In a final resolution to a six-year legal battle, the Federal Court of Canada has approved an $8.76 million class-action settlement between the federal government and tens of thousands of Canadians whose sensitive information was compromised during a series of 2020 cyberattacks. The agreement, greenlit by Federal Court Justice Richard Southcott on May 5, 2026, addresses a massive security failure that saw hackers infiltrate approximately 47,000 government accounts, including

A stealthy and persistent phishing campaign, dubbed VENOMOUS#HELPER, has successfully compromised over 80 organizations by weaponizing legitimate Remote Monitoring and Management (RMM) software to bypass traditional security defenses. According to a recent report from Securonix, the activity has been active since April 2025 but has intensified in early 2026, primarily targeting entities in the United States, Western Europe, and Latin America. The attackers are not using tradi

Cybersecurity experts are sounding the alarm over a critical authentication-bypass vulnerability in cPanel & WHM, the world’s most popular web hosting control panel, which has left an estimated 1.5 million servers exposed to complete administrative takeover. The flaw, tracked as CVE-2026-41940 with a near-perfect critical severity score of 9.8/10, allows unauthenticated remote attackers to bypass login security and gain full "root" access to servers. This level of access gran

A 15-year-old boy has been taken into judicial custody in France, suspected of orchestrating a massive cyberattack against the Agence Nationale des Titres Sécurisés (ANTS) - the government body responsible for processing national IDs, passports, and driver’s licenses. The minor, who allegedly operated under the online alias "breach3d," is accused of compromising the personal data of approximately 11.7 million citizens. The Paris public prosecutor’s office confirmed that the

A malicious version of the Bitwarden command-line interface (CLI) was briefly distributed via the npm registry following a breach of the developer's build pipeline, marking a significant escalation in a month-long supply chain campaign. On April 22, 2026, attackers compromised a GitHub Action used in Bitwarden’s CI/CD pipeline to publish a trojanized version of the CLI, labeled version 2026.4.0, to the official npm registry. The malicious package was live for approximately 93