Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. When it was reported that Gmail passwords were amongst a batch ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

It started with a jolt on a quiet Sunday in late April: Microsoft Defender for Identity began firing off alerts to customers around the world, warning them that their credentials had been compromised.

News broke today about "one of the largest data breaches in history," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to just be a compilation of previously ...

Do you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published May 28, security ...

Threat actors are openly advertising access to hacked websites as part of the underground economy. One of the most promising products is a compromised cPanel credential. They are sold in the thousands ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

Your Apple Account (previously known as your Apple ID) is a vital part of the Apple ecosystem. It does so many things, but because you have to log into it on so many ...

The Shai-Hulud campaign continues, now affecting hundreds of new packages and potentially compromising thousands of projects.