Firefox Built-In VPN: What It Does and What It Doesn’t
Mozilla has added a free Firefox built-in VPN to its browser with the release of Firefox 149. The feature arrived on March 24, 2026, and gives users up to 50GB of protected browsing data each month at no cost. It requires no extra downloads, no extensions, and no third-party subscriptions. For casual users who want basic privacy protection without setting
Dutch Government Cyberattack Hits Finance Ministry
The Dutch government is under fire again after a cyberattack breached the Ministry of Finance's internal systems. The Ministry of Finance confirmed on March 24 that unauthorized access to its internal systems was detected on March 19. The breach reached systems described as primary processes within the ministry's policy department, though the full extent of the intrusion remains unknown. The
FBI Warns of Russian Signal Phishing Attack Campaign
A major Signal phishing attack campaign is actively targeting journalists, politicians, military personnel, and current and former U.S. government officials. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service announcement last Friday, formally linking the operation to Russian intelligence services. Thousands of accounts have already been compromised globally, and the attacks are still ongoing.
Navia Data Breach Hits 2.7 Million People
A benefits administrator most people have never heard of has exposed the sensitive personal data of nearly 2.7 million individuals across the United States. The Navia data breach is one of the largest employee benefits-related incidents in recent memory. And the ripple effects are still expanding. Navia Benefit Solutions, headquartered in Renton, Washington, manages healthcare and spending account benefits on
Perseus Android Malware Targets Your Notes App
Perseus Android malware is a newly discovered threat that goes further than most mobile banking trojans. While typical Android malware focuses on stealing login credentials or intercepting text messages, Perseus actively scans the note-taking apps on your phone, hunting for passwords, crypto wallet recovery phrases, and financial details you may have stored there for safekeeping. What Is Perseus and Where
Stryker Cyberattack Wiped 80,000 Devices in Hours
The Stryker cyberattack did not follow the usual playbook. There was no ransomware, no malicious code, and no encrypted files waiting on a ransom demand. Instead, attackers turned a legitimate Microsoft tool against one of the world's largest medical device companies and wiped approximately 80,000 employee devices in less than three hours. The incident, which began on March 11, 2026,
ChatGPT Ads Privacy: US-Only for Now, But Questions Remain
OpenAI has confirmed that ChatGPT ads privacy concerns are now front and centre for millions of users worldwide. Ads launched in the US in February 2026, and a recent update to OpenAI's privacy policy triggered a wave of speculation that a global rollout was imminent. OpenAI has since clarified that no such expansion is planned, at least for now. But
England Hockey Hit by AiLock Ransomware Attack
England Hockey is investigating a potential data breach after the AiLock ransomware gang listed the organization as a victim on its public leak site. The group claims to have stolen 129GB of data from the national governing body's systems. And is now threatening to publish it unless a ransom is paid. AiLock ransomware is a relatively new but technically capable
Starbucks Data Breach Exposes Employee SSNs and Bank Details
The Starbucks data breach disclosed this week is more serious than a scheduling glitch or a vendor outage. This time, attackers got into the coffee chain's internal HR portal and walked away with some of the most sensitive personal data an employer holds: Social Security numbers, bank account details, and financial routing numbers. Moreover, the breach affected 889 employees and
Zombie ZIP: The Malware Trick Antivirus Tools Can’t See
A newly documented technique called Zombie ZIP allows malware to hide inside a deliberately malformed archive file, bypassing nearly every major antivirus and endpoint detection tool on the market. Security researcher Chris Aziz of Bombadil Systems discovered the technique and tested it against 51 antivirus engines on VirusTotal. It bypassed 50 of them. The CERT Coordination Center has since issued
