T-Mobile Sets the Record Straight on Latest Data Breach Filing
T-Mobile USA has provided clarification on a recent data breach notification, stating that it was triggered by an insider incident with a very limited impact.…
Category: SecurityWeek
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
A threat actor has been exploiting vulnerable Next.js applications to compromise systems and exfiltrate credentials at scale, Cisco’s Talos security researchers warn. Tracked as UAT-10608,…
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
The European Commission (EC) has confirmed that hackers stole over 300GB of data from its AWS environment using an API key compromised in the Trivy…
Mobile Attack Surface Expands as Enterprises Lose Control
The mobile device attack surface is wide, fragmented, and not adequately controlled. There are two sides to any coin. Security is the same. To defend…
Critical ShareFile Flaws Lead to Unauthenticated RCE
Two critical-severity vulnerabilities in the ShareFile content collaboration and file-sharing platform could be chained together for unauthenticated remote code execution (RCE), attack surface management firm…
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader…
TrueConf Zero-Day Exploited in Asian Government Attacks
Chinese hackers have exploited a zero-day vulnerability in the TrueConf video conferencing software in attacks against government entities in Asia, Check Point reports. The exploited…
250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
Nacogdoches Memorial Hospital (NMH) is notifying 250,000 people that their personal and health information was compromised in a data breach. The incident, the hospital says,…
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
Thirty-eight cybersecurity-related merger and acquisition (M&A) deals were announced in March 2026. For a detailed view of the more than 420 acquisitions announced in 2025,…
Apple Rolls Out DarkSword Exploit Protection to More Devices
Apple is rolling out iOS and iPadOS updates for older devices to protect them against the recently disclosed DarkSword exploit kit. A few weeks after…
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Anthropic’s Claude Code is in the news again – and not for the best reasons. Within days of each other, Anthropic first leaked the source…
Cisco Patches Critical and High-Severity Vulnerabilities
Cisco on Wednesday announced fixes for two critical and six high-severity vulnerabilities that could be exploited for authentication bypass, remote code execution, privilege escalation, and…