ServiceNow Says a REST API Bug Left Customer Data Reachable Without Logging In
ServiceNow disclosed a security incident in which an unauthenticated REST API endpoint let users query data inside a subset of customer instances with...
825 articles on data breaches, ransomware, incident response, and threat intelligence.
ServiceNow disclosed a security incident in which an unauthenticated REST API endpoint let users query data inside a subset of customer instances with...
Check Point confirmed a critical authentication-bypass zero-day in its Remote Access VPN (CVE-2026-50751, CVSS 9.3) was exploited in the wild by a Qil...
Stuxnet was the opening act: a USβIsrael cyberweapon that physically wrecked Iran's centrifuges. Sixteen years later, the same military unit that help...
On September 17β18, 2024, thousands of pagers and walkie-talkies carried by Hezbollah members detonated simultaneously across Lebanon β 42 dead, up to...
The Defense Intelligence Agency quietly elevated Israel to 'critical' β the same counterintelligence tier reserved for adversaries like China and Russ...
ShinyHunters phoned a Charter Communications employee, talked their way into a Microsoft Entra account, and exported millions of Spectrum customer rec...
Attackers used compromised credentials belonging to Lithuania's Migration Department to siphon more than 600,000 records from the state Centre of Regi...
A remote denial-of-service flaw dubbed the HTTP/2 Bomb (CVE-2026-49975) lets a single attacker on a home connection exhaust 32GB of server memory in 2...
No malware. No zero-day. Attackers simply opened a chat with Meta's AI support assistant, asked it to bind a new email to a target account, and let th...
In a four-day operation in Washington, the DOJ's Scam Center Strike Force fused federal agents, five-nation law enforcement, and nine tech companies β...
Aleksei Volkov didn't deploy the ransomware β he sold the way in. As an initial access broker for the Yanluowang crew and other groups, the 26-year-ol...
Noah Christopher, a 26-year-old German wanted on 74 cybercrime warrants, ran the Fluxstress and Netdowner DDoS-for-hire platforms β letting anyone wit...