Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. ICS files, also known as iCalendar files, are used to store calendar and scheduling information (meetings, events, and tasks) in plain text, and to exchange it between various calendar applications. […]
ParkMobile pays… $1 each for 2021 data breach that hit 22 million
ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But there’s a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. In-app $0.25 credit can be used 4 times! […]
Massive surge in scans targeting Palo Alto Networks login portals
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn. Cybersecurity intelligence company GreyNoise reports a 500% increase in IP addresses focused on Palo Alto Networks GlobalProtect and PAN-OS profiles. The activity culminated on October 3 with more than 1,285 unique IPs engaged in the […]
Discord discloses data breach after hackers steal support tickets
Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider. The attack occurred on September 20 and affected “a limited number of users” who interacted with Discord’s customer support and/or Trust and Safety teams. Discord was created as a communication […]
Signal adds new cryptographic defense against quantum attacks
Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. SPQR will serve as an advanced mechanism that continuously updates the encryption keys used in conversations and discarding the old ones. Signal is a cross-platform, end-to-end encrypted messaging and calling app managed by the non-profit Signal […]
Renault and Dacia UK warn of data breach impacting customers
Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. With a revenue of more than $55 billion, the French car maker has 170,000 employees and an annual production output of 2.2 million vehicles. Dacia […]
Japanese beer giant Asahi confirms ransomware attack
Japanese beer-making giant Asahi has disclosed today that a ransomware attack caused the IT disruptions that forced it to shut down factories this week. The Tokyo-based beverage holding company is the largest beer brewer in Japan, employing 30,000 people and producing 100 million hectoliters of beverages. The company also owns the Peroni, Pilsner Urquell, Grolsch, […]
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. The threat actors responsible for these attacks claim to be part of the ShinyHunters, Scattered Spider, and Lapsus$ groups, collectively referring to themselves as “Scattered Lapsus$ […]
CommetJacking attack tricks Comet browser into stealing emails
A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL to […]
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. While the company has yet to attribute the attack to this ransomware operation, Rob Duhart, the Chief Security Officer of Oracle, confirmed that customers had received extortion emails from the gang. Duhart also […]