Security
Hackers build database of 30,000 working Fortinet logins, researchers warn
Hackers have built an illicit database containing more than 30,000 verified Fortinet logins from companies across 194 countries, new research finds – all part of a massive credential-harvesting operation targeting Fortinet firewalls and VPN gateways.
Read more about Hackers build database of 30,000 working Fortinet logins, researchers warn
Researcher found a way to hijack FIFA World Cup streams but didn't touch it
A security researcher stumbled into the digital control room of the FIFA World Cup, revealing just how vulnerable the systems of the world’s biggest football event are.
Read more about Researcher found a way to hijack FIFA World Cup streams but didn't touch it
24 billion records, including usernames and passwords, exposed in colossal data leak: What does that mean for you?
Cybernews researchers discovered an exposed database containing 24 billion records, including usernames, email addresses, plaintext passwords, and login URLs.
Read more about 24 billion records, including usernames and passwords, exposed in colossal data leak: What does that mean for you?
Novo Nordisk hackers turn to private sale after Ozempic maker refuses $25M ransom demand
FulcrumSec, the hackers behind Novo Nordisk's recent cyberattack, claim the GLP-1 drugmaker refused a $25 million ransom demand and say they are now “exploring private sales” of 1.3TB of allegedly stolen data.
Read more about Novo Nordisk hackers turn to private sale after Ozempic maker refuses $25M ransom demand
Hetzner shocks users with tripling of VPS prices
Major cloud hosting provider Hetzner has sharply raised prices across its virtual server portfolio for the second time this year. The cheapest VPS (virtual private server) plan in the US, with 2 shared virtual cores and 2GB of RAM, now costs $20.49 per month, up 193%.
Read more about Hetzner shocks users with tripling of VPS prices
More than 40 World Cup streaming sites caught pushing scam ad networks
World Cup fans who need to catch up with part or all of a match on the go, or who are trying to access coverage outside their home territory, are being warned about sites pushing free streams of live matches, as many are in the business of serving scams.
Read more about More than 40 World Cup streaming sites caught pushing scam ad networks
Hackers boast of data dump involving 5.4 million Swedes, but there’s a catch
More than 5 million Swedes have allegedly been included in a newly advertised list on hacker forums, putting them at risk. If the dump is legitimate, of course.
Read more about Hackers boast of data dump involving 5.4 million Swedes, but there’s a catch
Does the jailbreak that got Anthropic’s Fable 5 pulled exist in every AI model?
After the US government slapped export controls on Anthropic, the company had no choice but to close access to Fable 5 and Mythos to everyone. But experts who saw the fateful vulnerability report allegedly describing how to bypass Fable 5’s guardrails now say the administration has massively overreacted because the jailbreak actually describes every model ever shipped.
Read more about Does the jailbreak that got Anthropic’s Fable 5 pulled exist in every AI model?
“We hit the UK hard:” 9 million targeted in Boots gift scam hosted on hacked government website
Nearly 9 million people were targeted in a phishing campaign impersonating UK retail giant Boots, offering free gifts and customer rewards to steal personal and financial information from unsuspecting consumers.
Read more about “We hit the UK hard:” 9 million targeted in Boots gift scam hosted on hacked government website
If a blue dot shows up on your Android phone, Google is warning you that it knows your location
Android will add an additional privacy-related indicator. However, some users already find it annoying.
Read more about If a blue dot shows up on your Android phone, Google is warning you that it knows your location
Curl won’t accept security bug reports for a month: burned out by AI agents
The curl project is pausing all vulnerability reports for July 2026, citing the need for a vacation due to intense pressure from the AI-generated submissions. Only paid support contracts will retain access.
Read more about Curl won’t accept security bug reports for a month: burned out by AI agents
Kodak confirms data breach after ShinyHunters claims 2.2M records
The ShinyHunters gang on Monday claims it has stolen more than 2.2 million customer and corporate records from Eastman Kodak, targeting the American photography giant as part of its latest “pay or leak” ransomware campaign.
Read more about Kodak confirms data breach after ShinyHunters claims 2.2M records
Google says Chinese-linked hackers stole defence and AI data from US and Canadian labs for a year
A Chinese-linked hacking group spent more than a year secretly stealing data from US and Canadian academic, medical and military research institutions, before being detected, Google said on Monday.
Read more about Google says Chinese-linked hackers stole defence and AI data from US and Canadian labs for a year
Hackers demand $2M from Nintendo over a data breach
A threat actor is demanding $2 million from Nintendo after allegedly stealing a decade's worth of corporate data, while Nintendo confirms a third-party breach.
Read more about Hackers demand $2M from Nintendo over a data breach
Hackers claim massive Council of Europe breach: troves of personal data exposed
The gang is claiming a massive data breach that exposes nearly half a million HR and payroll records, as well as COE employee data such as names and home addresses.
Read more about Hackers claim massive Council of Europe breach: troves of personal data exposed
Over 73K accounts caught up in breach of France’s government messaging platform Tchap
According to DINUM, the digital affairs directorate of the French government, a total of 73,467 users of the French instant messaging service and collaboration tool Tchap have been affected by the recent breach.
Read more about Over 73K accounts caught up in breach of France’s government messaging platform Tchap
Poland to criminalise violent livestreaming with jail terms of up to 5 years
Polish lawmakers have backed new legislation aimed at tackling so-called “trash streaming”, introducing prison sentences of up to five years for broadcasting serious crimes such as murder or rape, as well as content involving animal cruelty or violence used to humiliate others.
Read more about Poland to criminalise violent livestreaming with jail terms of up to 5 years
Hackers claim theft of source code from AI giant Dynatrace
A hacker claims to have stolen internal Dynatrace GitHub repositories, potentially exposing source code and the company's cloud infrastructure.
Read more about Hackers claim theft of source code from AI giant Dynatrace
ShinyHunters claim JCPenney retail data theft involving SSNs and payroll files
ShinyHunters has targeted JCPenney, issuing the company an ultimatum: release highly sensitive identity data publicly or face further attacks.
Read more about ShinyHunters claim JCPenney retail data theft involving SSNs and payroll files
Chinese hackers use fake FIFA sites to steal card data in Facebook-targeted scam
A Chinese-linked cybercrime operation is using fake FIFA World Cup ticket websites to monitor victims as they shop, harvest payment card details, and intercept security codes used by banks to verify transactions. The scam is using Facebook and Instagram as its main channels.
Read more about Chinese hackers use fake FIFA sites to steal card data in Facebook-targeted scam
