Security researchers discovered that Huddle01, a decentralized video-call platform, exposed sensitive user data through an open Kafka server. The leak included email addresses, wallet IDs, and IP metadata raising privacy concerns for blockchain-linked users.
Capita’s £14 million penalty for its 2023 data breach affecting 6.6 million people shows how detection without swift response leads to disaster. This in-depth breakdown explores the incident, lessons for CISOs, and the rising cost of regulatory failures.
In early 2025, China-linked APT group Jewelbug infiltrated a Russian IT service provider, operating undetected for months. The campaign demonstrates the evolution of Chinese espionage and the rising threats to supply chain integrity across borders.
Security researchers discovered a critical vulnerability in Oracle E-Business Suite (EBS) that enables privilege escalation across enterprise systems. The flaw, tracked under CVE-2025-31245, could allow attackers to execute administrative actions without proper authorization if left unpatched.
Hackers have leaked data stolen from Qantas Airways after the airline missed a ransom deadline. The leak includes customer identifiers, flight data, and communication logs. Authorities are working with ACSC and AFP Cybercrime Operations to contain exposure and verify authenticity.
Researchers now track a widespread compromise of SonicWall SSL VPN accounts. Because attackers authenticate with valid credentials, defenders face rapid lateral movement and limited warning windows. Therefore, teams must review access logs, reissue secrets, and re-establish trust at the remote edge.
A new Cl0p ransomware breach has hit dozens of organizations across finance, energy, and logistics sectors. Analysts warn the campaign marks a resurgence of the group’s dark-web leak operations, signaling a return to large-scale, supply-chain-style extortion attacks.
Google has disclosed a widespread Oracle-linked hacking campaign impacting dozens of organizations across sectors including energy, tech, and logistics. The operation, active since mid-2025, exploited software integrations between vendors and clients marking one of the year’s most significant supply chain cyberattacks.
The number of data-leak sites hit an all-time high in 2025, marking a major escalation in the ransomware ecosystem. Threat groups expanded their leak operations across the dark web, with some running multiple extortion portals at once. Analysts say this surge reflects a fundamental shift in how ransomware crews monetize stolen data.
Online betting platform DraftKings has confirmed a credential-stuffing breach exposing customer data. Attackers reused leaked passwords from past breaches to gain access to DraftKings accounts, compromising personal details, account balances, and transaction history. Users are advised to reset passwords and enable multi-factor authentication immediately.