European travel company Eurail is notifying over 300,000 people that their personal information was stolen in a December 2025 data breach. The incident was initially disclosed in January, when the company warned that customers who were issued a Eurail pass… Read More "300,000 People Impacted by Eurail Data Breach"
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding… Read More "Protecting Cookies with Device Bound Session Credentials"
Proof of Work (PoW) Ties every node to a real computational cost, making mass fake node creation prohibitively expensive Blockchain and permissionless networks Proof of Stake (PoS) Requires staked capital per node; slashing penalties deter attackers from running Sybil nodes… Read More "Sybil Attacks Explained: Risks, Examples & Prevention"
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included… Read More "Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region"
A cyber-attack on Bitcoin Depot’s internal systems has resulted in the theft of more than 50 Bitcoin, valued at approximately $3.66m, according to a recent regulatory filing. The company said it detected unauthorized access to parts of its IT infrastructure… Read More "Bitcoin Depot Reports $3.6m Crypto Theft After System Breach"
Unfortunately, we have a problematic and unstable neighbor. Without getting into details, he often yells obscenities, threatens physical harm, threatens property damage, and other such undesirable things. Sadly, involving the police from time to time and getting two restraining orders… Read More "The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security"
Ravie LakshmananApr 09, 2026Malware / Windows Security A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is a sophisticated stager… Read More "UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns"
A previously undocumented remote access trojan (RAT) known as STX RAT has been identified following an attempted deployment in a financial services environment in late February 2026. The malware, tracked by eSentire’s Threat Response Unit, uses a distinctive communication marker… Read More "STX RAT Targets Finance Sector With Advanced Stealth Tactics"
Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and compromise data, CloudSEK warns. For over a decade, Google has said that API keys for public services such as Maps are… Read More "Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access"
Ravie LakshmananApr 09, 2026Vulnerability / Threat Intelligence Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a… Read More "Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025"
