Critical Citrix Flaw Exposes Networks, Lapsus$ Claims AstraZeneca Hack, and Massive Data Breaches Impact Millions

Citrix Scrambles to Patch Critical 'CitrixBleed'-like Flaw in NetScaler Products

Citrix has issued an urgent patch for CVE-2026-3055, a critical (CVSS 9.3) out-of-bounds read vulnerability in its NetScaler ADC and Gateway products. The flaw allows unauthenticated remote attackers to read sensitive memory contents, such as session tokens, f...

Kaplan Data Breach Exposes SSNs and Driver's Licenses of Over 230,000 People

Kaplan North America, a major educational services provider, is notifying over 230,000 individuals that their highly sensitive personal information was stolen in a data breach. The incident, which occurred between October 30 and November 18, 2025, resulted in...

QualDerm Healthcare Data Breach Exposes Personal and Medical Info of 3.1 Million Patients

QualDerm Partners, a healthcare management services organization, is notifying over 3.1 million individuals of a major data breach that occurred in December 2025. During a two-day period of unauthorized network access, attackers exfiltrated a vast amount of se...

Russian Initial Access Broker for Yanluowang Ransomware Jailed for 81 Months in US

Aleksei Volkov, a 26-year-old Russian citizen, has been sentenced to 81 months in U.S. federal prison for his role as a prolific initial access broker (IAB). Volkov admitted to hacking into U.S. companies and selling that unauthorized access to ransomware grou...

Iran-Linked Pay2Key Ransomware Targeted US Healthcare Amidst Military Conflict

The Iranian-linked ransomware group Pay2Key targeted a U.S. healthcare organization in late February 2026, coinciding with military conflict between the U.S. and Iran. Incident responders noted that the attack used an evolved strain of the Pay2Key ransomware b...

Cybercrime Automation: Attacker Handoff Time Plummets from 8 Hours to 22 Seconds

The 2025 Google M-Trends report from Mandiant reveals a stunning increase in the efficiency of cybercriminal operations. The time between an initial network compromise and the handoff to a secondary attacker, such as a ransomware group, has plummeted from eigh...

Semiconductor Firm Trio-Tech's Singapore Unit Hit by Gunra Ransomware

Trio-Tech International, a U.S.-based semiconductor services firm, has confirmed its Singaporean subsidiary was hit by a ransomware attack on March 11. The Gunra ransomware operation has claimed responsibility. In an SEC filing, the company initially stated th...

Poland Reports 150% Surge in Cyberattacks, Cites Unprecedented Assault on Energy Grid

A Polish government official has revealed a dramatic 150% increase in cyberattacks against the country in 2025, totaling 270,000 incidents. The surge included a sophisticated and coordinated attack in December on Poland's energy system, which targeted a major...

DDoS Attacks Surge 150% with Record-Breaking 12 Tbps Volumes, Gcore Reports

A new report from infrastructure provider Gcore reveals a 150% increase in Distributed Denial-of-Service (DDoS) attacks between Q4 2024 and Q4 2025. Attack volumes have also exploded, reaching a record 12 Terabits per second (Tbps). The report highlights a tre...

Network Gear Surpasses Endpoints as Top Cyber Risk, Forescout Warns

Forescout's 2026 'Riskiest Connected Devices' report reveals a major shift in enterprise risk, with network infrastructure like routers and switches now posing a greater threat than traditional endpoints. These core network devices, which average nearly 32 vul...