Discord denies massive breach, confirms limited exposure of 70K ID photos

Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have... Read more »

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing... Read more »

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce, LockBit, and Qilin formed a... Read more »

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

DraftKings warns of credential stuffing using stolen logins; No evidence of data loss, but users must reset passwords and enable MFA. A credential stuffing campaign is targeting the American... Read more »

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also... Read more »

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Synacor Zimbra... Read more »

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug. A cybercrime group, tracked as Storm-1175, has been actively exploiting a... Read more »

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle... Read more »

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security... Read more »

Discord discloses third-party breach affecting customer support data

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party... Read more »
Subscribe to our Newsletter