Digital identity verification provider IDMerit inadvertently exposed more than one billion personal records across 26 countries after leaving a database unsecured and accessible on the public internet, according to research by Cybernews. Scale of the Exposure The exposed MongoDB database contained over three billion records weighing more than one terabyte. Security researchers estimate that approximately…
Supply chain cyber attacks are reshaping the threat landscape across Asia-Pacific, as criminals and state-aligned groups increasingly use trusted vendors, software components, and service providers as entry points into broader networks, according to Group-IB’s High-Tech Crime Trends Report 2026. The Interconnected Threat Ecosystem The report describes a fundamental shift from single-target intrusions to what it…
A massive data exfiltration operation involving 287 Chrome extensions that secretly steal browsing history from approximately 37.4 million users worldwide has been uncovered by security researcher Q Continuum (alias qcontinuum1). The discovery represents roughly one percent of the global Chrome user base, highlighting a significant privacy breach affecting millions of internet users. How the Extensions…
Security researchers at Check Point have uncovered a concerning new attack vector: threat actors can abuse AI assistants like Microsoft Copilot and xAI’s Grok to create covert command-and-control (C2) communication channels that evade traditional security tools. The proof-of-concept demonstrates how attackers can leverage AI services with web browsing capabilities to relay commands between malicious infrastructure…
Palo Alto Networks’ Unit 42 has released their 2026 Global Incident Response Report, analyzing over 750 major cyber incidents across 50+ countries. The findings paint a stark picture of an evolving threat landscape where attacks are faster, broader, and harder to contain than ever before. Key Finding: 72-Minute Attack Chains In the fastest cases Unit…
European home improvement marketplace ManoMano has confirmed a massive data breach affecting 37.8 million customer accounts after hackers compromised a third-party customer service provider. The breach, which surfaced on cybercriminal forum BreachForums, represents one of the largest retail data exposures of 2026. The Breach: Third-Party Call Center Compromised A threat actor using the handle “Indra”…
Microsoft has disclosed a sophisticated new variant of the ClickFix social engineering attack that weaponizes the Windows nslookup command to stage malware through DNS queries, enabling attackers to bypass traditional web-based detection mechanisms. Attack Methodology This DNS-based ClickFix variant tricks users into executing a specially crafted command through the Windows Run dialog that performs a…
Microsoft’s February 2026 Patch Tuesday revealed a critical zero-day vulnerability affecting Windows Shell that attackers are actively exploiting to bypass security protections. CVE-2026-21510 carries a CVSS score of 8.8 and allows threat actors to circumvent Windows SmartScreen warnings by tricking users into opening malicious links or shortcut files. Understanding the Vulnerability Windows Shell—the core graphical…
A critical pre-authentication command injection vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) is now being actively exploited in the wild, with threat actors targeting self-hosted deployments including legacy Bomgar appliances. Vulnerability Overview According to CSO Online, the vulnerability tracked as CVE-2026-1731 is a critical-severity flaw that allows unauthenticated attackers to execute…
A critical vulnerability (CVE-2025-64712) discovered in Unstructured.io, a widely deployed ETL library for AI data processing, exposes Amazon, Google, Bank of America, and 87% of Fortune 1000 companies to remote code execution attacks. The Vulnerability: CVSS 9.8 Path Traversal Leading to RCE Security researchers have identified a severe path traversal vulnerability in Unstructured.io’s partition_msg function,…
