Italy’s communications regulator AGCOM has imposed a €14,247,698 fine on Cloudflare for refusing to block access to alleged pirate sites via its public DNS resolver 1.1.1.1. The penalty, set at roughly 1% of Cloudflare’s global annual revenue, could increase to 2% in case of repeat violations, marking one of the toughest European enforcement actions against … Read more

Instagram has fixed a vulnerability that allowed third parties to trigger mass password reset emails to users, while a large dataset allegedly containing records for about 17.5 million Instagram accounts is being shared for free on hacker forums and discussed by the cybersecurity community. Instagram password reset vulnerability and abuse of recovery emails According to … Read more

The open-source workflow automation platform n8n has become the focus of intense security scrutiny after researchers disclosed details of four critical vulnerabilities in recent weeks. Two flaws received the maximum CVSS score of 10.0, including the most severe issue, Ni8mare (CVE-2026-21858), which enables full remote takeover of an n8n instance without any authentication. Why n8n … Read more

At the end of December 2025, the popular non-custodial crypto wallet Trust Wallet disclosed a major security incident: its Google Chrome browser extension was compromised and used to steal user funds. The investigation has linked this breach to the broader Shai-Hulud npm software supply chain campaign, which has been targeting developers, CI/CD pipelines, and secrets … Read more

The critical remote code execution vulnerability CVE-2025-14847, widely referred to as MongoBleed, has moved from disclosure to active exploitation within just a few days of patch availability. Despite released security updates, tens of thousands of MongoDB servers remain exposed on the public internet, substantially increasing the risk of large-scale compromise for organizations worldwide. What Is … Read more

A large database allegedly containing subscriber information for Wired magazine has been released on a popular hacking forum, exposing more than 2.3 million records. The threat actor, operating under the alias Lovely, also claims to hold data on roughly 40 million additional users of other Condé Nast brands, raising serious concerns about the protection of … Read more

A major Coinbase data breach, disclosed in spring 2025, has led to the arrest of a former support employee in Hyderabad, India. The individual worked for TaskUs, an outsourcing provider used by the cryptocurrency exchange. According to Coinbase CEO Brian Armstrong, this arrest is part of a broader, ongoing criminal investigation and is unlikely to … Read more

The fallout from the 2022 LastPass breach continues to affect cryptocurrency holders years later. According to new analysis by TRM Labs, encrypted backups of user vaults stolen in that incident are still being cracked today, enabling attackers to recover private keys, seed phrases, and exchange credentials and move victims’ digital assets to attacker-controlled wallets. How … Read more

The cybercriminal group Everest has claimed responsibility for a large-scale cyber attack on the IT systems of US automaker Chrysler, part of the Stellantis group. According to the attackers, they exfiltrated around 1,088 GB of data, allegedly representing a “complete” set of operational information spanning several years. At the time of writing, Chrysler and Stellantis … Read more

The fallout from the 2022 LastPass breach continues to affect cryptocurrency holders years later. According to new analysis by TRM Labs, encrypted backups of user vaults stolen in that incident are still being cracked today, enabling attackers to recover private keys, seed phrases, and exchange credentials and move victims’ digital assets to attacker-controlled wallets. How … Read more