13 Jul, 2026

Police sinkholes 45,000 IP addresses in cybercrime crackdown

An international law enforcement action codenamed “Operation Synergia III” has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide. During this Interpol-led operation, which took place between July 2025 and January 2026, authorities from 72 countries have seized 212 electronic devices and servers and made 94 arrests, with another […]

2 mins read

Fake enterprise VPN downloads used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. The attackers manipulate search results (SEO poisoning) for common queries like “Pulse VPN download” or “Pulse Secure client” to redirect victims to spoofed VPN vendor sites that closely mimic VPN solutions from legitimate […]

2 mins read

Starbucks discloses data breach affecting hundreds of employees

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. As the world’s largest coffeehouse chain, Starbucks has over 380,000 employees (also known as partners) and operates nearly 41,000 locations across 88 countries. In data breach notification letters filed with Maine’s Attorney General and sent to […]

2 mins read

Google fixes two new Chrome zero-days exploited in attacks

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. “Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild,” Google said in a security advisory published on Thursday. The first zero-day (CVE-2026-3909) stems from an out-of-bounds write weakness in Skia, an open-source 2D graphics library responsible for rendering […]

2 mins read

Canadian retail giant Loblaw notifies customers of data breach

Loblaw Companies Limited (Loblaw), the largest food and pharmacy retailer in Canada, announced that hackers breached a portion of its IT network and accessed basic customer information. The retailer has a nationwide network of 2,500 stores (franchise supermarkets, pharmacies, banking kiosks, and apparel shops) and plans to expand with 70 new ones this year as part of […]

1 min read

England Hockey investigating ransomware data breach

England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. The threat actor allegedly stole 129GB of data from the organization’s systems and announced that it will soon publish the files, unless a ransom […]

2 mins read

AI-generated Slopoly malware used in Interlock ransomware attack

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. The breach started with a ClickFix ruse, and in later stages of the attack, the hackers deployed the Slopoly backdoor as […]

3 mins read

Veeam warns of critical flaws exposing backup servers to RCE attacks

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. VBR is enterprise data backup and recovery software that helps IT administrators to create copies of critical data for quick restoration following cyberattacks and hardware failures. Three RCE security flaws patched today (tracked as CVE-2026-21666, CVE-2026-21667, […]

2 mins read

US disrupts SocksEscort proxy network powered by Linux malware

Law enforcement agencies in the U.S. and Europe, along with private partners, have disrupted the SocksEscort cybercrime proxy network that relied solely on edge devices compromised via the AVRecon malware for Linux. According to Lumen’s Black Lotus Labs (BLL), which helped the U.S. Department of Justice take down Socksescort, the proxy network had a constant average of 20,000 […]

4 mins read

Google paid $17.1 million for vulnerability reports in 2025

Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. The company says it has awarded over $81.6 million in bug bounties since the first Vulnerability Reward Program went live in 2010, while the highest reward paid last year was of $250,000. “Our VRP once […]

2 mins read