Restricted Canva Creator Information Compromised Through AI Chatbot Database
A Chroma database managed by the Russian artificial intelligence chatbot startup My Jedai has been discovered exposed on the internet, resulting in the unauthorized disclosure of sensitive survey responses.…

Google Addresses Vulnerability Exposing Account-Linked Phone Numbers
A recently identified vulnerability within Google’s account recovery system has been rectified, which could have enabled malicious actors to execute a brute-force attack to disclose recovery phone numbers associated…

Over 70 Organizations Across Diverse Sectors Compromised by China-Associated Cyber Espionage Threat Actor
The reconnaissance activity targeting a prominent cybersecurity firm, SentinelOne, forms part of a larger strategy of interconnected intrusions directed at multiple entities between July 2024 and March 2025.

The…

Security Vulnerability in PayU Plugin Facilitates Account Takeover on 5,000 WordPress Sites
A critical vulnerability in the PayU CommercePro plugin has exposed thousands of WordPress sites to risks from unauthenticated attackers capable of hijacking user accounts.

Vulnerability in Shipping Cost API…

Executive Order On Cybersecurity Policy Revision by Former President Trump
President Donald Trump has enacted an executive order on cybersecurity, initiating a comprehensive update to U.S. cybersecurity policy. This order aims to discard certain aspects deemed problematic from previous…

Undetected Vulnerabilities in npm Packages Enable Complete System Compromise
Recent investigations have uncovered a number of malicious npm packages that contain hidden endpoints capable of wiping systems upon receiving specific commands. Security experts are urging developers to exercise…

Guidelines for Reporting Online Scams: Procedures and Resources
If you have fallen victim to a scam, it is crucial to report the incident to assist in preventing others from experiencing similar fraud and to enable authorities to…

Compromised Ticketmaster Data from Snowflake Breach Reemerges on Dark Web Marketplace
The Arkana Security group recently listed what appeared to be newly stolen Ticketmaster data for sale, but it has been identified as data acquired during the 2024 Snowflake data…

CISA Includes Erlang SSH and Roundcube Vulnerabilities in the Catalog of Known Exploited Threats
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV)…

Daily Encounter Rate of Mobile Scams Reaches 44%, According to Malwarebytes Research
The ownership of smartphones has increasingly become a source of concern. The prevalence of malicious text messages disguised as package delivery notifications, phishing emails that mimic reputable brands, and…

Adobe Deploys Critical Patch Addressing 254 Vulnerabilities to Mitigate High-Severity Security Risks
Adobe has released significant security updates addressing a total of 254 vulnerabilities that affect its software portfolio, predominantly impacting Adobe Experience Manager (AEM). Out of these, 225 vulnerabilities are…

Android Enterprise Introduces Enhanced Security and Productivity Updates
Android Enterprise has introduced a series of features designed to enhance mobile security, optimize device management, and increase user productivity. These advancements are timely as organizations increasingly depend on…

Evoke Wellness Agrees to $1.9 Million Settlement to Resolve FTC Allegations of Consumer Misleading in Substance Use Disorder Treatment Services
On June 10, inquiries were directed towards Evoke Wellness, located in Hilliard, Ohio, concerning reports of insider wrongdoing that were disseminated through local media channels, yet were conspicuously absent…

June 2025 Patch Tuesday: Microsoft Addresses 66 Vulnerabilities, Including Active Zero-Day Exploit
On June 2025, a significant Patch Tuesday was released, addressing a total of 66 vulnerabilities across Microsoft products. Among these, a notable zero-day vulnerability in WebDAV has been recognized,…

Owner of GirlsDoPorn Pleads Guilty to Sex Trafficking, Faces Life Imprisonment
Michael James Pratt, the proprietor of the adult websites GirlsDoPorn and GirlsDoToys, has entered a guilty plea to charges of sex trafficking in a United States court.

From 2013…

DanaBot Malware Operators Unveiled Through 2022 Command and Control Vulnerability
A vulnerability introduced in the DanaBot malware operations with the June 2022 update has recently led to the exposure, indictment, and dismantling of their infrastructure as a result of…

Identification of Over 20 Configuration Vulnerabilities, Including Five CVEs, in Salesforce Industry Cloud
Cybersecurity researchers have identified more than 20 configuration-related vulnerabilities within Salesforce Industry Cloud, potentially jeopardizing sensitive data accessibility for unauthorized internal and external entities.

These vulnerabilities impact several components,…

Mastery Schools Alerts 37,031 Individuals of Significant Data Breach
A ransomware attack has resulted in the compromise of personal data belonging to 37,031 individuals, as confirmed by Mastery Schools, the largest charter school network in Philadelphia. The incident,…

Former Hilliard Treatment Center Employee Allegedly Involved in Sale of Patient Data on Dark Web
Authorities in Hilliard, Ohio, are currently investigating a significant case of fraud and identity theft linked to a former employee of a local addiction treatment center. This individual is…

Two Mirai Botnets, Lzrd and Resgod, Detected Exploiting Vulnerabilities in Wazuh System
Akamai’s recent analysis has identified two distinct Mirai botnets actively exploiting the significant vulnerability identified as CVE-2025-24016 within the Wazuh framework. This critical flaw presents a serious threat, particularly…