Featured

Breaking
Vercel breach — Lumma Stealer supply chain attack
🔴 Critical — April 2026
One game download.
Hundreds of companies breached.
Infostealer Supply Chain

Vercel: Lumma Stealer Entered via a Roblox Cheat File

An employee downloaded a Roblox game script from an unofficial site. It contained Lumma Stealer. The malware ran silently for two months — collecting passwords and session tokens. Attackers then used those credentials to reach Vercel's Google Workspace through a third-party app. Source code, API keys, and data from hundreds of organisations was stolen.

April 2026 • TechCrunch, The Hacker News, BleepingComputer
Read full story →

Latest News

MFA bypass attack illustration
CriticalMFA Bypass

Storm-2372: MFA Bypassed at Scale — No Password Stolen

A criminal group abused a legitimate Microsoft login flow. Victims clicked a link and pressed Allow — no password needed. FBI shut it down in April 2026.

April 2026 Read more →
Social engineering attack illustration
HighSocial Engineering

Figure Technology: 967,000 Accounts Exposed After One Employee Was Manipulated

Attackers sent one convincing message. No malware. No hacking tools. 967,000 customer records stolen and published online.

February 2026 Read more →
Router hijacking session theft illustration
CriticalSession Theft

APT28: 18,000 Routers Hijacked to Steal Session Tokens

A state-sponsored group stole OAuth tokens from 18,000 routers globally — bypassing MFA entirely. With a stolen token, no password or MFA code is needed.

April 2026 Read more →
Contractor phishing breach illustration
HighPhishing

Adobe: 13 Million Support Tickets Exposed via a Contractor's Device

One phishing email on a contractor's device gave attackers access to 13 million tickets, 15,000 employee records, and unpublished security vulnerabilities.

April 2026 Read more →
Credential breach database illustration
Industry-wideBreach Data

Synthient: 1.3 Billion Passwords Now Searchable in Have I Been Pwned

HIBP absorbed 1.96 billion emails and 1.3 billion passwords. 625 million had never been seen before. Check yours at haveibeenpwned.com.

November 2025 Read more →
Security checklist guide illustration
GuideBest Practice

Six Steps to Protect Yourself Right Now

Change your password. Deny unexpected MFA prompts. Stop reusing passwords. Six clear actions — no jargon — under 30 minutes.

May 2026 Read guide →

Verified Sources

Every article is sourced from verified, authoritative outlets only. No unverified claims are published.

BleepingComputer
Security news, breach reporting, malware analysis
bleepingcomputer.com
The Hacker News
Cybersecurity reporting, APT tracking, vulnerability news
thehackernews.com
TechCrunch Security
Breach disclosure and tech industry security reporting
techcrunch.com
NCSC
UK National Cyber Security Centre — official guidance
ncsc.gov.uk
CISA
US Cybersecurity & Infrastructure Security Agency
cisa.gov
ENISA
EU Agency for Cybersecurity — annual threat landscape
enisa.europa.eu
Have I Been Pwned
Check if your email appeared in a known breach — free
haveibeenpwned.com
Europol
Operation Endgame, infostealer takedowns, EU enforcement
europol.europa.eu