Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously. 1/7

The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.

SCOOP: An internal DHS document obtained by 404 Media shows for the first time CBP used location data sourced from the online advertising industry to track phone locations. This surveillance can happen through all sorts of apps, such as video games, news apps, weather trackers, and dating apps.

Amazon has confirmed that three Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE) and one in Bahrain have been damaged by drone strikes, causing an extensive outage that is still affecting dozens of cloud computing services.

Seeing the lengthy list of changes/cutbacks to CISA catalogued in this one piece makes it clear there is little left of it. The agency is less than a decade old and struggled for years to find its footing before it started to make progress. But all advances it made have been gutted in last 12 months

In an unexpected twist of events, Meta says they're taking legal action "to combat scams" and filed "lawsuits against deceptive advertisers in Brazil and China that used celeb-bait and a Vietnam-based advertiser who used cloaking and led a subscription fraud scheme." about.fb.com/news/2026/02...

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks.

Just leaving these two stories next to each other.: 'AIs can’t stop recommending nuclear strikes in war game simulations' & 'Pentagon threatens to make Anthropic a pariah if it refuses to drop AI guardrails' www.newscientist.com/article/2516... edition.cnn.com/2026/02/24/t...

Weird cyber story from Russia: a Moscow resident Ruslan Satuchin faces criminal charges for allegedly contacting Conti under the pretense of the FSB & extorting money for protection. Now he's investigated for fraud No word of legal action against Conti www.rbc.ru/society/25/0...

It's been a year since North Korean hackers stole $1.5 billion from Bybit, and they completely got away with it, ha ha ha. Bybit exploit 12 months on: the DPRK threat continues www.elliptic.co/blog/bybit-e...

Google disrupts Chinese-linked hackers that attacked 53 groups globally - www.reuters.com/sustainabili...

Some breaking news out of Russia: Officials have started an investigation into Telegram founder Pavel Durov for promoting terrorism www.kommersant.ru/doc/8460981?...

PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year.

As part of its internet crackdown, it appears that Russia's internet watchdog accidentally blocked the official website of the Linux kernel. The block has been lifted after Russian IT engineers reminded Roskomnadzor that the country's native OS also runs on Linux kod.ru/linux-rus-fail

The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked.

French prosecutors have raided X's offices in Paris on Tuesday as part of a criminal investigation into the platform's Grok AI tool, widely used to generate sexually explicit images.

The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported.

Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.

The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations.

Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable

SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.

Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems.

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks.

Something of note I found in researching this: ICE's Homeland Security Investigations unit has tried and failed to break into BitLocker devices. It simply doesn't have the capability, per an HSI forensic specialist's letter to a court in 2025. But we now know it can ask Microsoft for help.

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands.

CISA’s secure-software buying tool had a simple XSS vulnerability of its own cyberscoop.com/cisa-secure-...

A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could rev ...

The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network. www.bleepingcomputer.com/news/securit...

Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.

Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend.

Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations.

The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign.

​Cisco warned of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances.

The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology.

The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers.

The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach.

An unpatched zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.

"New record-breaking Arc Raiders DDoS attack reaches 100,000 free backpack requests / second."

An article that perhaps got lost in the shuffle - on record interviews with senior Dutch intelligence officials where they lament the firing of fmr NSA director Tim Haugh and reveal they are being more careful sharing intel with US partners volkskrant.nl/binnenland/n...

Russian telecom watchdog Roskomnadzor has blocked access to Apple's FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they're being used to coordinate terrorist attacks.

Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US.

Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability (CVE-2025-9491) that multiple state-backed and cybercrime hacking groups have exploited in zero-day attacks. www.bleepingcomputer.com/news/microso...

Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder stolen funds. www.bleepingcomputer.com/news/securit...

Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States.