Security
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
The ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities.
Section
Security
CybersecurityPrivacyData BreachesVulnerabilitiesGovernment
Security
North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
North Korean hackers posing as remote IT workers and recruiters remain a major threat to U.S., European, and Asian companies, accounting for about half of all attacks over the past 12 months.
Security
ServiceNow tells customers a bug left some of their data exposed to the internet
ServiceNow is used by thousands of enterprises to automate their internal processes, but says several customers had data accessed because of a security bug.
Security
CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
Check Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.
Security
Massachusetts votes to pass new privacy rights bill that bans sale of precise location data
The bill is expected to blanket-ban companies and startups from selling people's precise location data across the state.
Security
WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order
The messaging giant announced that it disrupted a phishing campaign targeting its users with NSO’s spyware.
Security
Hacked, leaked, and held for ransom: The worst breaches of 2026 so far
From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026.
Security
Former cyber executive turned whistleblower accuses IBM of covering up several data breaches
IBM and two of its subsidiary companies were allegedly breached during the mid-2010s — a lawsuit filed by a former cybersecurity executive accuses IBM of not disclosing and actively covering it up.
Security
NSA said to be readying Anthropic's Mythos for use in cyber operations
The U.S. eavesdropping agency is reportedly preparing Anthropic's Mythos for use in cyberattacks, despite a federal ban on using the AI model maker.
Security
Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person
Cybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms' offices, where the criminals have stolen data using USB drives or remote access tools.
Security
Chinese spies are using LinkedIn to lure Westerners into sharing sensitive information
The advisory warns that Chinese spies are using public job search platforms to recruit people with access to non-public information.
Security
Filtr is a new privacy tool that blocks ads in almost every iPhone and Mac app
This popular ad blocker app for iPhones, iPads, and Macs can now block ads from loading inside apps, including web browsers, thanks to a new feature in the latest Apple software.
Security
Ultrahuman says hackers accessed customers' wellness data via internal tool
The breach at wearable ring maker Ultrahuman stemmed from credentials stolen from a malware-infected employee laptop.
Security
Instagram is alerting users who were targeted by hackers during AI chatbot attacks
Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts.
Security
Password manager Dashlane says hackers stole some customers' password vaults
The password manager giant said hackers were able to "brute-force" its two-factor system, allowing them to access customer accounts and download their password vaults.
Security
Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers
Hackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V.
Security
Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access
Several users on social media reported having their Instagram accounts hacked over the weekend. Meta's own support chatbot was blamed for allowing hackers to hijack accounts.
Security
Microsoft under fire for threatening security researcher with criminal investigation
A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.
Security
A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers' driver's licenses
Pay Tel secured the publicly exposed data after security researchers discovered the leak containing callers' sensitive ID documents and inmate communications.
Security
US says troops were targeted with location data, as senator warns ad industry is a 'national security threat'
One leading privacy lawmaker said it was time to "start treating the adtech industry as a national security threat."
Security
Hackers are trying to steal Signal users' backups in new wave of widespread attacks
A new hacking campaign is trying to trick Signal users to give up their secret recovery key, which can be used to access online backups containing past messages.
Security
UK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us
The third-party website exposed passports, selfies, and the location data of applicants who submitted their documents as part of the U.K. visa application process. Instead of fixing the issue, the website sent attorneys.
Security
CrowdStrike and Google take down botnet used by hackers to target open source software developers
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.
Security
Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover
An Israeli cybersecurity firm said Iran’s government is behind Ababil of Minab, a fake hacktivist persona that has claimed a series of data breaches after the start of the war in Iran.
Security
7-Eleven data breach affects over 185,000 people's personal data
The data breach included names, dates of birth, postal addresses, and Social Security numbers, according to a state government listing.
Security
Ghost hackers: the cybersecurity mystery that nobody has solved
A shadowy group that stole and dumped the NSA’s most powerful hacking tools still has implications for how companies think about digital risk today.
Security
Dutch government blocks US company from acquisition, citing 'risk to public interest'
The move to block the acquisition of the cloud company that hosts the Dutch digital ID service comes as Europe continues to reduce its reliance on U.S. technology.
Security
These special phone and app features can help protect you from spyware
Apple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes work, what they do, and how to switch them on.
Security
Kash Patel's clothing brand website shut down after reports it was hacked
According to users on X, the website was hijacked by hackers in an attempt to trick visitors into installing malware.
Security
Trump Mobile confirms it exposed customers' personal data, including phone numbers and home addresses
President Trump’s branded cell phone maker and cell provider said the exposure was linked to a third-party platform and was evaluating whether it needs to notify customers.
Security
Scammers are abusing an internal Microsoft account to send spam links
The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts.
Security
Law enforcement shuts down VPN service used by two dozen ransomware gangs
First VPN promised hackers complete anonymity for their cyberattacks. But Europol said it was able to notify the service’s users that they have now been identified.
Security
Customers say Trump Mobile is leaking their personal information
Trump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.
Security
GitHub says hackers stole data from thousands of internal repositories
The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.
Security
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.
Security
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
The federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs.
Security
Discord enables end-to-end encrypted voice and video calling for every user
Good news! Discord's hundreds of millions of users now have their communications scrambled, so not even Discord can see them.
Security
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.
Security
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
The New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.
Security
A hotel check-in system left a million passports and driver's licenses open for anyone to see
The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers' data without a password.
Security
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
While the summit appeared cordial, China remains a key adversary of the United States, given its advanced intelligence and espionage capabilities.
Security
Cisco cuts nearly 4,000 jobs to spend more on AI, reports 'record quarterly revenue'
This is Cisco's latest layoff in recent years, while the company's chief executive touts record revenue and growth.
Security
OpenAI says hackers stole some data after latest code security issue
OpenAI said the damage was limited to the employees’ devices and did not affect user data nor its production systems, and none of its intellectual property was stolen.
Security
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts
A group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign.
Security
This is what some of the world's largest banks of malware look like stacked as hard drives
What would some of the world's largest repositories of malware look like if they were stacked as hard drives, one on top of the other?
Security
US lawmakers demand answers from Instructure after Canvas data breaches
U.S. House lawmakers want to know how hackers broke into education tech giant Instructure twice and stole reams of data from students who use the company's flagship student data software Canvas.
Security
Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia
A ransomware group has claimed responsibility for hacking the electronics manufacturing giant Foxconn and is attempting to extort the company.
Security
Google launches new Android security feature to help uncover spyware attacks
Intrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices.
Security
US bank discloses security lapse after sharing customer data with AI app
Community Bank, which operates in Pennsylvania, Ohio, and West Virginia, disclosed a cybersecurity incident that exposed customers’ names, dates of birth, and Social Security numbers.
Security
Instructure strikes deal with hackers who breached it twice
The maker of the Canvas school software said it "reached an agreement" with the hackers, but provided no guarantees that the hackers would not release the data or keep their word.
Security
Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
As bad actors weaponize AI to exploit software vulnerabilities at unprecedented speed, companies are increasingly recognizing the need to bolster their cybersecurity defenses. The round valued the three-year-old startup at $725 million.
Security
Poland says hackers breached water treatment plants, and the US is facing the same threat
A report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure.
Security
US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers
Former cybersecurity executive Peter Williams stole several surveillance and hacking tools and sold them for $1.3 million to a Russian broker that works with Putin’s government.
Security
Hackers hack victims hacked by other hackers
An unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.
Security
How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity
Security researchers at Mozilla say Anthropic's Mythos has unearthed a wealth of high-severity bugs in Firefox.
Security
Hackers deface school login pages after claiming another Instructure hack
The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.
Security
Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
Toronto police said this is the "first known instance" of an SMS blaster being used in Canada.
Security
AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
Braintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.
Security
DOJ says ransomware gang tapped into Russian government databases
U.S. prosecutors said a ransomware gang fueled Russian government corruption, and allowed the gang's leaders to avoid paying taxes and dodge the country's military draft.
Security
Some kids are bypassing age-verification checks with a fake mustache
A new survey found that kids find it easy to bypass age checks, despite a rise in age-verification laws around the world.
Security
Hackers steal students' data during breach at education tech giant Instructure
The data breach at education tech giant Instructure includes students' private data, according to a sample of the allegedly stolen data seen by .
Security
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack
The cybersecurity company says it's seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software.
Security
US government warns of severe CopyFail bug affecting major versions of Linux
U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and data centers that rely on Linux.
Security
Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites
Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers are now targeting and hacking thousands of vulnerable websites.
Security
US healthcare marketplaces shared citizenship and race data with ad tech giants
Virginia and Washington, D.C. paused the data collection and sharing, after Bloomberg's investigation found their health insurance marketplaces were sharing users' information with advertisers.
Security
Ubuntu services hit by outages after DDoS attack
A group of hacktivists have claimed responsibility for a distributed denial-of-service attack, which has affected several Ubuntu and Canonical websites, and prevented users from updating the Linux-based operating system.
Security
Dental practice software maker fixes bug that exposed patients’ medical records
The security bug is now fixed, but the patient who found it said it was challenging to alert the software company about the issue.
Security
Hackers are actively exploiting a bug in cPanel, used by millions of websites
Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
Security
After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too
OpenAI will begin rolling out its cybersecurity testing tool, GPT-5.5 Cyber only "to critical cyber defenders" at first.
Security
Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
The government of Sri Lanka has lost more than $3 million in two recent, separate cybersecurity incidents as the country continues to recover from its 2022 debt crisis.
Security
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
Despite promising to help determine what happened with the hacks targeting journalists and activists in Italy, Israeli American spyware maker Paragon has reportedly not responded to authorities’ requests for information.
Security
US Supreme Court appears split over controversial use of 'geofence' search warrants
The U.S. top court is expected to rule on whether to allow police to identify criminal suspects by dragnet searching the databases of tech giants.
Security
Critical infrastructure giant Itron says it was hacked
The American technology giant provides water and energy monitoring and utility meters to hundreds of millions of homes and businesses.
Security
Hacker who allegedly carried out cyberattacks for China is extradited to US
Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations and stole COVID-19-related research.
Security
Another spyware maker caught distributing fake Android snooping apps
Researchers have found a new case where government authorities used a fake Android app to plant spyware on a target’s phone. The company that allegedly developed the spyware was not previously known to sell this type of software.
Security
Vercel says some of its customers' data was stolen prior to its recent hack
The app and website hosting company has found evidence of a second compromise of customer accounts after expanding its initial investigation following a breach in early April.
Security
Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say
The Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.
Security
Trump's pick to run US cyber agency CISA asks to drop out
Sean Plankey has requested to withdraw his name to run the U.S. cybersecurity agency after a tumultuous year of chaotic temporary leadership.
Security
UK government says 100 countries have spyware that can hack people's phones
The U.K.'s cybersecurity chief warned that U.K. businesses and critical infrastructure are underestimating the threat from spyware attacks and other cyberthreats, with more governments having access to the powerful surveillance technology than ever.
Security
France confirms data breach at government agency that manages citizens' IDs
The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens.
Security
Apple fixes bug that cops used to extract deleted chat messages from iPhones
The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app.
Security
Cosmetics giant Rituals confirms data breach of customer membership records
The cosmetics retailer, which counts 41 million customers in its membership data, declined to provide an accurate total number of customers affected.
Security
Ransomware negotiator pleads guilty to helping ransomware gang
A former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.
Security
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires on April 30, the government's spy powers will not automatically lapse.
Security
North Korean hackers blamed for $290M crypto theft
The hack against Kelp DAO is the largest crypto heist of the year so far.
Security
Mastodon says its flagship server was hit by a DDoS attack
The DDoS attack against Mastodon's flagship server comes less than a week after Bluesky was targeted with junk web traffic.
Security
App host Vercel says it was hacked and customer data stolen
Vercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.
Security
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Palantir's ideological bent has come under more scrutiny as it's worked with ICE and positioned itself as a defender of "the West."
Security
Man who hacked US Supreme Court filing system sentenced to probation
Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on Instagram under the handle @ihackedthegovernment.
Security
Hackers are abusing unpatched Windows security flaws to hack into organizations
A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real-life attacks, according to a cybersecurity firm.
Security
Bluesky confirms DDoS attack is cause of continued app outages
Bluesky has been experiencing ongoing service disruptions since just before 3 a.m. ET on April 15.
Security
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme
The U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies.
Security
Exclusive: Fashion retailer Express left customers' personal data and order details exposed to the internet
Retail giant Express was publicly spilling customer information to the open web. The bug is now fixed after alerted Express, but the company would not say if it plans to notify customers.
Security
European police email 75,000 people asking them to stop DDoS attacks
Europol coordinated an operation against for-hire distributed denial-of-service (DDoS) services, including the arrest of four people and the takedown of 53 domains.
Security
Sweden blames Russian hackers for attempting 'destructive' cyberattack on thermal plant
Sweden's minister for civil defense said Russian hackers are "now attempting destructive cyber attacks against organizations in Europe."
Security
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.
Security
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
In an interview at the Semafor World Economy summit this week, Anthropic co-founder Jack Clark explained why the company was still engaged with the U.S. government while simultaneously suing them.
Security
Adobe fixes PDF zero-day security bug that hackers have exploited for months
It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.
Security
Hack at Anodot leaves over a dozen breached companies facing extortion
The data breach at Anodot, which affects customers like Rockstar Games, is the latest hack aimed at stealing data from a large number of corporate giants.
Security
Booking.com confirms hackers accessed customers' data
The travel giant notified customers that their personal data, including names, email addresses, and phone numbers, may have been accessed in a security incident.
Security
FBI announces takedown of phishing operation that targeted thousands of victims
Cybercriminals allegedly used the W3LL phishing kit to target more than 17,000 victims worldwide, stealing their passwords and multi-factor authentication codes.
Security
France to ditch Windows for Linux to reduce reliance on US tech
France's move to ditch Windows for Linux is its latest effort to reduce its reliance on American tech giants.
Security
Hacker stole £700,000 from UK energy company by redirecting payment
The U.K. energy company said a redirected payment meant for a contractor instead landed in a hacker's bank account.