Online betting platform DraftKings has confirmed a credential-stuffing breach exposing customer data. Attackers reused leaked passwords from past breaches to gain access to DraftKings accounts, compromising personal details, account balances, and transaction history. Users are advised to reset passwords and enable multi-factor authentication immediately.
A misconfigured VTEX cloud bucket exposed personal data of over 6 million shoppers, revealing major gaps in vendor cloud security and breach response.
ParkMobile breach victims will receive a $1 parking credit as part of a 2025 class-action settlement. The 2021 incident exposed 21 million user records.
Hackers exploited OAuth tokens in third-party Salesforce integrations, stealing CRM data and extorting affected customers. Salesforce urges clients to rotate credentials.
Huawei confirmed a data breach stemming from a compromised vendor system, exposing partner and employee records. Security experts warn of new supply-chain risks.
Despite Cisco’s warnings, many ASA/FTD firewalls remain vulnerable. Simultaneously, threat actors claim they breached Red Hat’s GitLab instance. This article merges both crisis points and guides the fixes.
South Korea’s cybersecurity faces unprecedented strain after months of continuous data breaches across public and private sectors, revealing deep governance and policy flaws.
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
A third-party customer support vendor connected to Discord suffered a data breach that exposed personal information. Attackers accessed the vendor’s ticketing system and obtained names, email addresses, usernames, and in some cases scanned government-issued IDs. Crucially, Discord confirmed that its internal infrastructure remained unaffected. Nevertheless, the event underscores the risks created when organizations depend on…
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.