Security news.
Today's cybersecurity landscape highlights ongoing threats from nation-state actors and sophisticated cybercriminals, alongside critical vulnerabilities being actively exploited. Law enforcement is also stepping up efforts against large-scale crypto fraud and surveillance tools.
Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Citizen Lab reports that Hungarian intelligence, El Salvador police, and several U.S. law enforcement agencies used Webloc, an advertising-based global geolocation surveillance system developed by Israeli company Cobwebs Technologies, to track 500 million devices.
Over 20,000 Crypto Fraud Victims Identified in International Crackdown
An international law enforcement operation, led by the U.K.'s National Crime Agency (NCA), has identified over 20,000 victims of cryptocurrency fraud across Canada, the U.K., and the U.S.
Hims Breach Exposes Sensitive PHI
Telehealth brand Hims suffered a breach exposing highly sensitive Protected Health Information (PHI), including details about users' medical conditions.
Nearly 4,000 US Industrial Devices Exposed to Iranian Cyberattacks
Thousands of Internet-exposed Rockwell Automation programmable logic controllers (PLCs) are part of the attack surface targeted by Iranian-linked hackers against U.S. critical infrastructure.
Critical Marimo Flaw Exploited Hours After Public Disclosure
A critical remote code execution vulnerability (CVE-2026-39987) in Marimo, an open-source Python notebook, was exploited in the wild within nine hours of its public disclosure.
CPUID Hacked to Deliver Malware via CPU-Z, HWMonitor Downloads
Hackers compromised an API for the CPUID project, altering download links on the official website to distribute malicious executables for popular tools like CPU-Z and HWMonitor.
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
Juniper Networks released patches for numerous Junos OS vulnerabilities, including a critical flaw that could allow unauthenticated remote attackers to take over a vulnerable device.
Microsoft: Canadian Employees Targeted in Payroll Pirate Attacks
A financially motivated threat actor, Storm-2755, is hijacking Canadian employees' accounts in "payroll pirate" attacks to steal salary payments.