FortiBleed campaign used custom FortiGate sniffer to steal credentials

Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to ...
techtimes

Credential Stuffing Risk Spikes: 24 Billion Stolen Passwords Linked to Live Exploit Data

Security researchers at Cybernews discovered on June 12 what they describe as one of the largest credential databases ever left exposed online — a publicly accessible Elasticsearch cluster holding 24 ...

Customers Sue Madison Square Garden Over Hacking of 26 Million Records

Three class-action lawsuits accuse a hacking group of publishing data that included personal and corporate information stolen ...
The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
Rediff.comOpinion

Not a cent during 60-day deal window: Trump to Iran

Wife of deceased Chief Marine Engineer Patnala Suresh, Bhargavi says, Three seafarers lost their lives. Why should the Indian ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Andy Burnham LATEST: New PM could be in by World Cup final but calls grow for General Election after Starmer resignation

ANDY Burnham has been sworn in as an MP with his sight’s set on becoming Prime Minister in a matter of weeks. Burnham dodged ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.