Security
Apple supplier locks down systems after alleged Apple files appear on dark web
An Apple supplier at the heart of the company's push to move iPhone production out of China has locked down its internal systems after a ransomware group leaked thousands of confidential files allegedly linked to Apple, Tesla, TSMC and Qualcomm. The breach has triggered a forensic investigation and prompted Apple's security team to step in, according to sources.
Read more about Apple supplier locks down systems after alleged Apple files appear on dark web
France statistics agency Insee confirms cyberattack on staff data
France's national statistics department Insee said a cyberattack had led to a breach of personal data from its directory, affecting about 12,800 current and former staff and members of Insee-related civil service corps.
Read more about France statistics agency Insee confirms cyberattack on staff data
Polymarket hit by $3M cyberattack via third-party dependency, promises full refunds
Polymarket has been targeted by hackers exploiting a third-party dependency. Some users report being hacked, and blockchain analysts flagged $3 million outflows from the company. Polymarket has reassured all impacted users that they will be refunded in full.
Read more about Polymarket hit by $3M cyberattack via third-party dependency, promises full refunds
Someone hacked Johnson & Johnson's internal systems to teach it a lesson
A simple vulnerability can give access to highly confidential corporate data.
Read more about Someone hacked Johnson & Johnson's internal systems to teach it a lesson
Alibaba is suing US government for branding it a “Chinese military company”
Alibaba has filed a lawsuit against the US Department of Defense, seeking to overturn its designation as a "Chinese military company" after the Pentagon blacklisted the tech giant over alleged military ties that Alibaba says simply do not exist.
Read more about Alibaba is suing US government for branding it a “Chinese military company”
NAIC confirms breach as ShinyHunters dumps 3.1TB tied to national insurance systems
The National Association of Insurance Commissioners (NAIC) on Thursday confirmed data was stolen during a recent Oracle zero-day attack earlier this month – all as the notorious ShinyHunters dumps a 3.1TB cache it says is tied to the regulatory body's systems used across the US insurance industry.
Read more about NAIC confirms breach as ShinyHunters dumps 3.1TB tied to national insurance systems
What happens when hackers steal AI? US lawmakers push new reporting rules
A Texas lawmaker on Thursday has proposed new AI incident reporting rules that would require AI companies such as Anthropic and OpenAI to report critical security incidents – as well as dangerous model behaviour – to Washington within seven days.
Read more about What happens when hackers steal AI? US lawmakers push new reporting rules
Ubiquiti UniFi OS devices targeted: CISA orders the patching of critical bugs
Having network access is all it takes for an attacker to access files, run arbitrary commands, and completely compromise a wide range of unpatched UniFi OS systems, including routers, firewalls, gateways, network video recorders, corporate software, and others. CISA warns that attackers are already exploiting critical bugs.
Read more about Ubiquiti UniFi OS devices targeted: CISA orders the patching of critical bugs
UK Scouts launch AI badges while US Girl Scouts use Google-backed programmes
While national governments and tech giants search for ways to regulate teen activity online, some groups are taking matters into their own hands. For example, Scouts are now introducing new badges on artificial intelligence, digital communication, and online safety.
Read more about UK Scouts launch AI badges while US Girl Scouts use Google-backed programmes
Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
A Microsoft investigation into a ransomware case found that 2 different attackers operated simultaneously, demonstrating that modern attacks are not always isolated events and require different responses. The activity was linked to on-premises SharePoint servers that were targeted through known vulnerabilities.
Read more about Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
Snyk slashes jobs and races to reinvent itself to keep up with AI
Cybersecurity unicorn Snyk has announced a 4th round of layoffs, shedding 90 employees in Israel and worldwide. The company is reorganizing to “move faster” with AI, at a time when Claude Code might be nibbling at its lunch.
Read more about Snyk slashes jobs and races to reinvent itself to keep up with AI
27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
Authorities have knocked out 3 of the cybercrime world's favorite malware tools used to launch ransomware attacks, seizing 27 million stolen passwords in the process.
Read more about 27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
OpenAI expands Daybreak – but experts warn it may find bugs faster than defenders can fix them
OpenAI on Tuesday announced the expansion of its AI-powered cybersecurity initiative, Daybreak – but experts are now warning Cybernews that fixing software flaws before hackers can exploit them may become the industry's biggest challenge.
Read more about OpenAI expands Daybreak – but experts warn it may find bugs faster than defenders can fix them
Hacker employs Claude to breach booking firms, leaves millions of records publicly accessible
A Russian hacker utilized HexStrike AI, combined with Anthropic's Claude, to steal data from numerous companies in the accommodation sector, our research team has found.
Read more about Hacker employs Claude to breach booking firms, leaves millions of records publicly accessible
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
Open a sketchy video file in VLC, stream it using Jellyfin or Kodi, or don’t even open it at all – simply storing it can get you compromised when the Linux file manager generates a thumbnail. A critical bug in FFmpeg, a massively popular open-source video processing engine, allows attackers to crash systems with ease and, in the worst cases, run malicious code.
Read more about Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
After sharing his story on TikTok, the man didn’t receive much sympathy from other users. But why not?
Read more about Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Belgian State Security hit by data breach, employee data potentially exposed
Between May 2025 and Spring 2026, the Belgian State Security was the victim of a cyberattack in which employee data may have been stolen.
Read more about Belgian State Security hit by data breach, employee data potentially exposed
North Korean hackers infiltrated software used to build AI apps, Microsoft says
The recent supply chain attack on Mastra npm packages has been attributed to a financially motivated North Korean hacking group called Sapphire Sleet.
Read more about North Korean hackers infiltrated software used to build AI apps, Microsoft says
Hackers dump 200,000 alleged secret Apple, Tesla files after Tata Electronics breach
Tata Electronics has confirmed a “cybersecurity incident” after the World Leaks ransomware group published more than 200,000 files allegedly tied to Apple and Tesla, including manufacturing records, technical drawings, and employee passport scans.
Read more about Hackers dump 200,000 alleged secret Apple, Tesla files after Tata Electronics breach
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
If you received an email with a link to register for an extra day off, would you click it? For a brief moment, exhausted healthcare workers thought their employer was finally rewarding them, only for the promised holiday to turn out to be a phishing test to see if they fell for it.
Read more about Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
