FortiBleed Leak Hits Thousands of Fortinet VPN Devices
A new security incident known as FortiBleed has exposed Fortinet VPN credentials for tens of thousands of organizations worldwide. Researchers found a database containing login credentials for more than 73,000 Fortinet and FortiGate firewall devices. The data includes usernames, email addresses, and plaintext passwords. The list names household brands like Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes-Benz, and Toyota. Security researcher
Hola Browser Supply Chain Attack Delivers Hidden Miner
A Monero miner hiding inside a trusted browser installer is the kind of threat most users never see coming. That is exactly what happened to Hola Browser, whose Windows version fell victim to a supply chain attack that quietly bundled cryptocurrency-mining software alongside legitimate installations. How the Compromise Came to Light The discovery did not come through user complaints or
First VPN Seized by Police in Global Ransomware Crackdown
A criminal anonymization service called First VPN is now offline after an international law enforcement operation dismantled it on May 19 and 20, 2026. Ransomware gangs, fraudsters, and data thieves had used it for years to hide their activity. Codenamed Operation Saffron, the action took down 33 servers, seized three domains, and put the service's administrator in handcuffs in Ukraine.
ShinyHunters Hit Canvas LMS in Massive Data Breach
Tens of millions of students, teachers, and staff woke up to a security nightmare this month. A Canvas LMS data breach carried out by the ShinyHunters extortion group has exposed data from an estimated 275 million people across nearly 9,000 educational institutions worldwide — making it the largest educational security breach on record. How the Attack Unfolded The story starts
Firefox Built-In VPN: What It Does and What It Doesn’t
Mozilla has added a free Firefox built-in VPN to its browser with the release of Firefox 149. The feature arrived on March 24, 2026, and gives users up to 50GB of protected browsing data each month at no cost. It requires no extra downloads, no extensions, and no third-party subscriptions. For casual users who want basic privacy protection without setting
Ubisoft Breach Disrupts Rainbow Six Siege Economy
A serious security incident inside Ubisoft’s live-service infrastructure has shaken one of its flagship titles. The Ubisoft breach surfaced after players in Rainbow Six Siege began reporting sudden access to billions of in-game credits, unlocked premium cosmetics, and unusual system messages that should never appear during normal gameplay. The situation quickly escalated from a curiosity into a confirmed security failure,
RondoDox XWiki exploit Drives New Wave of Botnet Attacks
A RondoDox XWiki exploit fuels a new surge in botnet activity as threat actors target unpatched servers exposed to the internet. Security researchers observed fresh exploitation waves throughout November, and the campaign highlights how delayed patching creates real opportunities for attackers. The flaw at the center of the incident affects the SolrSearch endpoint in older XWiki versions and enables remote
Malware Takedown Dismantles Major Malware Operations
Malware takedown efforts intensified this week as international law-enforcement agencies dismantled the infrastructure behind Rhadamanthys, VenomRAT, and Elysium. Authorities targeted large networks that controlled infected systems, harvested credentials, and enabled widespread cybercrime activity. Investigators coordinated across several countries and removed key servers, domains, and operational assets. This action delivers a significant blow to three prolific malware ecosystems. Scale of the
Are AI Browsers a Welcome Innovation or a Security Threat?
The next generation of web browsers doesn’t just open pages, it thinks, reads, and acts. AI browsers are emerging as intelligent companions designed to simplify online tasks, summarise information, and automate repetitive work. For many users, they represent the future of web navigation: effortless, conversational, and deeply personalised. But beneath this polished innovation lies an uncomfortable question. When the browser
GhostBat Android RAT Masquerades as RTO App to Steal Data
The Android malware landscape continues to evolve, and GhostBat stands out as one of the most dangerous new threats. This Android RAT pretends to be a legitimate RTO (Regional Transport Office) app to lure unsuspecting users. Once installed, it exploits permissions and accessibility tools to steal financial data, intercept messages, and gain remote control over devices. Attack Vector and Distribution
