A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

Scammers are now using fake voicemail notifications to trick users into revealing their credentials. These phishing emails often appear legitimate, leading victims to fake login pages or triggering malware downloads.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

Hackers gained unauthorized access to the personal data of hundreds of racing drivers, including F1 champion Max Verstappen, due to a security flaw in the FIA's driver categorization portal. The FIA has since taken immediate steps to secure the data and reported the incident to data protection authorities.

Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

During the second day of the Pwn2Own Ireland 2025 hacking competition, researchers exploited 56 unique zero-day vulnerabilities, earning $792,750 in cash. Notable exploits included a chain of five security flaws in the Samsung Galaxy S25 and multiple vulnerabilities in various NAS devices and printers.

CISA has flagged a critical vulnerability in the Windows SMB client that is actively being exploited, allowing attackers to gain elevated privileges on affected systems. Organizations are urged to patch immediately to prevent potential compromises.

A new strain of Rust-based malware, dubbed ChaosBot, exploits the Discord platform for its Command and Control operations, embedding malicious activity behind legitimate traffic. Its advanced evasion capabilities pose significant challenges for defenders.

Cybercriminals are exploiting Microsoft 365's Direct Send feature to bypass security filters and conduct phishing campaigns. This legitimate feature, designed for enterprise convenience, has become a vector for business email compromise attacks, prompting security researchers to raise alarms.

The Astaroth banking trojan has resurfaced, utilizing GitHub as a platform for malware configuration updates. This sophisticated malware employs targeted phishing tactics to steal banking and cryptocurrency credentials while evading detection through advanced techniques.

The Clop Ransomware group has announced a breach of Harvard University, adding it to their Tor data leak site. They claim to have stolen sensitive data and will leak it soon, raising concerns about the potential impact on the prestigious institution.