A recent study by academic researchers uncovered 27 vulnerabilities in popular cloud-based password managers: Bitwarden, LastPass, Dashlane, and 1Password. These vulnerabilities allow attackers to view and change passwords.

OpenClaw, formerly known as ClawdBot and MoltBot, is a widely adopted AI assistant framework that has become a target for infostealer malware. This malware is capable of stealing sensitive configuration files.

Academic Urology & Urogynecology of Arizona has notified over 73,000 individuals of a data breach that compromised sensitive personal, financial, and medical information. The breach is attributed to the ransomware group Inc.

CVE-2026-1731, a critical unauthenticated OS command injection vulnerability, is being actively exploited in self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments.

A critical security vulnerability at DavaIndia Pharmacy exposed customer data and allowed unauthorized administrative access. The flaw was due to an exposed admin subdomain, which permitted unauthenticated access to super-admin APIs.

Eurail B.V. has confirmed a data breach where sensitive traveler information is now for sale on the dark web. A sample of this data has been published on Telegram, highlighting the immediacy and visibility of the threat.

A single threat actor is responsible for the majority of exploitation activities targeting two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-21962 and CVE-2026-24061.

Hackers are targeting Trezor and Ledger users with physical phishing letters, urging them to scan QR codes leading to malicious sites. These letters claim that users must complete an "Authentication Check" or "Transaction Check" by specific dates.

Figure Technology Solutions, a US-based fintech firm known for its blockchain-based HELOCs and other lending products, has disclosed a data breach following a phishing attack on an employee.

A novel ClickFix-style attack has been identified, utilizing JavaScript to hijack cryptocurrency swaps on Swapzone.io. This is one of the first known instances where JavaScript is used to alter webpage functionality for malicious purposes.