149 million logins and passwords exposed for Gmail, Facebook, Instagram and more — everything you need to know

Millions of logins and passwords have been leaked online after a hacker's database of stolen credentials was left unsecured ...

Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming

Omdia research shows 95% of organizations faced browser-based attacks last year. CrowdStrike's CTO and Clearwater Analytics' ...

Millions of people imperiled through sign-in links sent by SMS

Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of ...
SecurityWeek

Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore

Cybersecurity experts share insights on securing Application Programming Interfaces (APIs), essential to a connected tech world.

Endace Rewrites the Rules of Packet Capture

Major software release eliminates traditional barriers to packet capture, storage and analysis with 50x search performance boost -- Seamless automation capability introduces a new era of on-demand ...
The Hacker News

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies, block admin controls, and hijack sessions for ...
The Hacker News

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...

Wikipedia signs major AI firms to new priority data access deals

On Thursday, the Wikimedia Foundation announced API access deals with Microsoft, Meta, Amazon, Perplexity, and Mistral AI, ...

How to automate just-in-time access to applications with Tines

Managing just-in-time access at scale is a growing IAM challenge as speed and auditability collide daily. Tines shows how ...
Bleeping Computer

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. The activity started on December 2nd ...
theregister

Xero to start charging developers API usage fees, replacing revenue share deals

Exclusive SaaS-y accounting outfit Xero has advised developers who integrate their products with its services that they’ll soon have to pay for the privilege in a new way. Xero started its life in New ...