Everest has listed Coca-Cola as a victim on its dark web leak site, releasing samples of internal HR documents affecting 959 employees. These include scans of passports and visas, salary data, and other personally identifiable information (PII).

A threat actor has claimed to have scraped 1.2 billion Facebook user records by abusing an API. The data is being sold on a breach forum, but inconsistencies in the sample data and metadata raise doubts about the legitimacy of the claim.

KrebsOnSecurity, a prominent cybersecurity blog, was recently targeted by a massive distributed denial-of-service (DDoS) attack peaking at 6.3 Tbps. The attack, attributed to the Aisuru botnet, is one of the largest recorded to date.

Nitrogen ransomware, first publicly identified in September 2024, has emerged as a significant threat targeting organizations across the finance, construction, manufacturing, and technology sectors.

A massive data exposure incident involving PrepHero, a college recruiting platform operated by EXACT Sports, has compromised the personal information of over 3 million student-athletes, their parents, and coaches.

A targeted campaign exploited Microsoft Entra ID’s legacy authentication protocol BAV2ROPC, allowing attackers to bypass MFA and gain unauthorized access to admin accounts across finance, healthcare, and tech sectors.

Bitdefender discovered over 200 incredibly realistic websites offering a wide range of products, including shoes, clothing, and electronics. Customers are tricked into providing credit card information and agreeing to monthly subscriptions.

BreachForums, operated by the ShinyHunters hacker group, abruptly went offline in early April 2025. A PGP-signed message posted on April 28, 2025, revealed that a MyBB 0day vulnerability prompted the shutdown.

Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million.

Immersive Labs discovered critical vulnerabilities in Planet Technology’s network management systems and industrial switches, risking full device takeover. Immediate patching is urged to prevent exploitation.