Coca Cola Data Breach Leaks Employee Info
In May 2025, Coca-Cola suffered a data breach - and not one, but two within days! These breaches exposed sensitive employee information and millions of internal Salesforce records, highlighting critical vulnerabilities in Coca-Cola’s security ecosystem. This incident serves as a stark reminder of the growing threat of sophisticated cybercriminals targeting multinational corporations. Everest Ransomware Targets Employee Information The first major
Adidas Data Breach Confirmed, Customer Info Leaked
Adidas has disclosed a data breach that exposed personal details of customers after a cyberattack targeted one of its external service providers. The incident, which occurred in May 2025, affected individuals who had previously contacted the company’s customer support. What Information Was Leaked? The breach involved unauthorized access to non-sensitive personal information. According to Adidas, the exposed data includes full
Aisuru Botnet Launches Devastating DDoS Attack
A recent attack on KrebsOnSecurity has set a new benchmark for the scale and speed of digital warfare. Central to this unprecedented 6.3 Tbps distributed denial-of-service (DDoS) attack is Aisuru, a recently discovered botnet powered by compromised Internet of Things (IoT) gadgets. Unlike traditional attacks, this one lasted less than a minute, packed enough power to cripple most online infrastructures.
Ivanti EPMM Security Flaws Exploited By Hackers
Two newly identified Ivanti Endpoint Manager Mobile (EPMM) security flaws, are under active exploitation by a sophisticated hacking group believed to be operating from China. The vulnerabilities, when used together, enable attackers to bypass authentication and remotely execute malicious code, potentially giving them full control of targeted systems. The Vulnerabilities Explained Security experts have flagged two critical issues in Ivanti’s
UK Legal Aid Agency Data Breach: Sensitive Information Stolen
The UK Legal Aid Agency (LAA) has confirmed a significant data breach following a cyberattack. The attack compromised sensitive personal information of legal aid applicants, some of which dates back as far as 2010. The breach, uncovered on April 23, 2025, has sparked serious concerns about data protection in the public sector and the security of vulnerable individuals relying on
RVTools Website Hacked to Spread Bumblebee Malware
In a concerning case of software supply chain compromise, the official RVTools website was hacked to distribute malware. RVTools is a trusted utility used by VMware administrators. The installer, normally used to help IT professionals audit virtual environments, was tampered with to deliver the Bumblebee malware loader, a known precursor to ransomware attacks. This incident underscores the persistent and growing
Venom Spider Phishing Attack Targets HR Departments
In the evolving world of cybercrime, threat actors are continuously seeking new entry points into organizations. A new spear-phishing campaign has recently drawn attention for its clever targeting of an often-overlooked department: human resources. This phishing attack, orchestrated by the financially motivated group known as Venom Spider, leads to stolen credentials, remote access and more. A Deceptive Approach Venom Spider
Darcula PhaaS Is Behind Nearly 884,000 Stolen Credit Cards
Phishing attacks are becoming more advanced and more accessible to cybercriminals than ever before. One of the most alarming examples to date is Darcula, a Phishing-as-a-Service (PhaaS) platform that has enabled criminals to steal nearly 884,000 credit card numbers in a sophisticated, widespread campaign. As the phishing landscape evolves, Darcula shows just how professionalized and industrialized cybercrime has become. What
Luna Moth Cybercriminals Impersonate IT Support to Steal Data
In a rapidly evolving threat landscape, a cybercrime group known as Luna Moth - also referred to as the Silent Ransom Group (SRG) - has been targeting organizations in the United States using a cunning form of social engineering. Their latest campaign involves impersonating internal IT support teams. They manage to trick employees into granting remote access to corporate systems,
Fake WordPress Security Plugin Grants Access to Attackers
A new and highly deceptive cybersecurity threat has emerged targeting WordPress websites. Cybercriminals have developed a fake WordPress security plugin that not only pretends to protect websites but in reality, grants attackers remote administrative access. How the Attack Works The fake WordPress security plugin masquerades as a legitimate security tool. One of the known malicious files is named WP-antymalwary-bot.php. This
