17 Jul, 2026

Dartmouth College confirms data breach after Clop extortion attack

Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school’s Oracle E-Business Suite servers on its dark web leak site. The private Ivy League research university, founded in 1769, has an endowment of $9 billion as of June 30, 2025, over 40 academic departments and programs, […]

2 mins read

Malicious Blender model files deliver StealC infostealing malware

A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. Blender is a powerful open-source 3D creation suite that can execute Python scripts for automation, custom user interface panels, add-ons, rendering processes, rigging tools, and pipeline integration. If the Auto Run feature is enabled, […]

2 mins read

ClickFix attack uses fake Windows Update screen to push malware

ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system. The attack […]

3 mins read

Real-estate finance services giant SitusAMC breach exposes client data

SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. As a real-estate (commercial and residential) financing firm, SitusAMC handles back-office operations in areas like mortgage origination, servicing, and compliance for banks and investors. The company generates around $1 […]

2 mins read

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious packages have been added to NPM (Node Package Manager) over the weekend to steal developer and continuous integration and continuous delivery (CI/CD) secrets. The data is […]

5 mins read

Harvard University discloses data breach affecting alumni, donors

Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. The exposed data includes email addresses, telephone numbers, home and business addresses, event attendance records, donation details, and “biographical information pertaining to University […]

2 mins read

Microsoft to remove WINS support after Windows Server 2025

Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. The legacy WINS computer name registration and resolution service has been deprecated with the release of Windows Server 2022 in August 2021, when Microsoft stopped active development and working on new features. Windows Server 2025 […]

2 mins read

Google enables Pixel-to-iPhone file sharing via Quick Share, AirDrop

Google has added interoperability support between Android Quick Share and Apple AirDrop, to let users share files between Pixel devices and iPhones. For now, only Pixel 10-series devices support the new data transmission and reception capability, but more Android models will follow. Quick Share (formerly Nearby Share) is Android’s built-in wireless file-sharing system for sending media, […]

3 mins read

Iberia discloses customer data leak after vendor security breach

Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. Customer data affected Iberia, Spain’s largest airline and part […]

3 mins read

WhatsApp API flaw let researchers scrape 3.5 billion accounts

Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. The team reported the issue to WhatsApp, and the company has since added rate-limiting protections to prevent similar abuse. While this study was conducted by researchers who have not released the […]

4 mins read