Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement (PSA) to warn the public about an emerging Phishing1-as-a-Service2 (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors Read More …

NYC Health + Hospitals says hackers stole medical data affecting at least 1.8m people

New York public health provider NYC Health + Hospitals says a months-long data breach that allowed hackers to steal personal data, medical records, and fingerprints scans affects at least 1.8 million people. NYCHHC is the largest public health system in the United Read More …

Hackers have breached tank readers at US gas stations

US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity. The hackers responsible have exploited automatic tank Read More …

ShinyHunters: Cyber Criminal Group Attacks Learning Management System

The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions Read More …

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the Read More …

Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia

Electronics manufacturing giant Foxconn, which makes devices and components for Apple, Google, Nvidia, and Sony, among other tech giants, confirmed on Monday that it was hit by a cyberattack that may have affected some of its factories. In a statement Read More …

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams Read More …

Stolen Canvas data was “returned” after hacker agreement, Instructure says

The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands Read More …

Cache-poisoning caper turns TanStack npm packages toxic

An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, Read More …