Ionut Arghire

Massachusetts medical firm Onsite Mammography discloses data breach impacting the personal information of 350,000 patients.

Cybersecurity startup Terra Security has raised $8 million in seed funding from SYN Ventures, FXP Ventures, and Underscore VC.

The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.

A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.

Security researchers detail various malware campaigns that use bulletproof services linked to Proton66 ASN.

A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.

Data protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners.

Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack.

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.

Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme.

Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.

The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack.

Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years.

In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally.

A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.

Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities.

Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs.

Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.

DaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands.

The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.