Security
Headlines
HeadlinesLatestCVEs

Tag

#web

SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there

We compared three incidents that surfaced today to show why the impact of a breach depends less on who was hit and more on what was taken.

Malwarebytes
Open in Source
#web#apple#microsoft#dos#git#auth
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

Photo booth flaw exposes people’s private pictures online

A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.

Photo booth flaw exposes people’s private pictures online

A security researcher says a basic website flaw at a photo booth operator may have exposed hundreds of private customer photos.

Google is discontinuing its dark web report: why it matters

Google will discontinue its dark web report early next year, prompting mixed reactions. How does dark web monitoring actually help keep you safe?

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719

700Credit Data Breach Impacts Millions of Car Owners

US auto loan service 700Credit confirms a data breach exposed names, addresses, and Social Security numbers of dealership customers. Free credit monitoring is offered.

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a