Bumble, Match, Panera Bread & CrunchBase hit by cyberattacks, Bloomberg News reports
A new wave of cyberattacks has recently struck several prominent U.S. companies, including Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase. Bumble Inc., the parent company of dating apps Bumble, Badoo, and BFF, reported that one of its contractor accounts was compromised in a phishing incident. Similarly, it has been reported that Bumble…
Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware
Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, also known as UAC-0001. The campaign, named Operation Neusploit, uses a recently discovered Microsoft Office vulnerability called CVE-2026-21509. Security researchers from Zscaler ThreatLabz revealed that the attackers began exploiting the weakness just days after Microsoft publicly disclosed it. The attacks…
Google Uncovered Significant Expansion in ShinyHunters Threat Landscape
The ShinyHunters threat group has expanded its extortion operations with sophisticated attack methods targeting cloud-based systems across multiple organizations. These cybercriminals use voice phishing and fake harvesting credential websites to steal login information from employees. Once they gain access, they extract sensitive data from cloud software applications and use this information to demand ransom payments from…
Deloitte Private Global Report Highlights Rising Cybersecurity Risks for family businesses
Key takeaways Nearly three-quarters (74%) of family businesses globally experienced at least one cyberattack in the past two years; 33% faced multiple incidents Nearly half (43%) report having a robust cybersecurity strategy; most rely on basic defenses such as software updates (59%) and multifactor authentication (57%) Family businesses affected by attacks reported financial (54%), operational…
Open-source AI models can be exploited for criminal activities: Study
A new study shows that open-source AI chatbots, like Meta’s Llama and Google DeepMind’s Gemma, are being used in ways researchers didn’t expect—including by hackers. After tracking thousands of servers running these models worldwide over 293 days, experts found thousands of deployments with security issues, noting hundreds of instances where guardrails had been removed and…
APT Hackers Targets Indian Govt Infrastructure Using GOGITTER Tool & GITSHELLPAD Malware
Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The attack chain begins with emails that are phishing base containing deceptive PDF documents that impersonate legitimate government communications. These PDFs display blurred images of official documents and use…
48M Gmail, 6.5M Instagram Exposed Online From Unprotected Database
A massive database containing 149 million stolen login credentials was discovered exposed online without password protection. Cybersecurity researcher Jeremiah Fowler uncovered the breach and reported findings to ExpressVPN, revealing a sprawling collection of stolen accounts spanning major platforms, including Gmail, Instagram, Facebook, and government systems. Posing serious security risks to users of Gmail, Instagram, Facebook, Netflix,…
Forcepoint has appointed Archie Jackson as Data Security Strategist, Customer Success for Asia Pacific (APAC). This appointment will reinforce Forcepoint’s commitment to helping enterprises strengthen data protection amid accelerating cloud adoption, distributed work environments, and AI-driven workflows. In his new role, Jackson will work closely with customers, partners, and internal teams across the region to…
Grubhub confirms data breach: hackers demand ransom tied to Salesforce attacks
Grubhub confirms it’s been hacked after unauthorized actors gain access to internal systems. The attackers reportedly gained access through credentials stolen during the Salesloft breach last August. Salesloft, a sales engagement platform, suffered a compromise that exposed OAuth tokens for multiple integrated services. Those tokens provided persistent access that attackers exploited months later. Grubhub confirmed…
New set of Implementation for ZeroTrust released by the NSA
The NSA has published the first two documents in its Zero Trust Implementation Guidelines series. These initial releases cover the Primer and the Discovery Phase, which together set the groundwork for future guidance tied to the Department of War CIO Zero Trust Framework. Each phase focuses on a defined set of technical and operational steps…
