Mariner Discloses Data Breach, Says Damage Was Limited - Barron’s
Mariner Wealth Advisors experienced a data breach that exposed the personal information of nearly 9,000 individuals, though the firm confirmed that no client assets were compromised.
Mariner Discloses Data Breach, Says Damage Was Limited - Barron’s
Mariner Wealth Advisors experienced a data breach that exposed the personal information of nearly 9,000 individuals, though the firm confirmed that no client assets were compromised.
Inklings newsletter: Is nearly all of Gaza’s population exposed in WFP cyber-attack?
A recent cyber-attack on the World Food Programme has compromised the sensitive data of approximately 600,000 households in Gaza, potentially exposing nearly the entire population to security risks. This incident highlights ongoing concerns regarding humanitarian data security and the agency’s reliance on controversial digital technology partnerships.
Conduent Business Services Data Breach Affected More Than 62.2 Million Individuals
A major data breach at Conduent Business Services compromised the protected health information of over 62.2 million individuals, ranking it as the third-largest healthcare data breach in history. Regulators are currently investigating the incident, as the company faces scrutiny over its security practices and the delayed disclosure of the full impact.
Mass data breach on over 100 Dutch hotels hits guests - DutchNews.nl
A data breach affecting over 100 Dutch hotels has exposed guest booking details, leading criminals to send fraudulent phishing payment requests. Guests are advised to verify payment demands directly with their hotels as the Dutch data protection authority investigates the incident.
The wearable health startup Ultrahuman confirmed that hackers accessed customer wellness data after stealing an employee’s credentials via malware. The breach affected approximately 0.1% of users through an internal analytics system, though no passwords or payment information were compromised.
In May 2026, the cybercriminal group ShinyHunters breached DentaQuest’s cloud infrastructure, exposing the PII and PHI of 2.6 million members. The attackers utilized stolen credentials to exfiltrate 234 gigabytes of sensitive data after a failed extortion attempt.
Charter confirms data breach after ShinyHunters extortion threat
Charter Communications has confirmed a data breach following an extortion threat from the ShinyHunters group. While the attackers claim to have stolen millions of customer records via a vishing attack, the company asserts that no sensitive personal information was exfiltrated.
Norfolk Police payroll data breach was ‘human error’, says force
The Norfolk Constabulary confirmed that a payroll data breach involving police staff was caused by human error when a file was mistakenly sent to a former officer. The force has reported the incident to the Information Commissioner’s Office and confirmed the data was deleted without being misused.
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Miasma worm has compromised 73 Microsoft GitHub repositories in a significant supply chain attack that exploits the inherent trust model of open-source platforms. By hijacking legitimate maintainer credentials, the malware automates malicious code execution through popular AI coding agents and developer tools.
A researcher used Claude Opus 4.8 to uncover a four-year-old critical vulnerability in the Zcash Orchard privacy pool that could have allowed for the creation of undetectable counterfeit coins. Because of the system’s privacy properties, it is impossible to determine if the flaw was exploited before an emergency fix was deployed.
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
The threat actor UNC3753 is actively targeting US law firms through a combination of vishing, RMM tool abuse, and physical office intrusions to exfiltrate sensitive client data. This campaign, also known as Silent Ransom Group or Luna Moth, executes rapid data theft and follows with aggressive extortion demands.
Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies
Free apps on platforms like Samsung and LG are secretly utilizing a Bright Data SDK to transform Smart TVs into AI proxy nodes for web scraping. Users can mitigate this unauthorized traffic by blocking specific DNS hostnames associated with the service, such as proxyjs.brdtnet.com and proxyjs.luminatinet.com.
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin to execute arbitrary code and seize administrative control of WordPress websites. Users should update to the patched version immediately and scan their systems for suspicious accounts like ‘diksimarina’.
New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks
ChatGPT Lockdown Mode is a new security feature designed to mitigate data exfiltration risks by restricting outbound network access during prompt injection attacks. While it disables capabilities like live web browsing and deep research, it does not prevent malicious payloads from entering the model’s context.
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
The Pink Extortion Group utilizes voice phishing to manipulate employees into revealing credentials, allowing them to bypass multi-factor authentication and steal sensitive Microsoft 365 cloud data. By impersonating IT staff, these threat actors gain unauthorized access to corporate environments to conduct financial extortion.
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
An autonomous AI agent recently identified 21 zero-day vulnerabilities in FFmpeg, while Google released a record-breaking 429 security patches for Chrome. These developments highlight how AI is accelerating the discovery of security bugs and increasing the pressure on developers to maintain rapid patch management cycles.
CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks
CISA has added the Linux kernel vulnerability CVE-2022-0492 to its Known Exploited Vulnerabilities catalog due to its use in privilege escalation attacks. This flaw allows attackers to manipulate cgroups to gain root-level access or escape containerized environments.
Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers
A logic bug in the Instagram web-based password reset interface recently exposed unredacted email addresses and phone numbers of users. Meta deployed an emergency hotfix to resolve the vulnerability after proof-of-concept screenshots highlighted the significant privacy risk.
EDRChoker: Choking The Telemetry Stream to Bypass Defenses
EDRChoker is a tool that bypasses Endpoint Detection and Response (EDR) by leveraging Policy-based Quality of Service (QoS) to throttle an agent’s bandwidth to 8 bits per second. By operating at the pacer.sys layer, this technique forces the EDR agent to time out and lose its connection to the server, effectively disabling its monitoring capabilities.
Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks
A False Claims Act lawsuit alleges that IBM and AT&T concealed nation-state hacking breaches and failed to implement essential security controls within their networks. The complaint claims that executives suppressed warnings regarding APT 10 activity to protect the companies' reputations and market performance.
Sovereignty, Resilience, AI GovernanceWebinar.
Regulations like DORA and the EU AI Act require leaders to maintain operational resilience, auditable evidence, and meaningful control over cloud and AI-enabled services to navigate modern risk landscapes.
A data breach at the cheat service Atlas Menu has exposed the personal information of 64,000 users, including usernames, emails, IP addresses, and hashed passwords. Affected gamers are advised to immediately update their login credentials and enable multi-factor authentication to mitigate risks from potential phishing or credential stuffing attacks.
Following the unauthorized leak of Avatar Aang: The Last Airbender, hackers have now targeted the upcoming animated project Avatar: Seven Havens. Although authorities have identified a suspect linked to the initial Paramount+ security breach, the studio faces ongoing threats of further unreleased content being distributed illegally.
The Miasma malware compromised 32 Red Hat npm packages after attackers gained access to a worker’s GitHub account to inject malicious code. This supply chain attack enabled the theft of developer credentials and cloud secrets from affected systems.
A data breach at BGF Networks has resulted in the unauthorized exposure of CU parcel service customer information, including IDs, passwords, and contact details. The company has since blocked the attacker’s IP and reported the security incident to relevant South Korean authorities.