and patch management. An advisory from Japan’s Computer Emergency and Response Team (CERT) warns […]

2 mins read

Predator spyware uses new infection vector for zero-click attacks

The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin,” which compromised specific targets by simply viewing a malicious advertisement. This powerful and previously unknown infection vector is meticulously hidden behind shell companies spread across multiple countries, now uncovered in a new joint investigation by Inside Story, Haaretz, and WAV Research Collective. […]

3 mins read

Russia blocks FaceTime and Snapchat for alleged use by terrorists

Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. Roskomnadzor said that the two platforms are also being used to recruit criminals and to commit fraud and various other crimes targeting Russian citizens. “According to law enforcement […]

2 mins read