EY Notifies Clients After Breach of IT Support Platform Exposes Tax Documents
Ernst & Young is notifying clients that attackers accessed a third-party IT support ticketing platform for roughly two weeks this spring, downloading documents containing sensitive tax and investment...
Coca-Cola’s Fairlife Brand Halts US Production After Ransomware Hits Manufacturing Systems
Coca-Cola disclosed in an SEC filing that its Fairlife dairy subsidiary suffered a ransomware attack that forced a temporary halt of US production, while Canadian operations continued unaffected....
Unpatched LegacyHive Bug Lets Standard Windows Users Hijack Admin Accounts
A newly disclosed Windows zero-day called LegacyHive abuses the User Profile Service to let a low-privileged user tamper with an administrator's registry hive, opening a path to persistence...
CISA Confirms Active Exploitation of Critical SharePoint Deserialization Flaw
CISA has added CVE-2026-58644, a critical unauthenticated remote code execution flaw in Microsoft SharePoint, to its Known Exploited Vulnerabilities catalog after confirming real-world attacks. Federal agencies must remediate...
SonicWall SMA1000 Zero-Days Under Active Attack: Perfect-10 Flaw Chained for Root Access
Attackers were exploiting a maximum-severity SonicWall SMA1000 flaw before the vendor's advisory even landed, chaining it with a privilege-escalation bug to seize root and pivot into corporate Active...
Critical 7-Zip Flaw Lets Booby-Trapped Archives Hijack Your System
A newly patched 7-Zip vulnerability lets attackers achieve remote code execution simply by getting a victim to open a maliciously crafted compressed file. With 7-Zip installed on millions...
CISA Sounds Alarm as Attackers Exploit Critical FortiSandbox Command Injection Flaws
CISA has confirmed active exploitation of two OS command injection vulnerabilities in Fortinet's FortiSandbox product line, adding both to its Known Exploited Vulnerabilities catalog and giving federal agencies...
Scattered Spider Duo Sentenced Over £29 Million Transport for London Cyberattack
Two young members of the Scattered Spider hacking collective have been jailed for over five years each after a 2024 breach knocked out 148 Transport for London systems...