The News.
Daily intel.

Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.

148

Articles

143

Updated this month

14k+

Monthly readers

Showing 73–81 of 148 articles 143 updated this month

Intermediate 1.3k

News 7 min read

Vimeo Data Breach: ShinyHunters Steals 119,000 Users via Anodot Supply Chain

ShinyHunters breached Vimeo via analytics vendor Anodot, exposing 119,000 user emails. Credentials and payment data were not affected. Full breach details inside.

Intermediate 1.0k

News 9 min read

Bleeding Llama: CVE-2026-5757 Exposes 300,000 Ollama AI Servers, No Patch Available

CVE-2026-5757 (Bleeding Llama) is a critical, unpatched heap memory leak in Ollama affecting 300,000 deployments. Attackers can exfiltrate API keys and private data remotely.

Intermediate 4.6k

News 8 min read

Apache MINA CVE-2026-42778 and CVE-2026-42779: Dual CVSS 9.8 RCE Patched

Apache MINA patches two CVSS 9.8 deserialization RCE flaws (CVE-2026-42778, CVE-2026-42779) plus Apache HTTP Server CVE-2026-23918. Upgrade now.

Intermediate 2.9k

News 7 min read

Karakurt Ransomware Negotiator Gets 8.5 Years for $56M Extortion Campaign

Deniss Zolotarjovs, a Karakurt ransomware negotiator, was sentenced to 102 months in US federal prison for extorting 54+ companies including a pediatric healthcare provider.

Intermediate 3.1k

News 7 min read

DarkSword iOS Exploit Chain: Six CVEs, Three Zero-Days, Full Device Takeover

DarkSword is a full-chain iOS exploit kit using six CVEs—three zero-days—to silently take over iPhones running iOS 18.4–18.6.2. Patch to iOS 18.7.7 now.

Beginner 2.5k

News 6 min read

CVE-2026-0073: Critical Android RCE Flaw Affects Android 14 Through 16

CVE-2026-0073 is a critical zero-click RCE in Android's System component affecting Android 14–16. Google's May 2026 patch fixes the flaw. Update now.

Intermediate 793

News 8 min read

2026 FIFA World Cup Scam Economy: Fake Visas, Counterfeit Tokens, Phishing

Malwarebytes documents a four-part 2026 FIFA World Cup scam ecosystem already operating: fake $270 US entry visas, unlicensed crypto tokens, counterfeit merchandise, and unregulated betting sites.

Intermediate 3.3k

News 8 min read

DHS Used Administrative Subpoenas to Force Google and Meta to Reveal Anti-ICE Users

DHS has issued hundreds of administrative subpoenas to Google, Meta, Reddit, and Discord to unmask users who criticized ICE online. Google, Meta, and Reddit have complied.

Intermediate 1.3k

News 8 min read

APT28 Targets Western Logistics and Tech Firms Supporting Ukraine Aid

Russia's GRU Unit 26165 (APT28) has been hacking Western logistics, defense, and tech companies since 2022 using HEADLACE malware, IP cameras, and CVE-2023-23397.