Security news.
Today's security landscape highlights critical patching needs, with Veeam addressing multiple severe vulnerabilities in its Backup & Replication software. We're also seeing a continued rise in data breaches, including incidents affecting Canadian retail giant Loblaw and England Hockey, alongside the concerning emergence of AI-generated malware in ransomware attacks.
Veeam Patches 7 Critical Backup & Replication Flaws
Veeam has released urgent security updates for its Backup & Replication software, addressing seven critical vulnerabilities, including CVE-2026-21666 (CVSS 9.9), which could lead to remote code execution by an authenticated domain user.
Canadian Retail Giant Loblaw Notifies Customers of Data Breach
Loblaw, a major Canadian retail company, has informed customers of a data breach and has proactively logged out all accounts, requiring users to re-authenticate.
England Hockey Investigating Ransomware Data Breach
England Hockey is investigating a potential data breach after the AiLock ransomware gang listed the organization as a victim on its data leak site.
AI-Generated Slopoly Malware Used in Interlock Ransomware Attack
A new malware strain named Slopoly, likely created with generative AI tools, was used in an Interlock ransomware attack to maintain persistence and steal data for over a week.
Rust-Based VENON Malware Targets 33 Brazilian Banks
Cybersecurity researchers have detailed VENON, a new Rust-based banking malware targeting Windows systems in Brazil, which uses credential-stealing overlays against 33 financial institutions.
US Disrupts SocksEscort Proxy Network Powered by Linux Malware
Law enforcement agencies, in collaboration with private partners, have dismantled the SocksEscort cybercrime proxy network, which relied on edge devices compromised by the AVRecon malware for Linux.
Apple Updates Legacy iOS Versions to Patch Coruna Exploits
Apple has released iOS and iPadOS versions 16.7.15 and 15.8.7 to address vulnerabilities related to Coruna exploits in older devices.
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group linked to Iranian intelligence agencies has claimed responsibility for a data-wiping attack against global medical technology company Stryker, leading to significant operational disruption.