Kirsten Doyle

Companies House, the UK’s official registrar of companies, has disclosed a security flaw in its WebFiling service that exposed sensitive data tied to more than five million registered businesses. The issue traces back to a system update rolled out in October 2025 and went unnoticed for five months before it was flagged. The vulnerability meant logged-in users could access other companies’ records simply by manipulating browser navigation. That potentially put home addresses, email addresses, and dates of birth of company officers in view, and in some cases, may even have opened the door to unauthorized changes to filings. In response, the organisation pulled the affected service offline to…

Since the outbreak of the Middle East conflict on 28 February 2026, Akamai has seen a surge of 245% in cyberattacks against key businesses and institutions in North America, Europe, and some Asian Pacific countries. One group in particular, Handala (widely believed to have ties to Iranian intelligence) has claimed responsibility for a destructive data-wiping attack on Stryker, the global medical technology firm based in Michigan. At the same time, geopolitically motivated hacktivists are increasingly routing activity through proxy infrastructure in countries such as Russia and China, generating billions of connection attempts specifically engineered for abuse. The bulk of this malicious traffic is hitting a…

The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module. The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all these systems and its use in all these platforms make the threat landscape much wider. This vulnerability, disclosed in the “CrackArmor” advisory, is a confused deputy vulnerability. It allows unprivileged users to manipulate security profiles via pseudo-files and to execute arbitrary kernel code. These weaknesses, in turn, lead to local privilege escalation to the root account through intricate interactions with tools like…

TELUS Digital has fallen victim to a security incident in which unsanctioned actors accessed its systems. Upon learning of this incident, the company said it took immediate action to resolve it and prevent any future breaches of its systems and environment. “All business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services. As part of our response, we have engaged leading cyber forensics experts to support our investigation, and we are working with law enforcement.” The notorious cybercrime group ShinyHunters has taken responsibility for the attack and has also claimed that the group…

Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information. In a letter sent to affected staff members, the company said: “On or about February 6, 2026, Starbucks Corporation (“Starbucks” or “we”) became aware of potential unauthorized access to certain Starbucks Partner Central accounts.” Starbucks is the world’s largest coffee shop chain with 380,000 employees and nearly 41,000 shops in 88 countries. In a data breach notification filed with the Attorney General in Maine, Starbucks said 889 employees were affected. “Upon becoming aware, Starbucks commenced an investigation and began taking measures…

Security researchers have demonstrated how a growing class of AI safety controls (known as AI judges) can be manipulated into approving content they are supposed to block.  In new research published by cybersecurity firm Palo Alto Networks’ threat intelligence team Unit 42, analysts describe how automated “fuzzing” techniques can uncover hidden weaknesses in the large language models that many organizations now rely on as automated gatekeepers. These models are increasingly used to evaluate whether AI-generated responses are safe, policy-compliant, or suitable for users. But the research suggests that these digital referees can themselves be fooled, sometimes by nothing more than harmless-looking formatting characters. Testing the AI Gatekeepers …

Stryker, a global medical technology company based in Michigan, has fallen victim to a data-wiping attack. A hacktivist group affiliated with Iran’s intelligence services is claiming responsibility for the incident. Reports coming from Ireland, Stryker’s largest base outside of the US, indicated that the company had sent home over 5,000 workers. Also, a voicemail message left on Stryker’s main US headquarters indicated that the company is currently dealing with a building emergency. The company remains offline. Stryker is a medical and surgical products company with global sales of $25 billion last year. In a statement posted on Telegram, an Iranian hacktivist collective known as Handala, also referred to…

Salesforce has warned customers that it has identified a campaign in which threat actors are exploiting customers’ overly permissive guest user settings to potentially access more data than targeted businesses intended. “Evidence indicates the threat actor is leveraging a modified version of the open-source tool Aura Inspector (originally developed by Mandiant) to perform mass scanning of public-facing Experience Cloud sites,” the statement read. Although the original Aura Inspector is limited to pinpointing vulnerable objects by probing API endpoints that these sites expose, the attacker has developed a custom version of the tool that can go beyond identification to exfiltrate data. All Eyes on ShinyHunters In screenshots from its leak site published on X, the notorious extortion gang ShinyHunters says it breached “several hundreds”…

A privacy controversy surrounding Meta Platforms’ Ray-Ban smart glasses has taken a new turn after security researchers uncovered dozens of exposed credentials linked to the company’s data-annotation contractor.  Last week, Swedish outlets Svenska Dagbladet and Göteborgs-Posten reported that footage captured by Meta’s smart glasses (developed with Ray-Ban) was being reviewed by human annotators working for outsourcing firm Sama. According to those interviewed for the report, some of the clips included highly sensitive scenes filmed in bathrooms, bedrooms, and other private settings. The revelations prompted the UK’s data protection watchdog, the Information Commissioner’s Office, to open an investigation. Now, new research by Suzu Labs suggests the company responsible for…

Fake tech support scams are not new. Historically, the goal was simple: convince someone to hand over a few hundred dollars in gift cards or give attackers remote access to a computer. However, new research from Huntress highlights how familiar social-engineering tricks are evolving into something far more insidious. Instead of small-scale fraud, malefactors are using fake support calls to deploy sophisticated command-and-control malware inside business networks.   In a campaign observed in February 2026, bad actors first flooded organizations with spam emails. Then they followed up with phone calls posing as IT support staff, offering to “fix” the problem. Victims were persuaded to approve remote-access sessions…