A new wave of cyberattacks has recently struck several prominent U.S. companies, including Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase. Bumble Inc., the parent company of dating apps Bumble, Badoo, and BFF, reported that one of its contractor accounts was compromised in a phishing incident. Similarly, it has been reported that Bumble…
Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, also known as UAC-0001. The campaign, named Operation Neusploit, uses a recently discovered Microsoft Office vulnerability called CVE-2026-21509. Security researchers from Zscaler ThreatLabz revealed that the attackers began exploiting the weakness just days after Microsoft publicly disclosed it. The attacks…
Key takeaways Nearly three-quarters (74%) of family businesses globally experienced at least one cyberattack in the past two years; 33% faced multiple incidents Nearly half (43%) report having a robust cybersecurity strategy; most rely on basic defenses such as software updates (59%) and multifactor authentication (57%) Family businesses affected by attacks reported financial (54%), operational…
A new study shows that open-source AI chatbots, like Meta’s Llama and Google DeepMind’s Gemma, are being used in ways researchers didn’t expect—including by hackers. After tracking thousands of servers running these models worldwide over 293 days, experts found thousands of deployments with security issues, noting hundreds of instances where guardrails had been removed and…
Advanced persistent threat actors operating from Pakistan have launched coordinated attacks against Indian government organizations using newly discovered tools and malware designed to bypass security defenses. The attack chain begins with emails that are phishing base containing deceptive PDF documents that impersonate legitimate government communications. These PDFs display blurred images of official documents and use…
A massive database containing 149 million stolen login credentials was discovered exposed online without password protection. Cybersecurity researcher Jeremiah Fowler uncovered the breach and reported findings to ExpressVPN, revealing a sprawling collection of stolen accounts spanning major platforms, including Gmail, Instagram, Facebook, and government systems. Posing serious security risks to users of Gmail, Instagram, Facebook, Netflix,…
Forcepoint has appointed Archie Jackson as Data Security Strategist, Customer Success for Asia Pacific (APAC). This appointment will reinforce Forcepoint’s commitment to helping enterprises strengthen data protection amid accelerating cloud adoption, distributed work environments, and AI-driven workflows. In his new role, Jackson will work closely with customers, partners, and internal teams across the region to…
The NSA has published the first two documents in its Zero Trust Implementation Guidelines series. These initial releases cover the Primer and the Discovery Phase, which together set the groundwork for future guidance tied to the Department of War CIO Zero Trust Framework. Each phase focuses on a defined set of technical and operational steps…
A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet. The security outfit says it has identified “large-scale exploitation” of CVE-2025-37164, a maximum-severity remote code execution bug in HPE’s data center management platform. Check Point has tied the activity to RondoDox, a Linux-based…
Bengaluru-based Cybersecurity company CloudSEK on Tuesday said it has raised $10 million (about ₹90 crore) from Connecticut Innovations, the strategic venture capital arm of the State of Connecticut in the United States. With this investment, CloudSEK becomes the first Indian-origin cybersecurity company to receive funding from a US based back venture. CloudSEK had previously raised $19…
