Security
Dutch consumers launch mass lawsuit against Odido over data breach affecting 6.2 million customers
Consumers United in Court (CUIC) is launching a class-action lawsuit against telecom provider Odido regarding the massive data leak in February.
Read more about Dutch consumers launch mass lawsuit against Odido over data breach affecting 6.2 million customers
OpenAI’s coding agent fails incident response, obscures active threats, complicates investigation
With AI’s capabilities growing every day, it’s not a bad idea to turn to the technology in response to a cyberattack. But a human has to be kept in a loop – otherwise, all kinds of problems are almost guaranteed. One Linux user just learned this the hard way.
Read more about OpenAI’s coding agent fails incident response, obscures active threats, complicates investigation
Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions
Vercel, a cloud platform and maintainer of Next.js, a major web development framework, has been hacked, and hackers are selling access to credentials that could help pull off “the largest supply chain attack ever if done right.” An OAuth token, granting too many permissions, became a single point of failure.
Read more about Vercel hacked after fatal OAuth misstep: granting “Allow All” permissions
Hacker “Jeffrey Epstein” leaks 400K records from Netherlands' largest webshop
A hacker claims to have stolen personally identifiable information from over 400,000 Belgian customers of bol, the largest and most successful webshop in the Netherlands and Belgium. However, the company is unaware of any data breach.
Read more about Hacker “Jeffrey Epstein” leaks 400K records from Netherlands' largest webshop
Zara, Carnival, 7-Eleven hit by ShinyHunters, 9M+ records at risk in “pay or leak” warning
Zara, Carnival, and 7-Eleven are the latest brands named by ShinyHunters on Friday, with the ransomware gang threatening to dump troves of data unless the companies pay up by an April 21st deadline.
Read more about Zara, Carnival, 7-Eleven hit by ShinyHunters, 9M+ records at risk in “pay or leak” warning
NIST changes spark European cyber sovereignty push
The US National Institute of Standards and Technology (NIST) is changing how it handles reported flaws as volumes surge and AI bug-hunting tools such as Mythos threaten to drive them higher, prompting calls for greater European control over cyber risk intelligence.
Read more about NIST changes spark European cyber sovereignty push
Hackers dodging security tools by dropping secret QEMU virtual machines inside Windows
Hackers are dodging Windows security tools by running secret Linux virtual machines with QEMU, an open-source virtualizer. Security researchers warn that hidden VMs enable long-term access, leading to stolen credentials and data, and to ransomware deployment.
Read more about Hackers dodging security tools by dropping secret QEMU virtual machines inside Windows
Cybercrime goes plug and play with voice fraud-as-a-service platform
A newly discovered criminal toolkit is enabling fraudsters to run sophisticated, large-scale phone scams almost entirely on autopilot.
Read more about Cybercrime goes plug and play with voice fraud-as-a-service platform
Hackers who stole millions of crime tip records now selling them, claim they “need to eat”
Hackers who shared millions of stolen anonymous tips submitted by Crime Stoppers informants with select journalists and researchers are now selling the huge data cache. Apparently, they need the money for food.
Read more about Hackers who stole millions of crime tip records now selling them, claim they “need to eat”
Claude AI just learned how to hack Chrome: Will Mythos do it autonomously?
Amid backlash over Anthropic’s new AI model, Mythos, which has been deemed too dangerous for public use, a researcher demonstrated that even the older Claude Opus could crack Chrome on its own.
Read more about Claude AI just learned how to hack Chrome: Will Mythos do it autonomously?
EU age verification app can be hacked in 2 minutes, claims security expert
A newly unveiled European age verification app is already under fire after a security researcher claimed he bypassed its protections in under 2 minutes.
Read more about EU age verification app can be hacked in 2 minutes, claims security expert
Researchers hijack popular AI agents from Anthropic, Google, and Microsoft: vendors choose to stay silent
Security researchers have hijacked three popular AI agents that integrate with GitHub Actions using a new type of prompt-injection attack to steal API keys and access tokens. The problem is most probably pervasive, they warn, and lament that the major vendors running the agents didn’t even think to disclose the issue.
Read more about Researchers hijack popular AI agents from Anthropic, Google, and Microsoft: vendors choose to stay silent
Cyberattacks hit Germany harder and faster than other European states, Google says
Germany reclaimed its position as a primary focus for cyber extortion in Europe in 2025, Google Threat Intelligence says. The country’s infrastructure is being hit harder and faster than targets in neighboring countries.
Read more about Cyberattacks hit Germany harder and faster than other European states, Google says
Over 13M Kemper Corporation records leaked on the dark web, hackers claim
The attackers claim that negotiations with the company failed, leading them to leak over 13 million records, apparently including personal information.
Read more about Over 13M Kemper Corporation records leaked on the dark web, hackers claim
Disgruntled hacker drops second zero-day Windows Defender exploit just hours after Microsoft patches first one
A vindictive security researcher has publicly dropped a second Windows Defender privilege escalation exploit, less than two weeks after Microsoft scrambled to plug the first one. The vigilante is threatening to start releasing even more dangerous remote code execution exploits because Microsoft “mopped the floor with me.”
Read more about Disgruntled hacker drops second zero-day Windows Defender exploit just hours after Microsoft patches first one
55 years since its introduction, 6 million FTP servers are still exposed on the open internet
Nearly 6 million web servers – about 3% of the global total – still expose FTP services, relying on the 55-year-old legacy file transfer protocol. Due to inherent security weaknesses, security experts urge users to migrate to newer SSH File Transfer Protocol (SFTP).
Read more about 55 years since its introduction, 6 million FTP servers are still exposed on the open internet
Woman buys secondhand Samsung Galaxy S26 Ultra, ends up in trade-in scam
A Reddit user has revealed how a company’s trade-in deal could be used to scam people on secondhand retail markets.
Read more about Woman buys secondhand Samsung Galaxy S26 Ultra, ends up in trade-in scam
Luxury retail giants hit: Lacoste, Ralph Lauren, Canada Goose data allegedly exposed
It’s not the best year so far for retail giants. Lacoste, Ralph Lauren, Carter’s, and Canada Goose might have just been added to the hacker hit list, with breach claims circulating on underground forums.
Read more about Luxury retail giants hit: Lacoste, Ralph Lauren, Canada Goose data allegedly exposed
Hackers siphon data from 5M hotel guests, feeding it live onto Telegram
Cybernews research has uncovered a massive operation that was siphoning booking data from Spanish and Austrian hospitality platforms. Millions of hotel goers may have been exposed.
Read more about Hackers siphon data from 5M hotel guests, feeding it live onto Telegram
Adobe fixes zero-day vulnerability, urges users to install update immediately
Adobe has released a patch for a vulnerability in Acrobat DC, Reader DC, and Acrobat 2024 that hackers have been exploiting for months.
Read more about Adobe fixes zero-day vulnerability, urges users to install update immediately
