Verus Hacker Returns $8.5M After Bridge Exploit Deal - DataBreaches.Net
A hacker returned $8.5 million in Ethereum to the Verus team following a cross-chain bridge exploit and subsequent negotiations. The attacker retained $2.8 million as a bounty payment, sparking debate about the implications of these white-hat deals in decentralized finance.
Radiology Associates of Richmond has disclosed a second data breach affecting 266,183 people, following a larger incident in 2024 that impacted 1.4 million patients. Critical details regarding the cause of these breaches, the specific information compromised, and potential ransom payments remain undisclosed by the practice.
Station Casinos starts informing customers after data breach | Cybernews
The Las Vegas casino giant Station Casinos has officially confirmed a cybersecurity breach that occurred on March 5, 2026, following an unauthorized system intrusion. While the company disclosed the incident in a regulatory filing, the specific scope of the breach and the total number of affected individuals remain unknown.
Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud
Indian education sector data is being weaponized by threat actors to conduct highly targeted phishing, social engineering, and financial fraud against students. Criminals exploit security gaps in universities and EdTech platforms to steal sensitive records, which are then sold on the dark web to facilitate convincing, data-driven scams.
Google accidentally exposed details of unfixed Chromium flaw
Google inadvertently exposed details of a Chromium vulnerability that allows for remote code execution by keeping malicious JavaScript running in the background even after the browser is closed. This unfixed security flaw impacts all Chromium-based browsers and poses a significant risk as it enables attackers to potentially create stealthy botnets.
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox - VoidSec
CVE-2026-40369 is a critical 12-byte kernel write vulnerability in nt!ExpGetProcessInformation that enables attackers to escape browser sandboxes and escalate privileges to NT AUTHORITY\SYSTEM. By exploiting an unchecked pointer in NtQuerySystemInformation, researchers can bypass security features to forge a system token and execute arbitrary code.
Bugcrowd has launched Reinforcement Learning Environments to enable AI models to train on real software vulnerabilities rather than synthetic data. The platform also includes ExploitBench, a framework designed to measure the exploit-development capabilities of these AI agents.
Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds
A study by Aikido Security reveals that deleted Google API keys remain active for up to 23 minutes due to eventual consistency in the company’s authentication infrastructure. This delay allows attackers to potentially access GCP, Gemini, BigQuery, and Maps data even after a key has been revoked.
Anthropic Mythos helped Calif build a macOS exploit in five days - 9to5Mac
The security team at Calif successfully developed a macOS kernel memory corruption exploit for M5 silicon in just five days by leveraging Anthropic Mythos to bypass Apple’s Memory Integrity Enforcement (MIE). This discovery highlights how the combination of AI models and human expertise can rapidly identify vulnerabilities in advanced security mitigations.
3,800 GitHub Repos Breached via Poisoned VS Code Extension by TeamPCP
The threat actor TeamPCP successfully breached approximately 3,800 internal GitHub repositories by utilizing a poisoned VS Code extension. The group is actively selling the stolen source code for $50,000.
Microsoft warns of new Defender zero-days exploited in attacks
Microsoft has released security patches to address two Microsoft Defender zero-day vulnerabilities that allow for privilege escalation and denial-of-service attacks. CISA has mandated that federal agencies update their systems to mitigate these actively exploited flaws.
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft has released a mitigation for the YellowKey BitLocker bypass vulnerability, tracked as CVE-2026-45585, which allows attackers with physical access to gain unauthorized entry to encrypted volumes. Users can protect their systems by disabling the autofstx.exe utility in the WinRE image and switching to TPM+PIN authentication.
Exclusive: Qilin ransomware group claims responsibility for Generation Life hack - Cyber Daily
The Qilin ransomware group has claimed responsibility for a cyber attack on the Australian financial firm Generation Life, though no sensitive data has been published yet. The company is currently working with cyber security experts to investigate the scope of the incident after an unauthorized third party gained access to their systems.
Shai-Hulud worm copycats emerge after source code leak
The Shai-Hulud worm has sparked a wave of supply chain attacks on NPM developers following the public leak of its source code. Threat actors are now utilizing modified versions of the malware and typo-squatting techniques to steal sensitive credentials and deploy DDoS botnets.
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand - SecurityWeek
7-Eleven has confirmed a data breach involving franchisee documents after the ShinyHunters hacker group claimed to have stolen personal information. The company is currently notifying affected individuals after the attackers threatened to leak or sell the compromised records.
Operation Ramz Dismantles 53 Servers Used in Scam and Malware Campaigns
Operation Ramz, an international initiative led by INTERPOL, resulted in 201 arrests and the dismantling of 53 malicious servers used for phishing, malware, and online scams across the MENA region. This coordinated effort successfully disrupted organized cybercriminal networks and identified connections to human trafficking.
macOS Malware Abuses Fake Google Update for Persistence
The Reaper variant of the SHub macOS infostealer achieves persistence by masquerading as a legitimate Google software update and utilizing a LaunchAgent to maintain a backdoor. This malware employs social engineering and fileless execution techniques to steal sensitive data and tamper with cryptocurrency wallets while evading detection.
Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations | SECURITY.COM
Fast16 is a sophisticated sabotage framework designed to covertly tamper with LS-DYNA and AUTODYN simulations of nuclear detonations. By manipulating material pressure calculations during high-explosive compression, the malware aimed to disrupt and delay the development of nuclear weapons.
Microsoft confirms patching issues in restricted Windows networks
Microsoft confirms that restricted Windows networks are experiencing Windows Update failures due to recent download timeout changes. Administrators can resolve this issue by deploying Known Issue Rollback (KIR) group policies for their specific version of Windows.
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana recently suffered a GitHub token breach that allowed attackers to download its codebase and attempt extortion. The company refused to pay the ransom, following FBI guidance, and confirmed that no customer data was compromised.
US officials suspect Iranian hackers are exploiting unprotected automatic tank gauge systems at gas stations to manipulate display readings. These cyber intrusions highlight ongoing vulnerabilities in US critical infrastructure amid an accelerating campaign of opportunistic attacks by Tehran-linked groups.
Huge data breach as major travel site is hacked - here’s what you need to do now
The travel platform Booking.com has confirmed a data breach that exposed customer information, including names, emails, and booking details, to an unauthorized third party. The company has since updated reservation PINs and advises users to install antivirus software to protect against potential phishing threats.
ANC hit by data breach: 2 million private member records exposed – MyBroadband
The ANC hit by data breach article reports that the cybercriminal group Black X exposed 2 million records containing sensitive private member information online. This dataset, which surfaced in August 2025, includes details such as ID numbers, phone numbers, and residential addresses.
Identity security firm SailPoint discloses GitHub repository breach
Identity security firm SailPoint disclosed a GitHub repository breach that occurred on April 20 due to a third-party application vulnerability. The company confirmed that no customer data or production environments were impacted by the incident.
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
The cybercrime group TeamPCP compromised the Checkmarx Jenkins AST plugin by exploiting credentials obtained from a previous supply chain attack. Checkmarx has since released a patched version of the plugin to address the malicious code and mitigate the security breach.