2+ day, 10+ hour ago  (455+ words) There are several data breaches involving Carnival Corporation or one of its subsidiaries in our database. Between 2019 and 2021 alone, Carnival reported four separate cybersecurity events to the New York Department of Financial Services. These included two ransomware attacks and a…...

2+ day, 11+ hour ago  (1106+ words) A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates. The…...

4+ day, 12+ hour ago  (480+ words) Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. These social engineering campaigns'where website…...

4+ day, 12+ hour ago  (719+ words) A pop-up appears on your computer, warning of a virus. You call the "Microsoft technician" in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It's a…...

4+ day, 9+ hour ago  (759+ words) During our threat hunting activities, we found fake installers and plugins impersonating popular software including Chat GPT, Claude, Auto Tune, and Kontakt on Git Hub and Source Forge distributing a Deno backdoor known as Din Door. Attackers are using compromised…...

1+ week, 1+ day ago  (414+ words) Google has issued updates for the Chrome browser patching a number of high'severity vulnerabilities." The update includes fixes for two critical vulnerabilities that can be used for remote code execution just by visiting a malicious website. The stable channel has…...

1+ week, 2+ day ago  (378+ words) Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog tracks vulnerabilities…...

1+ week, 3+ day ago  (213+ words) The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look legitimate and more likely to bypass security checks. Fox Tempest's service was built around a customer-facing signing workflow where cybercriminals could…...

1+ week, 4+ day ago  (500+ words) NYC Health + Hospitals (NYC H+H) posted a data breach notice about a months'long breach via a third'party vendor that exposed highly sensitive patient and employee data for at least 1. 8 million people, including medical records, government IDs, geolocation data, and even…...

1+ week, 5+ day ago  (575+ words) Microsoft said it will change Edge's password handling as a "defense'in'depth" measure. Originally, Edge decrypted the entire saved'password store on startup and kept all credentials resident in process memory in clear text for the whole browser session, regardless of whether…...