AT&T Probes 70M Record Breach, CISA Warns of Cloud Zero-Day, and ICS Attacks Rattle Energy Sector

CISA Warns of "BridgeSiphon" Zero-Day Exposing Passwords in Hybrid Cloud Sync

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an emergency directive concerning "BridgeSiphon," a critical zero-day vulnerability impacting hybrid cloud environments. The flaw, found in a widely used data synchronization protoco...

AT&T Probes Massive Data Breach as 70 Million Customer Records Surface on Dark Web

Telecommunications giant AT&T has launched a full-scale investigation after a database containing the sensitive personal information of approximately 70 million current and former customers was leaked on a dark web forum. The dataset, which reportedly dates ba...

Serbian Clinic's Patient Data Leaked by Ransomware Group After Refusing to Pay

In a severe violation of patient privacy, a Serbian gynecology clinic has had its entire patient database leaked on the dark web. The data dump occurred after the clinic refused to pay a ransom demand from a cybercriminal group that had encrypted its systems....

Major Data Leak at Malaysian Car Park Operator Imej Parking Exposes Government Data

Imej Parking Sdn Bhd, a major car park operator in Malaysia, has suffered a significant data breach after a large MySQL database was found exposed on the internet. The leak, attributed to a server misconfiguration, contains a wide array of sensitive informatio...

Global Cyber Incidents Surge: State-Sponsored Attacks, Financial Fraud, and AI-Powered Malware on the Rise

The global threat landscape is experiencing a significant escalation, with a notable surge in diverse and sophisticated cyberattacks over the past 24 hours. Key trends include state-sponsored actors, allegedly linked to China, targeting critical telecommunicat...

Warning to Developers: Malicious Logic Bombs Found in Popular IDE Extensions

A significant software supply chain threat has emerged as security researchers have discovered malicious logic bombs hidden within several popular coding extensions for Integrated Development Environments (IDEs). The malicious code is designed to remain dorman...

New Android Trojan "AudioSignature Hijack" Eavesdrops on Conversations Using Vibration Sensors

Mobile security researchers have uncovered a highly sophisticated Android Trojan, dubbed "AudioSignature Hijack 2.0," that employs a novel technique to eavesdrop on conversations without requesting microphone permissions. The malware leverages the device's bui...

Coordinated Cyber-Physical Attack on North American Battery Storage Facilities Causes Physical Damage

A highly sophisticated cyber-physical attack has targeted multiple lithium battery storage facilities across North America, resulting in significant physical damage to critical energy infrastructure. Attackers demonstrated a deep understanding of electrical en...

G20 Nations Sign Landmark Data Sovereignty Protocol to Govern Cross-Border Data Flows

In a significant move towards international cooperation on digital governance, the G20 nations have signed a new data sovereignty protocol. The non-binding agreement, finalized on March 28, 2026, aims to create a common framework for the secure and responsible...

Middle East Cyber Conflict Escalates Following Military Strikes on Iran

Update:The pro-Iranian hacktivist group Handala, previously active in the Middle East cyber conflict, has claimed responsibility for a cyberattack against US-based medical technology company Stryker. This incident signifies an expansion of the ongoing geopolitical cy...

Cloud Sweep Group's "Phase 30" Attack Embeds Ransomware in Cold Storage Backups, Defeating Recovery Efforts

Update:CloudSweep has evolved its tactics to encrypt entire virtual disk files (e.g., VMDK, VHDX) instead of individual files. This new method is faster, more destructive, and significantly complicates recovery efforts, as traditional file-level backups are insuffici...