The customer information published on the dark web includes names, addresses, phone numbers, and email addresses.
The post Toys ‘R’ Us Canada Customer Information Leaked Online appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks
In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews.
The post Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks appeared first on SecurityWeek.
Pwn2Own WhatsApp Hacker Says Exploit Privately Reported to Meta
Questions have been raised over the technical viability of the purported WhatsApp exploit, but the researcher says he wants to keep his identity private.
The post Pwn2Own WhatsApp Hacker Says Exploit Privately Reported to Meta appeared first on SecurityWeek.
Russian Government Now Actively Managing Cybercrime Groups: Security Firm
The relationship between the Russian government and cybercriminal groups has evolved from passive tolerance.
The post Russian Government Now Actively Managing Cybercrime Groups: Security Firm appeared first on SecurityWeek.
AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk
SquareX has shown how malicious browser extensions can impersonate AI sidebar interfaces.
The post AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk appeared first on SecurityWeek.
Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment
As AI coding tools flood enterprises with functional but flawed software, researchers urge embedding security checks directly into the AI workflow.
The post Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment appeared first on SecurityWeek.
Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk
Patched in September, the SessionReaper bug could be exploited without authentication to bypass a security feature.
The post Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk appeared first on SecurityWeek.
BIND Updates Address High-Severity Cache Poisoning Flaws
The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache.
The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek.
Lanscope Endpoint Manager Zero-Day Exploited in the Wild
The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog.
The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm
Verizon’s 2025 Mobile Security Index shows that 85% of organizations believe mobile device attacks are on the rise.
The post Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm appeared first on SecurityWeek.