Today's security landscape is dominated by active exploitation threats, major breaches affecting education and government, and critical supply chain compromises. A massive phishing-as-a-service operation has been dismantled, while multiple zero-day and critical vulnerabilities are under active attack across enterprise software and open-source ecosystems.

Infinite Campus breach exposes 137,000 school staff accounts via Salesforce attack — ShinyHunters stole personal data from school staff through a Salesforce vulnerability targeting the widely-used K-12 student information system in March. Read more →
French government messaging platform Tchap breached, 73,000 accounts affected — A threat actor known as "Misere" claims to have stolen messages and user data from the sovereign French government platform. Read more →
Novo Nordisk (Ozempic maker) confirms IT systems breach with personal data theft — The pharmaceutical giant disclosed that attackers gained access to personal data stored on compromised systems. Read more →
Palo Alto PAN-OS GlobalProtect VPN flaw (CVE-2026-0257) under active exploitation — Authentication bypass vulnerability (CVSS 7.8) in PAN-OS portal and gateway components is being actively exploited by unknown threat actors. Read more →
WordPress plugins PushEngage, OptinMonster, TrustPulse backdoored via JavaScript tampering — Attackers compromised trusted JavaScript files to create admin accounts and install hidden plugins on affected sites when administrators logged in. Read more →
152 malicious Chrome wallpaper extensions with 105K installs distribute adware and fake traffic — A network spanning 38 publisher accounts distributed potentially unwanted programs across multiple brand backends. Read more →
FBI and Google dismantle "Outsider Enterprise" phishing service with 9,000+ sites, $1.9B in losses — The platform stole nearly 4 million credit cards before being taken down in coordinated law enforcement action. Read more →
ShinyHunters claims breach of Council of Europe, threatens to leak 297GB of data — The extortion group claims to have stolen employee personal information from the international organization. Read more →