International

Security researcher Jeremiah Fowler discovered a database containing sensitive information from gym customers and staff, including names, financial details, and possible phone call, left unencrypted and unprotected. Jeremiah Fowler claims he discovered the wide-open AWS repository managed by HelloGym in late July. The database was open for a week, and …

Investigations into the Nx “s1ngularity” NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases. Wiz …

ISC2 has launched a Threat Handling Foundations Certificate to assist cybersecurity experts in enhancing Digital Forensics and Incident Response (DFIR) amid rising disruptive attacks that may cause breaches. DFIR is a complex field of incident response. This four-course program offers practical experience in building a DFIR program, digital forensics basics, …

Attackers attempted to steal $130 million from Brazil’s real-time payment system on Friday by wielding valid credentials for an IT service provider. Unauthorized funds were transferred through a breach of the IT system of Sinqia, a Brazilian subsidiary of Evertec. Some of the funds have been recovered. Sinqia, based in …

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in …

Domains aimed at capitalizing on the FIFA Club World Cup 2025 in the U.S. have been discovered, signaling preparations for the upcoming 2026 World Cup. PreCrime Labs from BforeAI, a cybersecurity firm focused on proactive threat prevention, reports that many domains for the FIFA World Cup 2026 have already been registered …

Sharing personal secrets with an AI chatbot can be risky. In early August, many were stunned to find that thousands of ChatGPT conversations were publicly accessible through search engines like Google. While OpenAI reacted promptly and removed the dangerous sharing functionality, the incident reveals the unsettling truth that people trust …

It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts …

Malaysia is boosting its digital transformation by launching its first fully AI-powered banking service. This initiative, which comes just before Merdeka, shows the country’s commitment to using advanced local technology to serve its citizens and enhance its global digital standing. YTL Group and SEA Ltd have launched Ryt Bank, the …

SIEM systems are essential for detecting suspicious activity in enterprise networks, enabling real-time responses to potential attacks. However, the Picus Blue Report 2025 indicates that organizations only detect 1 in 7 simulated attacks from over 160 million simulations, highlighting a serious gap in threat detection and response. Many organizations think …