Fashion Retailer Express Left Customers’ Personal Data and Order Details Exposed to the Internet
Express, a major U.S. fashion retailer, patched a website flaw that let anyone view other shoppers’ order confirmations. The vulnerability exposed names, contact details, addresses, purchase items and partial credit‑card data for at least a dozen customers, all accessible by tweaking sequential order numbers in the URL. The issue was uncovered by a security researcher after a fraudulent purchase investigation, and Express fixed the bug but declined to confirm whether affected customers would be notified. The incident adds to a string of recent retail data exposures linked to misconfigurations.
Someone Planted Backdoors in Dozens of WordPress Plug-Ins Used in Thousands of Websites
A supply‑chain attack was uncovered after the Essential Plugin portfolio was sold, with a hidden backdoor inserted into dozens of WordPress plugins. The malicious code lay dormant until this month, then began delivering payloads to any site using the affected...
Booking.com Confirms Hackers Accessed Customers’ Data
Booking.com disclosed that unauthorized parties may have accessed customer records, including names, email addresses, phone numbers and reservation details. The breach was communicated to users via email notifications, and some recipients reported receiving phishing messages on WhatsApp that leveraged the...
Hack at Anodot Leaves over a Dozen Breached Companies Facing Extortion
Hackers from the ShinyHunters group breached business‑monitoring platform Anodot, stealing authentication tokens that unlocked customer cloud data. The breach, which began on April 4, exposed at least a dozen client companies—including Rockstar Games—to extortion threats demanding ransom to keep the data...
France to Ditch Windows for Linux to Reduce Reliance on US Tech
France announced a plan to replace Windows on certain government computers with the open‑source Linux operating system, starting with the digital agency DINUM. The move is framed as a step toward digital sovereignty, reducing reliance on U.S. technology firms. No...
Convicted Spyware Chief Hints that Greece’s Government Was Behind Dozens of Phone Hacks
Intellexa founder Tal Dilian, convicted of orchestrating a mass‑wiretapping campaign in Greece, announced his intention to appeal the eight‑year prison sentence. The scandal, dubbed “Greek Watergate,” involved the Predator spyware compromising phones of ministers, opposition leaders, military officials and journalists....
FBI Says Iranian Hackers Are Using Telegram to Steal Data in Malware Attacks
The FBI warned that Iranian Ministry of Intelligence and Security (MOIS) hackers are leveraging Telegram bots as a command‑and‑control channel to exfiltrate data from dissidents, opposition groups, and journalists. Attackers first send phishing links masquerading as Telegram or WhatsApp apps,...
Stryker Says It’s Restoring Systems After Pro-Iran Hackers Wiped Thousands of Employee Devices
Stryker is restoring its computers and internal network after a March 11 cyberattack that allowed pro‑Iranian hackers to remotely wipe tens of thousands of employee devices. The breach exploited a compromised Microsoft Intune administrator account, giving the attackers near‑unlimited control over...
US Cybersecurity Agency CISA Reportedly in Dire Shape Amid Trump Cuts and Layoffs
U.S. Cybersecurity and Infrastructure Security Agency (CISA) is reportedly operating at roughly 38% of its pre‑Trump staffing levels, after losing about one‑third of its workforce during the administration’s first year. The cuts have crippled core programs, including the counter‑ransomware initiative...
FBI Says ATM ‘Jackpotting’ Attacks Are on the Rise, and Netting Hackers Millions in Stolen Cash
ATM jackpotting has shifted from a security demo to a lucrative crime, with hackers now pulling millions from cash dispensers. The FBI reports over 700 attacks in 2025 alone, netting at least $20 million in stolen cash. The primary tool, Ploutus...
Microsoft Says Office Bug Exposed Customers’ Confidential Emails to Copilot AI
Microsoft confirmed a bug in its 365 Copilot Chat that allowed the AI to read and summarize customers' confidential emails for weeks, even when data‑loss‑prevention policies were in place. The issue, tracked as CW1226324, affected both draft and sent messages...
Intellexa’s Predator Spyware Used to Hack iPhone of Journalist in Angola, Research Says
Amnesty International reported that a government client of sanctioned spyware firm Intellexa used its Predator tool to compromise the iPhone of Angolan journalist Teixeira Cândido in 2024. The intrusion was delivered through a malicious WhatsApp link, exploiting an outdated iOS...
Indian Pharmacy Chain Giant Exposed Customer Data and Internal Systems
India’s largest pharmacy chain, DavaIndia, part of Zota Healthcare, suffered a critical security breach that gave unauthenticated attackers full administrative control of its platform. The flaw exposed roughly 17,000 online orders and allowed manipulation of product listings, pricing, and prescription...
Sex Toys Maker Tenga Says Hacker Stole Customer Information
Japanese sex‑toy manufacturer Tenga disclosed a data breach after a hacker accessed a staff member’s professional email account, potentially exposing customer names, email addresses, and order details. The intrusion allowed the attacker to view historical correspondence and send spam to...
Hacker Linked to Epstein Removed From Black Hat Cyber Conference Website
Black Hat quietly removed veteran hacker Vincenzo Iozzo from its review board after DOJ documents linked him to Jeffrey Epstein. Iozzo, founder of SlashID and former CrowdStrike senior director, had served on the board since 2011. He denies any illegal...
