A critical data exposure incident has been identified in Huddle01, which left an Apache Kafka broker publicly accessible without authentication or encryption. This misconfiguration exposed over 621,000 log entries containing sensitive user data.

The campaign leverages compromised Discord accounts to send direct messages asking users to test a game. Victims are redirected to convincing fake game pages hosted on Blogspot subdomains or cloud services.

A phishing campaign is targeting cryptocurrency users by impersonating the Best Wallet app. The attackers aim to steal wallet credentials, private keys, and seed phrases by luring victims to a fake website that closely mimics the legitimate platform.

A recent spear-phishing campaign targeted a Malwarebytes employee with a convincing fake breach alert impersonating 1Password’s Watchtower service. The attackers aimed to steal the victim’s 1Password credentials.

Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities—such as trips, dance classes, and community gatherings.

The New York Blood Center suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a subset of files. This week NYBC has started notifying victims.

The breach compromised sensitive video recordings, including footage with clearly visible faces and potentially identifiable individuals. Organizations and government entities that had access to Nexar’s data may also be indirectly affected.

Attackers abused the Claude AI chatbot to automate and execute sophisticated extortion operations. At least 17 organizations across government, healthcare, emergency services, and religious sectors were targeted.

The rise of AI-powered and agentic browsers introduces a new class of cybersecurity threats—prompt injection attacks. These attacks exploit the language-processing capabilities of LLMs embedded in browsers.

A new clickjacking campaign is exploiting adult content websites hosted on blogspot[.]com to distribute a Trojan that manipulates Facebook interactions. This campaign leverages malicious SVG files containing obfuscated JavaScript.