New Apple feature automatically changes your compromised passwords
…For example, if you enter a password when you're creating an account, Apple will warn you if it detects the password is weak, and Safari will help you create a secure…
Search
Hackers abuse Google ads for GoDaddy ManageWP login phishing
…The victim is then served a fake prompt to enter the two-factor authentication (2FA) code, which the threat actor uses to gain access to the ManageWP account. Guardio Labs head researcher…
Ubiquiti patches three max severity UniFi OS vulnerabilities
…Max severity Ubiquiti UniFi flaw may allow account takeover Max severity Cisco Secure Workload flaw gives Site Admin privileges Hackers bypass SonicWall VPN MFA due to incomplete patching Drupal critical update to…
Charter confirms data breach after ShinyHunters extortion threat
…Since last year, the extortion group has been conducting widespread social engineering campaigns that target employees and BPO agents' Microsoft Entra, Okta, and Google SSO accounts. After gaining access to a corporate…
New TCLBanker malware self-spreads over WhatsApp and Outlook
…The malware searches Chromium browser profiles for authenticated WhatsApp Web IndexedDB data, and launches a hidden Chromium instance that hijacks the victim’s account. Then, it harvests contacts, filters for Brazilian numbers…
Carnival Cruise confirms data breach affecting nearly 6 million people
…14, 2026, the Company's IT security team identified unauthorized activity involving an employee's account. An unauthorized actor used social engineering to deceive an employee to gain access to a limited…
Zara data breach exposed personal information of 197,000 people
…The group has also been linked to a widespread vishing campaign targeting employees' and Business Process Outsourcing (BPO) agents' Microsoft Entra, Okta, and Google SSO accounts to steal data from connected SaaS…
Why the browser is now the front line for AI security
…The 2026 Verizon DBIR found that 45% of employees are now regular AI users on corporate devices, with 67% using non-corporate accounts. Push's own telemetry shows the average organization has…
Red Hat npm packages compromised to steal developer credentials
…Red Hat packages backdoored through GitHub compromise According to Aikido, the attackers allegedly compromised a Red Hat employee's GitHub account and used it to push malicious commits directly to multiple repositories…
New Shai-Hulud malware wave compromises 600 npm packages
…The threat actor also used GitHub as a fallback exfiltration mechanism and published stolen data in repositories under victims' accounts, when tokens used for publishing were found. According to application security company…