Security
ClickUp vulnerability exposed 893 customer email addresses and one token
A security researcher claims to have obtained the email addresses of 959 of the project management platform ClickUp’s customers, including employees from Fortune 500 companies and government agencies. All it reportedly took was sending a single HTTP GET request to exploit a hardcoded API key. ClickUp acknowledged the incident.
Read more about ClickUp vulnerability exposed 893 customer email addresses and one token
150k+ football passports leaked weeks before FIFA World Cup
The passports and personal details of more than 150,000 AFC and Al Nassr FC players and coaches were leaked online by a hacker claiming links to ShinyHunters – raising major security concerns only weeks before the start of the 2026 FIFA World Cup Games.
Read more about 150k+ football passports leaked weeks before FIFA World Cup
Game pirates claim Denuvo DRM protection is completely cooked
Game crackers have claimed total victory against Denuvo, a major DRM protection solution. They proved it by releasing cracked games on day one of publishing.
Read more about Game pirates claim Denuvo DRM protection is completely cooked
Have you asked Ryanair for compensation? Your bank details could now be for sale
A threat actor claims to have breached Ryanair, and flight compensation data is now circulating on underground cybercrime forums.
Read more about Have you asked Ryanair for compensation? Your bank details could now be for sale
Vimeo faces extortion demands from ShinyHunters: “pay or leak”
Vimeo, a video hosting and sharing platform, is the latest victim claimed by ShinyHunters. The extortion gang claims to have compromised the company’s Snowflake and BigQuery instances and is demanding a ransom.
Read more about Vimeo faces extortion demands from ShinyHunters: “pay or leak”
$2.4 billion utilities company Itron reports internal network security breach
American utilities firm Itron has disclosed that an unauthorized third party gained access to certain of its systems.
Read more about $2.4 billion utilities company Itron reports internal network security breach
Germany flags US cyber dominance as a threat: new checklist defines “sovereign” EU cloud providers
Germany says that big tech’s permanent access to customers’ systems and data is “cyber dominance,” a form of cyberaggression. The country’s cybersecurity agency released new “sovereignty criteria” for selecting cloud services. The checklist is voluntary, but carries real consequences if purchasers start requiring compliance.
Read more about Germany flags US cyber dominance as a threat: new checklist defines “sovereign” EU cloud providers
Two researchers stumble on pre-Stuxnet malware that may have targeted Iran's nuclear program
Two curious Malware analysts SentinelLABs suggests a sophisticated cyber sabotage tool was in use years earlier than previously believed, potentially rewriting the timeline of modern cyber warfare.
Read more about Two researchers stumble on pre-Stuxnet malware that may have targeted Iran's nuclear program
The Netherlands launches self-hosted GitHub alternative
On Friday, April 24th, the Dutch government soft-launched code.overheid.nl, a digital platform for developers to publish open source software.
Read more about The Netherlands launches self-hosted GitHub alternative
ShinyHunters threaten to leak 1.4 million Udemy records containing private data
Extortion group ShinyHunters has claimed a breach at Udemy, an e-learning platform. The hackers are threatening to release over 1.4 million records containing personally identifiable information and other corporate data. The claims haven’t yet been officially confirmed.
Read more about ShinyHunters threaten to leak 1.4 million Udemy records containing private data
Bitwarden CLI compromised in supply chain attack: hundreds of developers have installed malware
An ongoing software supply chain hacking spree has now affected Bitwarden, one of the most popular password managers, after hackers injected malware into its CLI tool. The company says vault data remains intact and that no regular users are affected, but some developers should be worried.
Read more about Bitwarden CLI compromised in supply chain attack: hundreds of developers have installed malware
AI scams in 2026: how threats are evolving, according to Webroot
Cybercrime is shifting in a noticeable way. Instead of relying primarily on technical exploits, attackers are increasingly focusing on manipulating...
Read more about AI scams in 2026: how threats are evolving, according to Webroot
White House accuses China of stealing US AI secrets at industrial scale
The White House says China-linked actors are siphoning US AI models at scale — using proxy accounts and jailbreaks to extract proprietary tech ahead of a high-stakes summit.
Read more about White House accuses China of stealing US AI secrets at industrial scale
EU age verification app “fixed,” but experts say it’s still a security disaster
The EU’s “privacy-first” age verification app has just been patched, but critics say the fixes may be polishing a “fundamentally ill-conceived” foundation.
Read more about EU age verification app “fixed,” but experts say it’s still a security disaster
France replaces Microsoft Azure with local alternative for national Health Data Hub
France has chosen domestic cloud provider Scaleway, a subsidiary of Iliad, to host the country's Health Data Hub, replacing Microsoft Azure in a long-contested arrangement, Scaleway said on Thursday.
Read more about France replaces Microsoft Azure with local alternative for national Health Data Hub
9 countries warn China-linked hackers using home routers and smart devices to hide attacks
International cyber agencies on Thursday urged organisations to better defend against covert networks used by China-linked hackers to conceal malicious cyber activity, according to Britain's National Cyber Security Centre.
Read more about 9 countries warn China-linked hackers using home routers and smart devices to hide attacks
Major privacy flaw in Tor, Firefox, exposes users across sessions, even in “Private Window”
The internet's most trusted privacy tools have just had their foundations shaken. A flaw in Firefox and Tor Browser allows websites to silently track users across private sessions. The flaw disclosure comes from Fingerprint, a company that helps businesses to identify users online.
Read more about Major privacy flaw in Tor, Firefox, exposes users across sessions, even in “Private Window”
After someone accessed Mythos, cyber pros doubt Anthropic can walk the walk
Anthropic is marketing its new bug-hunting AI model, Mythos, as too powerful for public release. But after a few Discord users simply used a contractor’s credentials and some basic internet sleuthing to get in, cybersecurity professionals are ringing the alarm bells.
Read more about After someone accessed Mythos, cyber pros doubt Anthropic can walk the walk
Dutch horse forum secure for 25 years, then hackers broke in and passwords started spreading in other attacks
Bokt.nl, a popular forum for horse enthusiasts in the Netherlands, has announced that it has become the victim of a security incident. The forum's owners claim it was an “automated broad-scale attack” that resulted in the leaking of email addresses and hashed passwords.
Read more about Dutch horse forum secure for 25 years, then hackers broke in and passwords started spreading in other attacks
Checkmarx hit again, popular tools spreading credential-stealing malware
Checkmarx, a security company offering tools for developers, has been compromised for a second time in a month. The hackers injected credential-stealing malware into popular free software, including KICS images on Docker Hub and VS Code extensions.
Read more about Checkmarx hit again, popular tools spreading credential-stealing malware
