Good luck to Jeremy Hansen and the Artemis II crew as they launch tonight. I’m glad I had the chance to meet Jeremy before this historic moment. Wishing the crew a safe flight and a successful mission as Jeremy becomes the first Canadian on a lunar mission. 🇨🇦

European Commission investigating breach after Amazon cloud account hack The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment.

Not reported in the article, but the threat actor is ShinyHunters.
www.bleepingcomputer.com/news/securit...

How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM | Snyk On March 24, 2026, threat actor known as TeamPCP published backdoored versions of the litellm Python package after stealing PyPI credentials via a compromised Trivy GitHub Action in LiteLLM's CI/CD pi...

Supply chain attack
snyk.io/articles/poi...

Fintech lending giant Figure confirms data breach | TechCrunch The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach.

techcrunch.com/2026/02/13/f...

Millions of people imperiled through sign-in links sent by SMS Even well-known services with millions of users are exposing sensitive data.

arstechnica.com/security/202...

Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch The security lapse exposed personal information belonging to residents who received state benefits.

techcrunch.com/2026/01/08/i...

Domain squatter.

www.roadandtrack.com/news/a696340...

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions now.

$@Wow, this React vulnerability is really going to cause havoc.

thehackernews.com/2025/12/crit...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) Active exploitation targets 7-Zip CVE-2025-11001; patch 25.00 fixes symbolic link RCE flaws.

thehackernews.com/2025/11/hack...

Outage at Cloudflare Disrupts Parts of the Internet

www.nytimes.com/2025/11/18/b...

Copy-paste now exceeds file transfer as top corporate data exfiltration vector Nearly a third of copy-pastes from corporate to non-corporate accounts are to AI tools.

www.scworld.com/news/copy-pa...

WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks Maverick malware spreads via WhatsApp Web, targeting Brazilian banks through PowerShell and browser hijacking.

thehackernews.com/2025/11/what...

Security hole slams Chromium browsers - no fix yet Exclusive: Edge, Atlas, Brave among those affected

document.title;

Plex suffers security incident exposing user data and urging password resets Plex has disclosed a security breach that exposed customer data. While passwords were hashed and credit cards unaffected, the company is requiring all users to reset their passwords.

Plex data breach

nerds.xyz/2025/09/plex...

Microsoft Azure services disrupted by Red Sea cable cuts Unexplained damage to the cables is causing delays in traffic going through the Middle East, the tech giant says.

Azure cloud services have been disrupted by undersea cable cuts
www.bbc.com/news/article...

Weaponizing image scaling against production AI systems In this blog post, we’ll detail how attackers can exploit image scaling on Gemini CLI, Vertex AI Studio, Gemini’s web and API interfaces, Google Assistant, Genspark, and other production AI systems. W...

blog.trailofbits.com/2025/08/21/w...

Wordle 1,523 X/6

⬛⬛⬛⬛⬛
⬛⬛🟩⬛🟨
⬛🟩🟩⬛⬛
⬛🟩🟩⬛⬛
⬛🟩🟩⬛⬛
🟨🟩🟩⬛🟨

Really whipped my ass.

How to Defend Against Root-of-Trust Attacks: Lessons from Secret Blizzard Russian group Secret Blizzard bypassed MFA in 2025 embassy attacks via TLS root compromise, exposing MFA limits.

Defend against state sponsored attacks.

thehackernews.com/expert-insig...

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code Cisco's CVE-2025-20337 flaw exposes ISE to root access via API exploit. Affects releases 3.3 & 3.4.

thehackernews.com/2025/07/cisc...

Qantas confirms data breach impacts 5.7 million customers Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data.

www.bleepingcomputer.com/news/securit...

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch Google fixed CVE-2025-5419 in Chrome after detecting active exploitation, affecting all platforms using V8 engine.

Time to update Chrome.
thehackernews.com/2025/06/new-...

North Korea Infiltrates U.S. Remote Jobs—With the Help of Everyday Americans A LinkedIn message drew a former waitress in Minnesota into a type of intricate scam involving illegal paychecks and stolen data. It’s a growing problem for businesses.

www.wsj.com/business/nor...

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign Session hijacking now drives enterprise breaches—88% involve stolen credentials, often exploited within hours.

thehackernews.com/2025/05/from...

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards Mozilla patched 2 Firefox zero-days exploited at Pwn2Own Berlin, risking code execution via JavaScript flaws.

thehackernews.com/2025/05/fire...

Coinbase says customers' personal information stolen in data breach | TechCrunch The crypto exchange giant said the hacker bribed contractors and employees in support roles to steal data.

Coinbase says customers’ personal information stolen in data breach

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy Chrome flaw CVE-2025-4664 enables cross-origin data leaks; active exploit confirmed; update to 136.0.7103.113.

New Chrome Vulnerability

A Sneaky Phish Just Grabbed my Mailchimp Mailing List You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish h...

This shows how easy it can be to bypass MFA.