15 Jul, 2026

Reprompt attack let hackers hijack Microsoft Copilot sessions

Researchers identified an attack method dubbed “Reprompt” that could allow attackers to infiltrate a user’s Microsoft Copilot session and issue commands to exfiltrate sensitive data. By hiding a malicious prompt inside a legitimate URL and bypassing Copilot’s protections, a hacker could maintain access to a victim’s LLM session after the user clicks on a single […]

3 mins read

Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. Pax8 is a fast-growing cloud commerce marketplace with more than 1,700 employees, over 47,000 partners worldwide, and operations in 18 countries. The company […]

4 mins read

Victorian Department of Education says hackers stole students’ data

The Department of Education in Victoria, Australia, notified parents that attackers accessed a database containing the personal information and email addresses of current and former students, prompting password resets. The department disclosed the breach in letters sent to parents, stating that an unauthorized third party accessed students’ names, school names, year levels, and school-issued email […]

2 mins read

Monroe University says 2024 data breach affects 320,000 people

Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. Founded in 1933 as a Bronx secretarial school, Monroe University is now a private institution with over 9,000 students each year across campuses in New York (Bronx and New […]

2 mins read

Ukraine’s army targeted in new charity-themed malware campaign

Officials of Ukraine’s Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. Ukraine’s CERT says in a report that the attacks were likely launched by the Russian threat group known as ‘Void Blizzard’ and ‘Laundry Bear’, although there is medium confidence in attribution. Laundry Bear is […]

2 mins read

New VoidLink malware framework targets Linux cloud servers

A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. VoidLink is written in Zig, Go, and C, and its code shows signs of a project under active development, with extensive documentation, and likely intended for commercial purposes. Malware analysts […]

4 mins read

Central Maine Healthcare breach exposed data of over 145,000 people

A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. The hackers persisted on the organization’s systems for more than two months last year, between March 19 and June 1, when CMH discovered the intrusion. The CMH integrated healthcare delivery system serves at least 400,000 people and manages hospitals like Central Maine Medical Center […]

1 min read

Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws

Today is Microsoft’s January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses eight “Critical” vulnerabilities, 6 of which are remote code execution flaws and 2 are elevation-of-privilege flaws. The number of bugs in each vulnerability category is listed below: When […]

14 mins read

Belgian hospital AZ Monica shuts down servers after cyberattack

Belgian hospital AZ Monica was forced to shut down all servers, cancel scheduled procedures, and transfer critical patients earlier today due to a cyberattack. The hospital, which operates campuses in Antwerp and Deurne, disconnected all servers at 6:32 AM after its systems were hit. The cyberattack also forced the hospital to suspend all scheduled procedures […]

2 mins read

New Windows updates replace expiring Secure Boot certificates

Microsoft has started automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems. Secure Boot is a security feature that blocks malicious software (like rootkit malware) from executing during the system startup sequence by ensuring that only trusted bootloaders can load on computers with UEFI firmware. This is done by checking the software’s digital signature […]

2 mins read