Ransomware continues to exact a devastating toll on Japanese enterprises, with a landmark survey exposing the futility of ransom payments: over 200 firms shelled out to cybercriminals, yet nearly 60% watched helplessly as their data remained locked despite compliance. Conducted in January by the Japan Institute for Promotion of Digital Economy and Community (JIPDEC), the study polled 1,107 companies and uncovered 507 ransomware victims—46%...

A brazen cyberattack has targeted Seiko USA, the American arm of Japanese watchmaker Seiko, after intruders defaced a key section of its website and issued a chilling ransom demand. Hackers replaced content in the "Press Lounge" area with a prominent "HACKED" banner, claiming they had penetrated the company's Shopify e-commerce backend and exfiltrated its complete customer database. The group set a tight 72-hour deadline...

Global education publisher McGraw Hill has disclosed a significant data breach impacting approximately 13.5 million user accounts after the hacking group ShinyHunters exploited a Salesforce configuration vulnerability. The incident exposed sensitive information including email addresses, names, phone numbers, and physical addresses, which cybersecurity researchers report was leaked across dark web forums in over 100GB of stolen data. The breach originated from a misconfigured Salesforce environment...

Booking.com, one of the world's largest online travel platforms serving millions of users globally, has confirmed a cybersecurity incident allowing unauthorised third parties to access personal and booking information for an undisclosed number of customers, prompting notifications to affected guests and warnings against phishing follow-on attacks. The company detected suspicious activity, contained the breach and updated reservation PINs, but has not disclosed the incident...

European gym chain Basic-Fit, operator of over 1,400 fitness centres across 12 countries with 4.5 million members, disclosed a data breach impacting approximately 200,000 active members primarily in the Netherlands, exposing sensitive personal and financial information through unauthorised system access. The company detected the intrusion via automated monitoring tools and contained it within minutes, confirming no member passwords or identification documents were compromised. Basic-Fit operates...

OpenAI disclosed a supply chain security incident involving the third-party Axios developer library, compromised on March 31 in a suspected North Korea-linked attack, which briefly exposed signing certificates for its macOS applications including ChatGPT Desktop. The company confirmed no evidence of user data access, system compromise or intellectual property theft, with the malicious payload likely failing to exfiltrate the critical certificate. OpenAI detected the breach...

A team of researchers from the University of California, Berkeley has uncovered fundamental flaws in eight leading AI agent evaluation benchmarks, revealing how simple automated exploits can generate perfect scores without any genuine task completion, casting serious doubt on the reliability of current metrics for measuring artificial intelligence capabilities. Their systematic audit identified seven recurring vulnerability patterns that allow even zero-intelligence agents to manipulate...

Cyble Research and Intelligence Labs (CRIL) has unveiled its 2026 Healthcare Threat Landscape Report documenting Asia's rapid emergence as ground zero for sophisticated ransomware operations, with groups like Qilin, INC Ransom and SafePay executing targeted strikes against healthcare providers amid accelerated cloud migrations and demographic shifts toward elderly care. While the United States remains the most attacked nation globally, Asia now faces specialised campaigns...

Microsoft has disclosed a sophisticated device code phishing campaign that has compromised hundreds of organizations daily since March 15, employing AI for personalized lures and automation across the attack chain to infiltrate Microsoft 365 accounts and siphon financial data. The operation deploys 10 to 15 unique campaigns every 24 hours with varied payloads, complicating detection efforts across global industries. Microsoft's Vice President of security research...

A critical security vulnerability in the Uncanny Automator WordPress plugin, used by over 1 million websites worldwide, has left more than 50,000 sites dangerously exposed to complete administrator takeover by any authenticated user with minimal privileges. Tracked as CVE-2025-2075 with a CVSS score of 8.8 (High), the flaw stems from missing authorisation checks and capability validation in the plugin's custom REST API endpoints, allowing...