APT28 is actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw is being used to target Ukrainian government entities and potentially extends to EU-based organizations.

Portland Public Schools in Maine has confirmed a data breach affecting over 12,000 individuals, compromising sensitive personal information. The breach was claimed by the ransomware group RansomHub, known for targeting educational institutions.

A significant data breach at Alpine Ear, Nose & Throat has compromised the personal information of over 65,000 individuals. The breach, attributed to the ransomware group BianLian, involved the theft of sensitive data.

A sophisticated malware campaign leveraging Pulsar RAT has been identified, targeting Windows systems. This campaign employs advanced techniques to evade detection and maintain persistent access, posing a significant threat to affected systems.

Panera Bread has confirmed a data breach affecting 5.1 million accounts, significantly fewer than the initially reported 14 million. The breach involved the exposure of contact information, including email addresses and physical addresses.

A sophisticated phishing campaign is targeting business users by exploiting clean emails, PDF attachments, and cloud storage to steal Dropbox credentials. This attack uses trusted services to bypass security filters and get sensitive information.

Cybercriminals gained access to the internal networks of OLV Pulhof, a secondary school in the Berchem district of Antwerp, shortly after the Christmas break, and claimed to have stolen sensitive data.

A large-scale campaign has been identified involving over 230 malicious packages, known as skills, for the OpenClaw AI assistant. These skills impersonate legitimate utilities but deliver malware that steals sensitive data.

A data breach has occurred at the MACT Health Board, affecting several clinics in California's Sierra Foothills. The breach, attributed to the ransomware group Rhysida, has compromised sensitive personal and medical information of patients.

A new method of hijacking WordPress permalinks involves the creation of shadow directories. This technique allows attackers to inject spam content into search engine results without altering the visible content on the website or its database.