Between late December 2025 and mid-January 2026, hackers stole personal and health plan information from Navia’s environment.
The post Navia Data Breach Impacts 2.7 Million appeared first on SecurityWeek.
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety.
The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
Thousands of Magento Sites Hit in Ongoing Defacement Campaign
The attacks started on February 27 and have targeted e-commerce platforms, global brands, and government services.
The post Thousands of Magento Sites Hit in Ongoing Defacement Campaign appeared first on SecurityWeek.
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,
Musician admits to $10M streaming royalty fraud using AI bots
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music. […]
Allure Security Raises $17 Million for Online Brand Protection
The company will invest in expanding its digital brand protection platform and in scaling its go-to-market efforts.
The post Allure Security Raises $17 Million for Online Brand Protection appeared first on SecurityWeek.
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
International joint action disrupts world’s largest DDoS botnets
Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. […]
Microsoft: March Windows updates break Teams, OneDrive sign-ins
Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. […]
Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation
The lesser-known JackSkid and Mossad botnets have also been targeted in the operation.
The post Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation appeared first on SecurityWeek.