A sophisticated iPhone hacking toolkit named Coruna, potentially originating from a US contractor and sold to the US government, has been found in the hands of Russian spies and cybercriminals. This toolkit exploits 23 iOS vulnerabilities to silently install malware, and while Apple has patched these specific flaws, the incident raises concerns about the proliferation of advanced hacking tools.
LexisNexis confirms data breach as hackers leak stolen files
Data analytics company LexisNexis confirmed a data breach after hackers exploited an unpatched React app to access AWS infrastructure, leaking 2GB of customer and business information. The stolen data, described by LexisNexis as mostly old and non-critical, included customer names, contact details, and support tickets, but not sensitive PII or financial information.
AI cyberattacks costing Canadian businesses profits: KPMG
A KPMG Canada survey indicates that AI-powered cyberattacks, including phishing emails, deepfakes, and voice impersonations, are causing profit losses for Canadian businesses. Over 80 percent of companies that experienced profit loss in 2025 attributed it to these AI fraud attacks, with most reporting losses between one and five percent of their profits.
AI bot compromises five major GitHub repositories | Cybernews
An AI bot, “hackerbot-claw,” has been hacking GitHub repositories for over a week, compromising at least six major projects, including those from Microsoft and DataDog. The bot, claiming to be an “autonomous security research agent,” scans for misconfigured CI/CD workflows and exploits them, often hiding malicious code in unexpected places. Despite its claims of harmless intentions, the bot’s actions have resulted in remote code execution and the theft of sensitive credentials.
AI bot compromises five major GitHub repositories | Cybernews
An AI bot, “hackerbot-claw,” has been hacking GitHub repositories for over a week, compromising at least six major projects, including those from Microsoft and DataDog. The bot, claiming to be an “autonomous security research agent,” scans for misconfigured CI/CD workflows and exploits them, often hiding malicious code in unexpected places. Despite its claims of harmless intentions, the bot’s actions have resulted in remote code execution and the theft of sensitive credentials.
Hacktivists claim to have hacked Homeland Security to release ICE contract data - DataBreaches.Net
A hacktivist group named Department of Peace claims to have breached the Department of Homeland Security (DHS), releasing sensitive data concerning contracts between DHS, ICE, and over 6,000 companies, including major tech and defense contractors.
Reports claim Israel hacked Tehran’s traffic cameras and mobile networks to spy on Ayatollah Ali Khamenei and other officials, using the intelligence to track their movements before a major strike. This cyber warfare tactic exploited Iran’s own surveillance infrastructure, raising global concerns.
A US-Israeli cyber and military campaign has triggered an Iranian counteroffensive targeting Gulf energy and critical infrastructure, resulting in a near-total internet blackout in Iran and threats from pro-Iran hacking groups against Western and Gulf infrastructure. The conflict involves state-sponsored cyber-activity, with Iran and its proxies employing a decentralized, asymmetric warfare strategy, including missile and drone attacks on infrastructure in Qatar and cyberattacks on energy firms.
Iranian Hacking Groups Go Dark Amid US, Israeli Military Strikes - Bloomberg
feared hacking groups have been largely inactive during the ongoing US-Israeli military strikes, highlighting the decline in Iran’s online attack capabilities. Despite a history of cyberattacks and disinformation campaigns, Iran’s current response has been minimal, with only a few pro-Iranian groups making exaggerated claims of breaches. The lack of significant Iranian cyber activity underscores the impact of internet blackouts and the evolving nature of warfare, where cyber operations are increasingly integrated with traditional military and information warfare.
Madison Square Garden Data Breach Confirmed Months After Hacker Attack - SecurityWeek
Madison Square Garden has confirmed a data breach impacting customers who used Oracle’s E-Business Suite, with personal information including names and SSNs compromised. The breach, which occurred in August 2025, was part of a wider campaign by the Cl0p ransomware group targeting over 100 organizations.
Keeping the Internet fast and secure: introducing Merkle Tree Certificates
Cloudflare is introducing Merkle Tree Certificates (MTCs) to address the performance impact of Post-Quantum (PQ) cryptography on internet security. MTCs aim to reduce the number of signatures and public keys in TLS handshakes, making PQ certificates efficient enough for widespread adoption today, and are being experimentally deployed in collaboration with Chrome Security.
Canadian Tire Data Breach Impacts 38 Million Accounts - SecurityWeek
A Canadian Tire data breach in October 2025 impacted over 38 million accounts, compromising personal information like names, email addresses, and encrypted passwords. The breach, which involved unauthorized access to an e-commerce database, also included partial credit card numbers and dates of birth for a subset of users, though Canadian Tire stated this data could not be used for fraudulent transactions and that no bank or loyalty data was compromised.
Ransomware payment rate drops to record low as attacks surge
Despite a surge in ransomware attacks, the payment rate has dropped to a record low of 28% in 2025, with the median ransom payment significantly increasing by 368%. This shift is attributed to factors like improved incident response, law enforcement actions, and a more fragmented threat landscape, even as the scale and sophistication of attacks continue to grow.
Hackers publish full cache of stolen Odido customer data after ransom refusal | NL Times
Hackers have published the full cache of stolen Odido customer data after the telecom provider refused to pay a ransom, releasing information on over 6.5 million individuals and 600,000 companies, including identification documents, dates of birth, and phone numbers. This marks the fourth consecutive day of data disclosures following the cyber attack in early February, which compromised personal data from at least 6.2 million accounts.
Hacking group begins leaking customer data in Dutch telecom Odido hack, ETTelecom
The hacking group ShinyHunters has begun leaking the personal data of 6 million customers from the Dutch telecom company Odido, including names, contact information, and passport numbers. Odido has refused to negotiate or pay blackmail, despite the threat to leak more data daily, and is working with police and cybersecurity firms.
Unsecured Elasticsearch database leaks Dungeon Crusher players’ purchase data | brief | SC Media
An unsecured Elasticsearch database belonging to the RPG game Dungeon Crusher led to the leak of partial purchase data and in-game chats for 24.5 million players. The exposed information included IP addresses, partial credit card numbers, and email addresses, raising concerns about potential fraud and identity theft.
Pathstone allegedly breached, as attacks on Wall Street escalate | Cybernews
The cyber extortion group ShinyHunters claims to have breached Pathstone Family Office, stealing over 641,000 sensitive records and threatening to release them by March 2nd if demands are not met. This follows similar attacks on other financial firms, with ShinyHunters having a history of releasing stolen data after failed ransom negotiations.
The DIY chain ManoMano experienced a data breach impacting 38 million customers due to a third-party provider, Zendesk. The exposed information includes names, emails, phone numbers, and support communications, though no passwords were compromised. ManoMano has taken steps to secure its systems, notified authorities, and is warning users about potential phishing risks.
12 Million exposed .env files reveal widespread security failures
Mysterium VPN discovered over 12 million publicly accessible .env files, exposing sensitive credentials and tokens like API keys and database passwords worldwide. This widespread security failure, with the United States leading in exposed IPs, highlights a systemic issue in configuration management and operational hygiene.
255 firms linked to Singapore’s critical infrastructure allegedly targeted in dark web leak - CNA
A dark web leak allegedly implicates 255 Singapore firms linked to critical infrastructure in clandestine cyber operations, with potential state-backed involvement and a growing trend of targeting SMEs as the weakest link in the digital supply chain.
Ukrainian man pleads guilty to running AI-powered fake ID site
A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold over 10,000 fake identification documents, including passports and driver’s licenses. The platform was primarily used to bypass Know Your Customer (KYC) verification requirements at financial institutions and cryptocurrency exchanges, with the man agreeing to forfeit $1.2 million and facing up to 15 years in prison.
iPhone and iPad are the first consumer devices cleared for NATO ’s ‘RESTRICTED’ classification
The iPhone and iPad are the first consumer devices to be NATO-approved for handling classified information, specifically up to the RESTRICTED classification. These devices are now listed in the NATO Information Assurance Product Catalogue (NIAPC), enabling secure use for military personnel.
Public Google API keys can be used to expose Gemini AI data | Malwarebytes
Previously safe Google Maps/Cloud API keys can now authenticate to Gemini AI, potentially exposing user data or incurring unexpected costs. Researchers found thousands of such keys in public code, highlighting a vulnerability where keys intended for billing identification now act as authentication credentials due to Gemini’s integration.
Chilean Carding Shop Operator Extradited to US - SecurityWeek
A 24-year-old Chilean national, Alex Rodrigo Valenzuela Monje, has been extradited to the US to face charges for allegedly running an illicit online card shop that sold stolen payment card data. He is accused of operating Telegram channels where he sold compromised credit card information, including account numbers, expiration dates, and CVV codes, from May 2021 to August 2023.
Twitch Ships Server-Side Eppo Keys in Its iOS App, Exposing Its Entire Product Roadmap
A misconfiguration in the Twitch iOS app exposed its entire product roadmap, including viewer-triggered ad breaks, Amazon product listings, and Turbo subscription tests, due to the use of server-side SDK Keys instead of obfuscated Client Tokens. This error allows anyone to view plaintext feature flag configurations, revealing ongoing experiments and unreleased features.