Tag: security

A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. An investigation from Threatdown, Malwarebytes’ enterprise cybersecurity arm, found that the Prinz Eugen hackers have a hands-on-keyboard style and prefer to use legitimate remote monitoring and management (RMM) software and living-off-the-land tools. According to […]

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution comes after Microsoft first disclosed earlier this week that attackers hijacked an npm maintainer account and used it to publish malicious package updates. “Microsoft […]

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal […]

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. The flaw is tracked as CVE-2026-4020 and received a medium severity rating. It affects all versions of the plugin from 2.1.4 and older and has been addressed in version 2.1.5, released on March 17. WordPress security […]

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. The Texas Cyber Command discovered the intrusion and launched an investigation to determine the extent and impact of the unauthorized access. The state authority found that Social Security Numbers […]

For years, security teams built their programs around a simple premise of if you control the identities, you can control the risk. Employees authenticate through identity providers. Service accounts connect systems. API keys let workloads talk to cloud services and databases. The actors have been very predictable. And as a result, the identity security and […]

Many organizations view multi-factor authentication as one of their strongest defenses against account compromise. However, attackers increasingly use phishing techniques that don’t require stealing passwords or bypassing MFA at all. On July 8, 2026, BleepingComputer will host a live webinar titled “Stop chasing alerts: Automating email security with behavioral AI” presented by Dan Nickolaisen, Solutions […]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. Tracked as CVE-2026-20253, this security flaw affects Splunk Enterprise (versions 10.2.0 to 10.2.3 and 10.0.0 to 10.0.6) and allows remote attackers without privileges to create or truncate arbitrary […]

A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. 21-year-old Anthony Belford was arraigned June 10 after a federal grand jury returned an indictment charging him with one count of cyberstalking. Belford and the victim had […]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.” This warning comes after threat actors used compromised credentials to target internet-accessible Fortinet devices across government and private-sector organizations worldwide. “CISA is aware of global reports that malicious […]