Oncology Institute Discloses Data Breach
The Oncology Institute says a previously disclosed cybersecurity incident has been confirmed to impact patient information. The Oncology Institute (TOI) is an oncology provider founded…
Category: SecurityWeek
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging…
DocketWise Data Breach Impacts 143,000
Immigration and legal case management platform DocketWise is notifying over 143,000 people that their personal, financial, and medical information was compromised in a data breach.…
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a…
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Grafana this week revealed that the unauthorized access to the Grafana Labs GitHub repositories disclosed earlier this month was the result of the TanStack supply…
TrendAI Patches Apex One Zero-Day Exploited in the Wild
TrendAI, Trend Micro’s enterprise business, has informed customers that it has patched another Apex One vulnerability that has been exploited in the wild. The zero-day,…
Canadian Man Arrested for Operating Kimwolf Botnet
The US Justice Department announced on Thursday that a Canadian man has been arrested for operating the recently disrupted Kimwolf DDoS botnet. The suspect, 23-year-old…
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Drupal is warning users that it’s already seeing attempts to exploit CVE-2026-9082, the highly critical vulnerability patched this week. The vulnerability affects an API designed…
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader…
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
Authorities in North America and Europe have participated in a law enforcement operation to disrupt First VPN, a popular cybercrime service used for ransomware and…
Socket Raises $60 Million at $1 Billion Valuation
Supply chain protection provider Socket has announced raising $60 million in a Series C funding round that brings the total raised by the company to…
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
Apple rejected over 2 million applications from entering the App Store in 2025 and blocked over 1.1 million fraudulent accounts from being created. These actions,…