Google Gemini Flaw Exposes Calendar Data; Black Basta Ransomware Leader on EU's Most Wanted

Weaponized Invites: Google Gemini Flaw Allows Calendar Data Theft via Prompt Injection

Security researchers from Miggo Security have uncovered a significant vulnerability in Google Gemini's integration with Google Calendar. The flaw allowed attackers to use an indirect prompt injection technique to exfiltrate summaries of private meetings. By se...

Evelyn Stealer: New Malware Hits Developers Through Malicious VS Code Extensions

A new information-stealing malware, named Evelyn Stealer, is being distributed through malicious extensions on the Microsoft Visual Studio Code (VS Code) Marketplace. Researchers at Trend Micro and Koi Security report the campaign specifically targets software...

Patch Now: Critical Flaw Exposes Thousands of TP-Link VIGI Cameras to Remote Hacking

TP-Link has issued urgent firmware updates for a critical vulnerability in its VIGI line of security cameras. The flaw could allow an unauthenticated remote attacker to gain unauthorized access to the devices, potentially viewing, modifying, or deleting survei...

16.6 Million Records Exposed: Raaga and Pass'Sport Breaches Added to Have I Been Pwned

The Have I Been Pwned (HIBP) data breach notification service has been updated with over 16.6 million user records from two separate incidents. The first breach involves 10.2 million users of the Indian music streaming service Raaga, which occurred in December...

ScarCruft APT: North Korean Hackers Evolve Tactics in 'Artemis' Campaign

The North Korean advanced persistent threat (APT) group ScarCruft, also known as APT37 or Reaper, has launched a new campaign dubbed 'Artemis'. Active since late 2025, the campaign targets entities likely in South Korea using malicious Hanword Word Processor (...

Manhunt: Black Basta Ransomware Leader Added to EU's Most Wanted List After Raids

An international law enforcement operation has targeted the prolific Black Basta ransomware group, which is linked to over 600 attacks and millions in ransom payments. Police in Ukraine conducted raids against two suspected members of the syndicate. Concurrent...

Public Exploits Released for Critical SQLi and RCE Flaws in Business Software

Multiple critical and high-severity vulnerabilities have been disclosed in various business software products, with proof-of-concept (PoC) exploits made public, elevating the risk of immediate attack. A critical SQL injection flaw (CVE-2026-1179) affects Yonyo...

Access Broker Pleads Guilty After Selling Access to 50 Companies to Undercover FBI Agent

A Jordanian national has pleaded guilty in a U.S. court for his role as an Initial Access Broker (IAB) in the cybercrime ecosystem. The man admitted to compromising and selling unauthorized access to the corporate networks of approximately 50 different enterpr...

Warning: Malicious Chrome Extensions Hijack Workday, NetSuite Sessions to Bypass MFA

Security researchers have uncovered five malicious Google Chrome extensions that impersonate legitimate add-ons for popular enterprise SaaS applications like Workday and NetSuite. The extensions are designed to perform session hijacking by stealing active sess...

Healthcare Data Breaches Double, Fueled by 'Shadow AI' and Vendor Risk

The healthcare industry is facing a cybersecurity crisis, with a new report indicating that the number of data breaches doubled in the past year. The surge is being driven by two key factors: the unmanaged use of generative AI tools by staff, termed 'shadow AI...

2025 in Review: Simple Errors, Not 0-Days, Caused Biggest Breaches

Update:New reports for 2025-2026 show cloud attacks increased 21% year-over-year, with 81% of organizations experiencing an incident. The average cost of a cloud breach reached $5.1 million. Primary attack vectors include credential compromise (over 50%), cloud misco...

Ransomware Attacks Skyrocket 58% in 2025, Setting New Records

Update:A new report from Cyble reveals a critical development in the 2025 threat landscape: a 93% increase in supply chain attacks, with ransomware groups now responsible for over half of these incidents. This convergence allows attackers to compromise a single vendo...