Kirsten Doyle

United Natural Foods, Whole Foods’ primary distributor, has been hit with a cyberattack that may leave some grocery store shelves empty. In a statement, the company said: “We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate. As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts and we have notified law enforcement.” With systems offline, and no clear timeline for them to be back up and running, stock on Whole Foods’ shelves may soon start to run out. The computer system was used…

The disclosure was not supposed to happen like this. Originally slated for release after a responsible disclosure period, the details of a critical vulnerability in Roundcube (CVE-2025-49113) are being published early. Not out of haste, but out of necessity. Within 48 hours of a patch landing quietly on GitHub, attackers had already reverse-engineered the fix, weaponized the exploit, and begun selling it on underground forums. In this case, silence would serve the wrong side. To level the field for defenders, a full technical breakdown has been made public by Fears Off researchers. It’s not ideal. But with active exploitation underway…

Trump Signs Executive Order Overhauling Federal Cybersecurity Policy, Refocusing on Technical Defense and Threat Mitigation President Donald Trump has signed a new Executive Order aimed at reinforcing the country’s defenses against foreign cyber threats. The order strips away what the administration describes as “political distractions” from previous directives, prioritizing hands-on technical safeguards over bureaucratic mandates. The new order amends and replaces key elements of two Obama- and Biden-era Executive Orders (14144 and 13694) declaring a return to cybersecurity fundamentals: protecting digital infrastructure, defending against state-backed cyber campaigns, and preparing the U.S. for next-generation threats like quantum computing. A Return to…

Getty Images is suing Stability AI for allegedly stealing its photos to train a machine. And it’s not a small spat. This could be the case that rewrites how copyright law handles artificial intelligence. Kicking off yesterday, 9 June 2025, in London’s High Court, Getty’s lawsuit accuses Stability AI of grabbing over 12 million copyrighted images without permission. The images were allegedly used to train Stable Diffusion, the text-to-image generator that’s sparked a thousand headlines and almost as many lawsuits. It’s not Getty’s first rodeo. The company is already pursuing a similar case against Stability AI in the U.S. This…

A new investigation into several high-profile Chrome extensions has revealed that many transmit sensitive user data over unencrypted HTTP, leaving users wide open to profiling, interception, and even manipulation by malicious actors lurking on the same network. The names involved are familiar. SEMRush Rank. PI Rank. MSN New Tab. DualSafe Password Manager. Even Browsec VPN. Together, these extensions have tens of millions of users. They’re pitched as tools to improve your browser, protect your privacy, or simplify your workflow. But under the hood, they tell a different story. Researchers discovered that these extensions transmit data like browsing domains, machine IDs,…

Your company’s stance on AI bots could make (or cost) you revenue, rankings, and visibility. The rise of AI web scraping has thrown businesses into uncharted waters. On one side, scraping fuels AI-powered discovery tools and generative search. On the other, it raises alarms about content ownership, intellectual property, and competitive advantage. According to a new study by Liquid Web, 43% of businesses believe AI scraping benefits their competitors more than themselves, while one in five have actually seen a revenue boost. The data paints a divided picture, one part opportunity, one part risk, and makes one thing clear: if…

APIs are essential. They stitch together cloud services, power mobile apps, automate DevOps pipelines, and deliver personalized customer experiences at scale. However, for all their utility, APIs are also prime real estate for malicious actors. With such interconnected ecosystems today, APIs have become both the nervous system of digital infrastructure and a wide-open backdoor. As the 2025 Thales Data Threat Report highlights, the convergence of API sprawl, weak secrets hygiene, and AI-driven automation is creating the perfect storm for data breaches. The findings are sobering: 34% of enterprises now run more than 500 APIs, and secrets management tops the list…

Another day, another leak. Bad actors have posted what they allege to be a massive trove of AT&T customer data, 86 million records in total. But questions loom: Is this connected to last year’s Snowflake breach? Or is it something even bigger?  The hackread.com research team first spotted the leak on 15 May 2025. It surfaced on a well-known Russian cybercrime forum, only to be reposted on 3 June. That’s when it began circulating widely across dark web channels. The threat actor behind the dump claims it’s the same data stolen in April 2024, when the ShinyHunters group exploited Snowflake’s…

Microsoft had debuted a major new initiative to help fortify Europe’s digital defenses against increasingly sophisticated cyberattacks from state-backed and criminal actors. The new European Security Program expands of Microsoft’s cybersecurity engagement across the continent, offering governments access to cutting-edge tools, AI-driven intelligence, and strategic partnerships at no cost. “We are making this program available to European governments, free of charge, including all 27 European Union (EU) member states, as well as EU accession countries, members of the European Free Trade Association (EFTA), the UK, Monaco, and the Vatican,” the company added. The programme builds on the company’s longstanding Government…

A new investigation has uncovered a covert tracking mechanism used by Meta and Yandex that potentially affects billions of Android users. At the heart of the issue lies a silent communication channel between mobile browsers and native apps on the same device, enabled via localhost sockets. The technique effectively links anonymous web browsing to real-world user identities. This discovery was made by researchers with IMDEA Networks Institute, Radboud University, and The Computer Security and Industrial Cryptography research group (COSIC) at the Department of Electrical Engineering of KU Leuven. Tracking via Localhost: A Hidden Bridge The discovery reveals that Android apps…