access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails
Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-phishing-fake-compliance/ also interesting: Consent Phishing: The New, Smarter Way to Phish ‘Secure email’: A losing battle CISOs must give up What is Single Sign-On (SSO) Stopping…
-
Physical Cargo Theft Gets a Boost From Cybercriminals
Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/physical-cargo-theft-cybercriminals also interesting: Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps The…
-
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/microsoft-edge-passwords-enterprise-risk also interesting: 9 VPN alternatives for securing remote network access Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as…
-
What If Your Digital Footprint Could Shrink?
Get Surfshark One+ with Incogni for $91.99 (reg. $500.40) and cover VPN, alerts, antivirus, and data removal. The post What If Your Digital Footprint Could Shrink? appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/surfshark-one-incogni-2-year-plan/ also interesting: Privacy Roundup: Week 12 of Year 2025 How defenders use the dark web 7 obsolete…
-
CrowdStrike Promotes Amanda Adams To Global Alliances Leader Amid AI Push
Amanda Adams, a longtime channel executive at CrowdStrike, has been promoted to serve as the new global channel chief at the cybersecurity giant as it sees massive opportunities ahead in AI and services for solution and service provider partners, the company told CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/crowdstrike-promotes-amanda-adams-to-global-alliances-leader-amid-ai-push also interesting: CrowdStrike to…
-
CISA urges critical infrastructure firms to ‘fortify’ before it’s too late
As concerns mount about potential cyber sabotage by the Chinese government, the U.S. is warning operators to practice maintaining services in a degraded state. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-ci-fortify-isolation-recovery-guidance/819317/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Trump administration disbands DHS board investigating Salt Typhoon hacks CVE program averts…
-
North Korean APT Targets Yanbian Gamers via Trojanized Platform
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply”‘chain attack, trojanizing Windows and Android software to spy on users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/scarcruft-birdcall-android-yanbian/ also interesting: Privacy Roundup: Week 11 of Year 2025 The 2024 cyberwar playbook: Tricks used by nation-state actors The most notorious and damaging…
-
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been…
-
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email, with pricing starting at $99/month LuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare […]…
-
FTC to ban data broker Kochava from selling Americans’ location data
The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers’ explicit consent to settle charges alleging that it sold precise geolocation data collected from hundreds of millions of mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ftc-to-ban-data-broker-kochava-from-selling-americans-location-data/ also interesting: Sturnus Malware Hijacks Signal and WhatsApp, Taking…
-
Google to pay up to $1.5 million for zero-click Pixel Titan M exploits
Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/google-vulnerability-reward-program-android-chrome-pixel/ also interesting: Privacy Roundup: Week 13 of Year 2025 Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI…
-
Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/ollama-windows-vulnerabilities-cve-2026-42248-cve-2026-42249/ also interesting: Veeam issues patch for critical RCE bug Attackers exploit zero-day RCE flaw in Cleo managed file transfer Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively…
-
Critical Android vulnerability CVE-2026-0073 fixed by Google
Google patched a critical Android flaw (CVE”‘2026″‘0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE”‘2026″‘0073, in the System component. The bug allowed attackers to run code as the shell user without needing extra permissions, or any…
-
Attackers are cashing in on fresh ‘CopyFail’ Linux flaw
Researchers dropped a reliable root exploit and it didn’t sit idle for long First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/cisa_sounds_the_alarm_on/ also interesting: CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog Actively exploited Linux kernel flaw requires immediate remediation U.S. CISA adds an OpenPLC ScadaBR flaw to…
-
Hackers steal students’ data during breach at education tech giant Instructure
The data breach at education tech giant Instructure includes students’ private data, according to a sample of the allegedly stolen data seen by TechCrunch. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/ also interesting: Europol Expert Platform Data Breach Claimed by Hacker IntelBroker LuLu Hypermarket Data Breach Reportedly Affects 196,000 Customers in IntelBroker-Led Cyberattack TalkTalk…
-
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack
The cybersecurity company says it’s seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/kaspersky-suspects-chinese-hackers-planted-a-backdoor-into-daemon-tools-in-widespread-attack/ also interesting: Top 7 zero-day exploitation trends of 2024 The 2024 cyberwar playbook: Tricks used by nation-state actors Top 12…
-
Trellix investigating breach of source code repository
The cybersecurity company said there is no immediate evidence of code being exploited or released. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/trellix-investigating-breach-source-code-repository/819327/ also interesting: Deloitte Hacked Brain Cipher Group Claim to Have Stolen 1 TB of Data Why domain-based attacks will continue to wreak havoc Would Your Business Survive a Black Friday Cyberattack? The…
-
CISA urges critical infrastructure firms to ‘fortify’ now before it’s too late
As concerns mount about potential cyber sabotage by the Chinese government, the U.S. is warning infrastructure operators to practice maintaining services in a degraded state. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-ci-fortify-isolation-recovery-guidance/819317/ also interesting: Trump administration disbands DHS board investigating Salt Typhoon hacks CVE program averts swift end after CISA executes 11-month contract extension…
-
mini Shai-Hulud – Supply Chain Angriff auf SAP CAP durch bösartige npm-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/mini-shai-hulud-manipulierte-npm-pakete-sap-cap-a-277b157533ce4fe6521d7593683f5f84/ also interesting: Supply-Chain-Angriff: Mehrere Softwareprojekte von SAP kompromittiert Cyber-Angriffe auf die Lieferkette: Unternehmen sollten Risiken erkennen und gezielt vorbeugen TeamPCP griff EU und Cisco an – Massive Supply-Chain-Angriffe über Trivy-Tool und Telnyx-PyPI TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It…
-
Fake SSA Emails Drive Venomous#Helper Phishing Campaign
Venomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ssa-emails-venomous-helper-phishing/ also interesting: The most notorious and damaging ransomware of all time Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds How defenders…
-
ScarCruft Targets Gaming Platform With Windows, Android Backdoors
A sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing since late 2024, weaponized both Windows and Android components of sqgame[.]net, a video game platform that hosts traditional Yanbian-themed card and board games.…
-
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to conduct highly targeted cyberespionage operations. Attackers successfully breached the development pipeline of AVB Disc Soft, the creators of the widely…
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don’t Check.
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/ also interesting: The 2024 cyberwar playbook: Tricks used by…
-
Android Zero-Click RCE Vulnerability Enables Remote Shell Access
A patched Android RCE flaw allows nearby attackers to gain zero-click remote shell access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/android-zero-click-rce-vulnerability-enables-remote-shell-access/ also interesting: Android Security Update Fixes Linux Kernel RCE Flaw Allow Read/Write Access Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild Android Hit by 0-Click RCE Vulnerability in Core…
-
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
Cambridge, MA, 5th May 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/ also interesting: Insider Breach, Email Attacks Net $1.7M in HIPAA Fines Privacy Roundup: Week 1 of Year 2025 7 biggest healthcare security threats 7 biggest healthcare security threats
-
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/cushman_wakefield/ also interesting: Do CISOs need to rethink service provider risk? President Trump’s Cyber Strategy for America: What It Means for the U.S. and Why It Matters Globally Google Cloud Security Threat Horizons Report #13…
-
4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals faster
Tags: unclassifiedFor the next four days only, you can buy one pass to TechCrunch Disrupt 2026 and get 50% off a second of the same ticket type. That window closes May 8 at 11:59 p.m. PT. After that, prices go up, and you’ll pay more to bring a partner or colleague. Register today to get your plus-one pass at 50% off. First seen on techcrunch.com…
-
Dominant im RaaS-Markt – Wer ist RansomHub?
Tags: unclassifiedFirst seen on security-insider.de Jump to article: www.security-insider.de/ransomhub-raas-ransomware-cybercrime-a-62dfbc8b095540eea2ee6ed56cd343d0/ also interesting: Obituary: Professor Ross Anderson, pioneer in security engineering and campaigner Fresh ‘Mispadu Stealer’ Variant Emerges Datenklau unter Hochspannung: Die Masche hinter dem <> IT-Asset Disposal – Nachhaltigkeit, Sicherheit und versteckte Werte freisetzen
-
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Tags: attack, cve, exploit, flaw, injection, open-source, remote-code-execution, threat, vulnerabilityThreat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.”MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code…
-
The Back Door Attackers Know About, and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets…
-
Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems
Tags: automation, cve, cvss, cyber, exploit, flaw, office, rce, remote-code-execution, vulnerabilityA critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8, this flaw exposes enterprise office automation systems to full OS-level compromise without requiring any authentication. Vulnerability Overview CVE-2026-22679…
-
Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor
Silver Fox is running a tax”‘themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campaign shows how the group is steadily evolving from commodity RAT delivery to…
-
Vimeo data breach exposes personal information of 119,000 people
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/ also interesting: 7 biggest cybersecurity stories of 2024 25 on 2025: APAC security thought leaders share…
-
Huntress Expands Channel Partnerships to Boost Cybersecurity Reach Across Mid-Market and Public Sector
Global cybersecurity company Huntress has announced a major expansion of its global channel ecosystem, adding four new distribution partners to accelerate growth across the mid-market, public sector, and EMEA regions. The new partnerships with Ingram Micro, Vertosoft, Liquid PC, and QBS Software are designed to broaden access to enterprise-grade cybersecurity tools for organizations increasingly targeted…
-
Conti ransomware gang member sentenced to 102 months in prison
A Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/usa-conti-ransomware-member-sentenced/ also interesting: Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin Ransomware gangs advancing Moscow’s geopolitical aims,…
-
Download: Secure Foundations for AI Workloads on AWS
Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/cis-download-secure-foundations-for-ai-workloads-on-aws/ also interesting: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) Was die ISS über den Schutz kritischer und weitgehend isolierter Unternehmens-IT…
-
Anti-ICE Site GTFO ICE Accused of Exposing Data of 17,000+ Activists
An anti-ICE website, GTFO ICE, linked to Miles Taylor, is accused of exposing the personal details of 17,662 activists, sparking concerns that the data may have reached government agencies. First seen on hackread.com Jump to article: hackread.com/anti-ice-site-gtfo-ice-expose-activists-data/ also interesting: Microsoft ‘digital escorts’ reveal crucial US counterintelligence blind spot TeaOnHer, a rival Tea app for men,…
-
Iranian Proxy Networks in Latin America Post-Maduro: IRGC
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/iranian-proxy-networks-in-latin-america-post-maduro-irgc also interesting: U.S. Government Warns of Iran-Based UNC757 Attacks After Advance Auto Parts Data Breach, Claims of Modern Automotive Network Cyberattack Surface Iranian Hackers Breach Middle East Infrastructure President Trump’s Cyber Strategy for America: What It Means for the U.S. and Why It Matters Globally
-
Educational company Instructure reports cyber incident
By Saturday, Infrastructure’s chief information security officer Steve Proud confirmed that the hackers gained access to information about users at some educational institutions, including names, email addresses, student ID numbers and messages between users. First seen on therecord.media Jump to article: therecord.media/infrastructure-education-company-canvas-incident also interesting: Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from…
-
Australia launches cyber review board modeled on version disbanded in US
The Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability. First seen on therecord.media Jump to article: therecord.media/australia-launches-cyber-review-board also interesting: US sanctions Chinese cybersecurity firm over global malware campaign US eyes ban on TP-Link routers amid…
-
Copy Fail und die KI: Forscher patzen bei Offenlegung von Linux-Lücke
Copy Fail ist eine der gefährlichsten Linux-Lücken der vergangenen Jahre. Die Offenlegung verlief aber alles andere als vorbildlich – unter anderem wegen KI. First seen on golem.de Jump to article: www.golem.de/news/copy-fail-und-die-ki-forscher-patzen-bei-offenlegung-von-linux-luecke-2605-208331.html also interesting: From StackStorm to DeepTempo Google Cloud Donates A2A Protocol to Linux Foundation for Smarter, Secure Communication Koske, a new AI-Generated Linux malware…
-
Vimeo-Daten nach Angriff auf KI-Dienstleister erbeutet – Hacker fordern von Vimeo Lösegeld für Nutzerdaten
First seen on security-insider.de Jump to article: www.security-insider.de/shiny-hunters-datenleck-vimeo-anodot-a-0bc433776c1e797ffe967ac46011a87c/ also interesting: Two Hacks, One Empire: The Cyber Assaults Disney Didn’t See Coming AI is helping hackers automate and customize cyberattacks Entwickler werden zum Angriffsvektor State Hackers Turn Google AI Into Attack Acceleration Tool
-
How the Story of a USB Penetration Test Went Viral
Tags: penetration-testingTwo decades ago Dark Reading posted its first blockbuster, a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author Steve Stasiukonis, Dark Reading senior editor Becky Bracken, and Dark Reading’s…
-
Cerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote Control
Cerberus Anti-theft, a long-running Android “security” app, is operating as full-featured stalkerware on Google Play, abusing accessibility services and Google Firebase to give abusers near-total remote control over victims’ phones. Once installed, Cerberus lets an abuser push a custom lock”‘screen notification to the victim’s device from a web dashboard at cerberusapp.com or a paired smartwatch.…
-
Cisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity Security
Networking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding >>agentic workforce<<, the growing ecosystem of autonomous AI agents that operate alongside human employees. As organizations integrate AI into their…
-
Google now offers up to $1.5 million for some Android exploits
Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-now-offers-up-to-15-million-for-some-android-exploits/ also interesting: 9 top bug bounty programs launched in 2025 9…
-
Proton Mail rolls out post-quantum encryption for all users as industry braces for ‘harvest now, decrypt later’ threat
Proton Mail has today announced the rollout of post-quantum encryption (PQC) across its email platform, making quantum-resistant key generation available to all users, including those on free plans, in what the company describes as a proactive step ahead of the quantum computing era. The feature, which users can opt into via Proton Mail’s encryption key…
-
Oracle rolls out monthly security patch updates
Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. >>Each [monthly] CSPU is smaller … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/oracle-monthly-security-updates/ also interesting: Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884 Oracle OIM zero”‘day: Pre”‘auth…
-
Romance scammers turn sweet talk into £102M payday
Tags: scamVictims losing £280K a day to fake profiles and sob stories First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/romance_scam_figures/ also interesting: Cambodian Senator Sanctioned By US Over Cyber Scam Camps Scammers cash in on tax season Beware! Google Ads Promote Fake Tesla Websites Soliciting Fraudulent Deposits Scam USPS and E-Z Pass Texts and Websites
-
ShinyHunters claims dump puts 119K Vimeo emails in the wild
Vimeo points finger at analytics supplier Anodot, says no logins or card data were touched First seen on theregister.com Jump to article: www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/ also interesting: A flaw in Catwatchful spyware exposed logins of +62,000 users Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials Palo Alto Networks, Zscaler, Cloudflare hit by the latest data…