Security Bulletin

Dutch-Belgian multinational retail and wholesale holding firm Ahold Delhaize had information from more than 2.24 million individuals pilfered following a November cyberattack that has been claimed by the INC Ransom ransomware-as-a-service operation...

GBHackers News reports that widely used short-form video editing app CapCut has been exploited in a two-stage phishing campaign aimed at exfiltrating Apple ID credentials and credit card details.

Schools and small businesses have had their email accounts breached to spread phishing emails delivering the Remcos RAT malware in attack campaigns since last year, Hackread reports.

The U.S. government is warning organizations to check their operational technology (OT) networks following the disclosure of new vulnerabilities in industrial control system (ICS) hardware.

Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.

Malicious AppleScript distributed via ClickFix exfiltrates Keychain credentials, browser data and more.

Spike potentially AI-fueled, but experts say it could be an opportunity to learn more faster about the hackers’ intentions.

If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected.

At Identiverse 2025, Protect AI CISO Diana Kelley warned that artificial intelligence may be powerful, but it’s not always right. When it comes to identity, hallucinations can be dangerous — and trust must be earned.

In a recent intrusion, the notorious cybercriminal collective accessed CyberArk vaults and obtained more 1,400 secrets, subverted Azure, VMware, and Snowflake environments, and for the first known time, actively fought back against incident response...

Department of Justice indicts 25 year-old UK resident behind "IntelBroker" identity behind 40-plus cases.