Software

AI music generator Suno has been hacked, detailing the data scraping of millions of songs from YouTube, Deezer, and Genius

According to 404 Media, a hacker has breached the company database of Suno, an online AI music generation tool. The hack is said to reveal multiple references to the training data it scraped from YouTube Music, Deezer, Genius, and others. Suno has previously admitted that its tool was trained on “essentially all music files of […]

AI music generator Suno has been hacked, detailing the data scraping of millions of songs from YouTube, Deezer, and Genius Read More »

New Windows LegacyHive zero-day gives hackers admin privileges

A security researcher using the “Nightmare Eclipse” handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems. Nightmare Eclipse published a proof-of-concept (PoC) exploit hours after Microsoft released its July 2026 Patch Tuesday updates, saying that it abuses a security vulnerability in the Windows User Profile

New Windows LegacyHive zero-day gives hackers admin privileges Read More »

US charges two over laundering $43 million from investment fraud

U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams. 27-year-old Zhuoying Chen and 38-year-old Haojie Zhang allegedly managed a network of over a dozen people based in Queens and Brooklyn between 2020 and 2022. Chen and

US charges two over laundering $43 million from investment fraud Read More »

CISA urges immediate action on actively exploited Fortinet flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. These two critical-severity security flaws (tracked as CVE-2026-39808 and CVE-2026-25089) were addressed by Fortinet on April 14 and June 9, respectively. As the company detailed in security advisories

CISA urges immediate action on actively exploited Fortinet flaws Read More »

New ClickLock macOS malware traps users into revealing login password

For most of the last two decades, enterprise security ran on a workable assumption: the environment was knowable. Security teams could buy tools, inventory users, map systems, define policies, and rely on vendor-built dashboards and workflows to manage most of what happened next. The model was imperfect, but it worked because the environment changed at

New ClickLock macOS malware traps users into revealing login password Read More »

Scattered Spider members behind TfL hack get five years in prison

Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. TfL disclosed that its network was breached in August 2024, with the attack disrupting internal systems and online services, including TfL’s Dial-a-Ride service, concessionary travel cards, digital

Scattered Spider members behind TfL hack get five years in prison Read More »

CISA orders feds to patch actively exploited Oracle flaw by Saturday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems by Saturday against ongoing attacks exploiting a critical vulnerability in the Oracle E-Business Suite (EBS) financial application. Discovered in the File Transmission component of EBS’s Oracle Payments product and tracked as CVE-2026-46817, this security flaw allows unauthenticated threat actors

CISA orders feds to patch actively exploited Oracle flaw by Saturday Read More »

Russian hackers trojanize WebEx, Zoom apps to push Starland malware

A financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and cryptocurrency by deploying a new backdoor called Starland RAT. Attacks have been occurring since at least June 2025 and have focused on users in the U.S., although victims in Germany, Romania, and Venezuela have been observed as well.

Russian hackers trojanize WebEx, Zoom apps to push Starland malware Read More »

New Spirals ransomware encrypts victim network in under 24 hours

A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. The attack occurred in June and breached an IT services firm in South Asia after compromising an Internet Information Services (IIS) server exposed on the public web. Researchers at Symantec’s Threat Hunter

New Spirals ransomware encrypts victim network in under 24 hours Read More »

Dutch police bust investment fraud ring stealing over €100 million

AI is changing how vulnerability research gets done, but most of the conversation is still theoretical: what a model might eventually be capable of, rather than what it can actually find today. We wanted to answer a more practical question: using the models already available to us right now, how far can AI take us

Dutch police bust investment fraud ring stealing over €100 million Read More »