DataBreachToday

Breach Roundup: Mr. Raccoon Wants Your Password

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

PayPal customers issued urgent '1p deposit' scam warning - 'we would never do this'

When deposits are made, PayPal sends a genuine payment message in an email flagging the transaction. The scammer includes a ...
The Business & Financial Times

The weakest link: Why people remain cybersecurity’s greatest vulnerability

By Ben TAGOE The enduring human element in cybersecurity Organizations invest heavily in cybersecurity technology; advanced ...
The Hacker News

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft fixes 169 vulnerabilities including exploited SharePoint CVE-2026-32201, prompting CISA remediation by April 28, ...
The Hacker News

Session Cookie Theft: You Showed Your ID at the Door. But Someone Else Has Your Room Key

Stolen session cookies bypass MFA because tokens remain valid for hours or days, enabling silent account takeovers without triggering security alerts.
Arabian Post

W3LL takedown exposes phishing’s industrial scale

Officials described W3LL as more than a conventional phishing scheme. According to the FBI, the network offered a ready-made phishing kit for about $500, allowing criminals to build login pages that ...
Arabian Post

MSBuild abuse deepens stealth on Windows

MSBuild, a legitimate Microsoft build tool embedded in many Windows and developer environments, is drawing renewed scrutiny after fresh threat research showed how attackers are using it to run ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

This New Tool Can Steal Your Passwords And Info – Even With 2FA Enabled

Storm is a Windows infostealer that steals encrypted browser data, decrypts it off-device, and uses session cookies to bypass ...

Microsoft’s Windows Recall still allows silent data extraction

A cybersecurity researcher says Recall’s redesigned security model does not stop same-user malware from accessing plaintext ...

A new Raspberry Pi OS update adds a password requirement to run ‘sudo’ commands.

Version 6.2 of Raspberry Pi’s Linux distribution, released on Tuesday, disables passwordless administrator-level commands, which were previously enabled by default for the sake of ease of use, despite ...

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher has published a working exploit for a Microsoft Defender security flaw that affects Windows 10, 11, and ...